All the recent talk about Apple, 'the guys who care about your privacy', has seen them go from "what happen on your iPhone stays on your iPhone" to "but it's all about the children!"

So let's start with CSAM (child sexual abuse material), of course we need to protect our children, and I am sure Apple is trying to do just that, however, the road to hell is paved with good intentions. And let's get this out of the way, Apple was never your friend. And this is where things getting tricky with CSAM.

By doing this on a country by country basis, the hashed file being uploaded to your phone was not prepared by, nor can it be verified by Apple, but it was given to them!. Now let's assume for now that the file only has CSAM hashes on it at this time, what guarantees that this will be the case in the future?

What if a government gives Apple a file that includes other hashes. Perhaps a picture of Winnie the Pooh in China or a picture of an activist they want to locate?

Let's rewind to the mass demonstrations in Hong Kong 2 years back. Apple pulled an app from the store that tracked the locations of both police and demonstrators. Apple's justification was that the app encouraged illegal activities. This, unsurprisingly, was after a vitriolic piece in the People’s Daily (the mouthpiece newspaper of the Chinese Communist Party) stating that:

“Letting poisonous software have its way is a betrayal of the Chinese people’s feelings”.

It showed that Apple would bend to the Chinese Government, after all profits before people, right? However, consider that people could have used the app to avoid getting in to the clashes on their way to work or a Mother not wanting their children to get teargassed?

Consider also that Apple makes most of its hardware in China, and they can't just pull out of their largest market (with the cheapest child labor!) And it didn't stop with the 'crowd' app  as the New York Times app, VPN apps and other news apps were also removed from the Chinese app store.

The new iCloud + Privacy Relay has just launched, but has already been removed in some countries. It shows Apple follows the dictats pf oppressive Governmental 'requests' and guidelines.

Working condition violations have never been a big concern for Apple as these date back so far it is almost ignored yet numerous pieces have appeared over the years exposing these and data manipulation. Below are a selection of some of these, just to give you a flavor for their 'hidden' corporate culture:

Apple's rotten timeline

2011

Apple Took 3+ Years to Fix FinFisher Trojan Hole
The Wall Street Journal this week ran an excellent series on government surveillance tools in the digital age. One story looked at FinFisher, a remote spying Trojan that was marketed to the governments of Egypt, Germany and other nations to…
IT’S OFFICIAL: Apple Has Brainwashed The Whole Country -- How Else To Explain The Lack Of Outrage Over Apple’s Secret Location Tracking?

2013

How to make cheap iPhones and undercut Foxconn: 12-hour workdays, unpaid overtime and no holidays
A report out this morning alleges that working conditions at three Chinese factories operated by Pegatron, a Taiwanese manufacturer of Apple products, violate both Apple’s…

https://www.washingtonpost.com/news/the-switch/wp/2013/12/18/research-shows-how-macbook-webcams-can-spy-on-their-users-without-warning/

2014

Researchers challenge Apple’s claim of unbreakable iMessage encryption
A close look at Apple’s iMessage system shows the company could easily intercept communications on the service despite its assurances to the contrary, researchers claimed Thursday at a security conference.
Apple ‘failing to protect Chinese factory workers’
Poor treatment of workers in the Chinese factories which make Apple products is discovered by an undercover BBC Panorama investigation.
The Police Tool That Pervs Use to Steal Nude Pics From Apple’s iCloud
As nude celebrity photos spilled onto the web over the weekend, blame for the scandal has rotated from the scumbag hackers who stole the images to a researcher who released a tool used to crack victims’ iCloud passwords to Apple, whose security flaws may have made that cracking exploit possible in t…

Also in 2014 FSecure discovered - Bob and Alice Discover a Mac OPSEC Issue

GitHub - fix-macosx/yosemite-phone-home: Corpus of data automatically shared with Apple by a standard installation of OS X Yosemite.
Corpus of data automatically shared with Apple by a standard installation of OS X Yosemite. - GitHub - fix-macosx/yosemite-phone-home: Corpus of data automatically shared with Apple by a standard i...
Most vulnerable operating systems and applications in 2014
An average of 19 vulnerabilities per day were reported in 2014, according to the data from the National Vulnerability Database (NVD). In this article, I look at some of the trends and key findings for 2014 based on the NVD’s database.
Edward Snowden says secret Apple spyware is the reason he won’t use an iPhone
Is Apple’s wildly popular iPhone series hiding spyware that can collect information about users without their knowledge. As thoroughly as developers have dug through Apple’s iOS code over the past seven and a half years, one would think functionality like that would have been unearthed by now. Accor…
Apple under fire again for working conditions at Chinese factories
BBC investigation finds excessive hours and other problems persist despite promises to clean up act after Foxconn suicides
Apple warned 6 months ago that iCloud was vulnerable to brute-force attacks
A security research reported the bug in iCloud’s security to Apple back in March.
Undocumented iOS Features left Hidden Backdoors Open in 600 Million Apple Devices
The Hacker News is the most popular, independent and trusted source for the latest news headlines on cybersecurity, hacking, computer security, cybercrime, privacy, vulnerabilities and technology for all businesses, information security professionals and hackers worldwide.
Apple Upgrade Tracks Customers Even When Marketing Apps Are Off
Apple’s Bluetooth-based customer tracking system, iBeacon, just got better, if you ask marketers. But privacy researchers aren’t so sure.

2015

Ex-NSA Researcher Finds Sneaky Way Past Apple Mac’s Gatekeeper
An ex-NSA staffer claims to have found a new way to bypass Apple Mac OS X security mechanisms, in particular the Gatekeeper tool. The problem is exacerbated by the fact that many software providers aren’t encrypting their downloads, including all major anti-virus vendors for Apple’s desktop OS.
Apple begins storing users’ personal data on servers in China
Apple Inc <AAPL.O> has begun keeping the personal data of some Chinese users on servers in mainland China, marking the first time the tech giant is storing user data on Chinese soil.
Attacks accessing Mac keychain without permission date back to 2011
Technique lets rogue apps ask for keychain access, then click OK.
Safari bug saves Web page URLs in Private mode | MacIssues

https://www.blackhat.com/presentations/bh-usa-09/CHEN/BHUSA09-Chen-RevAppleFirm-PAPER.pdf

Apple Admits Siri Voice Data is Being shared with Third Parties
The Hacker News is the most popular, independent and trusted source for the latest news headlines on cybersecurity, hacking, computer security, cybercrime, privacy, vulnerabilities and technology for all businesses, information security professionals and hackers worldwide.
The Mac Facilitates Spying Too – Zit Seng’s Blog

2016

Apple is under fire for “excessive overtime” and illegal working conditions in another Chinese factory
When Apple cuts costs, workers pay.
Latest Foxconn Worker Deaths Build Case For Apple To Move Operations From China
Sadly, Chinese factory workers have once again fallen victim to this whole global mass manufacturing cycle. There’s no doubt that the world’s most valuable company can do more.

2017

Life and death in Apple’s forbidden city
In an extract from his new book, Brian Merchant reveals how he gained access to Longhua, the vast complex where iPhones are made and where, in 2010, unhappy workers started killing themselves
Apple might be helping governments spy on users in real time
Two unrelated reports suggest that Apple might have the technical capability of mass spying on its customers in a certain area and feeding the obtained information to intelligence agencies that would be able to take immediate measures. Apple has long maintained that the privacy and security for its …

2018

Suicide at Chinese iPhone factory reignites concern over working conditions
A US-based Chinese workers&rsquo; rights organisation has claimed that a factory worker at a firm that produces Apple&rsquo;s iPhones in China, died after jumping from a building on Saturday.
My phone is spying on me, so I decided to spy on it
Do you know what personal details your phone is sharing about you when you’re not looking? We decided to try to find out for sure. What do you think we’ll find?
Apple, Foxconn Broke a Chinese Labor Law to Build Latest iPhones
Apple Inc. and manufacturing partner Foxconn violated a Chinese labor rule by using too many temporary staff in the world’s largest iPhone factory, the companies confirmed following a report that also alleged harsh working conditions.

2019

Apple bans Hong Kong protest location app
The smartphone app provides information about the location of police and where tear gas was being used.
Apple Pulls Hong Kong Protest App From App Store Following Chinese Criticism [Updated]
Apple News
Apple contractors ‘regularly hear confidential details’ on Siri recordings
Workers hear drug deals, medical details and people having sex, says whistleblower
Opinion: Apple’s relationship with China is turning into a massive liability
Apple’s relationship with China has never been an easy one. Indeed, I wrote a piece a couple of years ago arguing that the company was in a no-win position

The Washington Post in 2019 - It’s the middle of the night. Do you know who your iPhone is talking to?

The Verge reported in 2019 Apple’s hired contractors are listening to your recorded Siri conversations, too

2020

One very bad Apple
Why is Apple’s commitment to privacy going down the drain?

https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_garman.pdf

Also in 2020 TheNextWeb reported The FBI is cracking iPhone 11s without Apple’s help, so why does it need a backdoor?

Interesting discussion about facebook and others apps capabilities inside iOS, take it with a grain of salt.

Exclusive: Apple dropped plan for encrypting backups after FBI complained - sources
Apple Inc <AAPL.O> dropped plans to let iPhone users fully encrypt backups of their devices in the company’s iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters.
Against the Cult of Apple
The backlash against Big Tech has spared the purveyor of beautiful crystal prisons. Apple doesn’t deserve a pass.
Apple fined for slowing down old iPhones
Apple agrees to pay a £21m fine in France for not making it clear that it slowed down old iPhones.

The issue doesn't end if a Government request comes in, but also with false positives.

The Problem with Perceptual Hashes

Of course this then goes to a human review, but do you feel comfortable that your private pictures, perhaps even of your own children, are being reviewed by someone at Apple? And it does lead to the next big question "if our pictures are E2EE and "not even Apple can see them" how is the human reviewing even possible?"

Let's not forget Pegasus…

Pegasus - The flying Trojan horse?!? NSO’s spyware
Introduction The background to the latest government sponsored attack on privatecommunications via NSO Pegasus July 2021 - Amnesty International and The Citizen Lab[https://www.citizenlab.co/] publish a report indicating the widespread usage ofthe NSO Group’s Pegasus software. Pegasus is defi…

All in all this is not a flattering look at your 'privacy partner', Apple! No, Apple is not your friend, Apple is great at marketing, it started in 1984 where Apple claimed this is why 1984 will never be like 1984. The problem is that them now in 2021 is so much further ahead of Orwell's nightmarish Blueprint! Do you really want to trust Apple in its closed garden setup with this new method to 'protect children'?

Don't get me wrong, I want to believe, but a lot of things can be going awry. I am not saying it will, and if it is only "appropriate and approved" CSAM hashes that are scanned by the phone or device and nothing else can ever be added then all well and good, Apple claims there is "almost no way to get a false positive" and that sounds good but in the end we need to trust that Apple will not add anything else, nor that governments will force them to send one more hash...

Apple addressed these concerns in a rushed FAQ file:

https://www.apple.com/child-safety/pdf/Expanded_Protections_for_Children_Frequently_Asked_Questions.pdf

However, all I read out of this is "trust us"! But why would we? They failed people in Hong Kong before where one wrong hash reported to a bad government can cost lives. And it is something I just don't feel comfortable recommending. Thankfully we have options, such as Linux, GrapheneOS or CalyxOS.

Till we meet again in another episode of EXPOSED!