X

Apple: Here's how we try to protect your privacy

An updated privacy page from the iPhone maker details how it tries to safeguard your privacy with each of its offerings, from Apple Pay to iCloud.

Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
Lance Whitney
4 min read

apple-pay-iphone-apple-watch.jpg
Apple wants its customers to know how it strives to protect their personal data. Apple

Apple is trying to ensure its loyal users that it takes their privacy seriously.

In an update to its privacy webpage, the company highlighted several of its products and explained how it uses encryption and other methods to shield your privacy, stating: "We build privacy into everything we make." Trying to address privacy concerns, the page runs down a list of various Apple products and services, including Apple Pay, iMessage, FaceTime, Apple's Health and Fitness app, Safari and iCloud.

Online privacy has become more of a hot-button issue in recent years. Documents leaked by former NSA contractor Edward Snowden reportedly showed widespread snooping of phone records and other data by the National Security Agency. Tech players such as Apple, Microsoft and others were accused of cooperating with the NSA to allow backdoors, or a way of bypassing built-in security, into their products, an accusation the companies vehemently denied. Users have also become increasingly concerned about companies, advertisers and other third-parties accessing their personal data online. As more data goes mobile or gets stored in the cloud, Apple's updated privacy page is a clear and ongoing response to user concerns about their private information.

In its discussion about encryption, Apple even makes a reference to backdoors to counter the accusations that it played ball with the government to allow access to user data.

We've been protecting your data for over a decade with SSL and TLS in Safari, FileVault on Mac, and encryption that's built into iOS. We also refuse to add a backdoor into any of our products because that undermines the protections we've built in. And we can't unlock your device for anyone because you hold the key -- your unique password.

Apple Pay is another service that may trigger concerns among people that their personal data is vulnerable if they use their iPhone to pay for an item on the go at a supported merchant. You set up Apple Pay on your iPhone by entering your credit card information. When you make a transaction, your credit card account is then automatically charged.

But Apple has tried to waylay fears by explaining that your actual credit card numbers are not stored on your iPhone or on its servers.

Instead, a unique Device Account Number is created, encrypted in such a way that Apple can't decrypt, and stored in the Secure Element of your device. The Device Account Number in the Secure Element is walled off from your iOS device and Apple Watch, is never stored on Apple Pay servers, and is never backed up to iCloud.

Apple has set up a dedicated page that offers more details about Apple Pay security and privacy. In its overview of iMessage and Facetime, Apple again addresses concerns that the government can access or request your personal data.

Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and WatchOS, your iMessages are also encrypted on your device in such a way that they can't be accessed without your passcode. Apple has no way to decrypt iMessage and FaceTime data when it's in transit between devices. So unlike other companies' messaging services, Apple doesn't scan your communications, and we wouldn't be able to comply with a wiretap order even if we wanted to.

Apple's Health and Fitness app lets you store all your health and fitness information on your iOS device. But how it that data protected?

"When your phone is locked with a passcode or Touch ID, all of your health and fitness data in the Health app is encrypted," Apple said. "And any Health data backed up to iCloud is encrypted both in transit and on our servers."

When you surf the Web on a Mac or iOS device using Safari, you're open to different intrusions, such as third-party cookies that try to record your actions and malware that can infect your system. In response, Safari blocks third-party cookies by default, automatically stops suspicious sites from loading and "sandboxes," or isolates, malicious code in a single browser tab so it can't expand any further.

Finally, Apple's iCloud encourages you to store and sync your content in the cloud. You can save email, contacts, photos, music and other personal content, but Apple strives to protect your data via encryption.

iCloud content like your photos, contacts, and reminders is encrypted when sent and, in most cases, when stored on our servers. All traffic between any email app you use and our iCloud mail servers is encrypted. And our iCloud servers support encryption in transit with other email providers that support it. If we use third-party vendors to store your information, we encrypt it and never give them the keys. Apple retains the encryption keys in our own data centers, so you can back up, sync, and share your iCloud data.

Apple CEO Tim Cook has taken measures in the past to reassure users that their privacy is important to the company. In September 2014, Cook appeared on the "Charlie Rose Show" and posted an open letter to explain how Apple handles the personal data of its users as well as government requests for that data. And in February, Cook spoke at President Barack Obama's cybersecurity summit in Palo Alto, California, calling for the government and companies to work together to make sure that the privacy of consumers is protected.

Like any company, Apple isn't immune to security problems. A week ago, the company revealed that dozens of apps in its App Store were infected with malware. But Phil Schiller, the company's senior vice president of worldwide marketing, emphasized that the malware is relatively harmless and that there's no evidence of it stealing any information from users that downloaded an infected app.

(Via Cult of Mac)