Joel Thayer, opinion contributor
Fri 30 August 202
China’s espionage campaign has infiltrated our communications networks via their telecom companies, like Huawei and ZTE, and by selling us cheap routers with noted-yet-unfixed vulnerabilities. But there is nothing more pervasive than how China weaponizes our mobile devices via apps.
TikTok is the obvious example. A nearly unanimous Congress heeded the warnings of the Director of National Intelligence and others to require TikTok to cut its financial ties with its parent company (and known-Chinese government corporate affiliate) ByteDance. The Department of Justice has sued the company for blatantly violating federal privacy laws, and states are investigating numerous other privacy violations. Yet Apple continues to promote the app, listing it as “essential” with an “editor’s choice” award.
And TikTok is just the tip of the iceberg. Hundreds of apps on Apple’s App Store openly admit to providing sensitive data to China. Some even use Apple’s ARKit, which enables apps to detect more than 50 unique facial expressions and project 30,000 infrared dots to create a 3D map of a user’s face, while allowing the app to retain the data.
China-based AI company Meitu’s BeautyCam-AI Photo Editor uses the ARKit to extract “facial mapping information.” The app enjoyed 2 million downloads last month. Another China-based app called ProKnockOut-Cut Paste Photos uses Apple’s ARKit and reveals that the “information will be stored in China” in its privacy policy.
Some of these apps admit to sending health data to China from Apple’s HealthKit, which allows apps to collect more than 100 different data points across numerous categories. China-based wellness app Wearfit Pro claims to access data from Apple’s HealthKit and openly discloses that the “data will be stored in the territory of the People’s Republic of China.” The app’s privacy policy states that it collects users’ “sleep, heart rate, blood oxygen, blood pressure, blood sugar, body temperature, weight, body age, heart rate and other data.”
Other apps don’t even try to hide the China connection. The “beautification” app Mico – Aesthetic Screen Maker’s privacy policy is written in Chinese. When you translate it, it reads, “We will store your information collected and generated during domestic operation in the territory of the People’s Republic of China,” and it also states that its governing laws are “the laws of the People’s Republic of China.”
Every one of these apps — and dozens if not hundreds more — fall under China’s national security laws, which force the tech companies to disclose all this U.S.-based data directly to the Chinese government.
For instance, China’s 2015 National Security Law compels locally employed Chinese nationals of American companies to assist in investigations that may expose operating elements of American companies or citizens. China’s 2021 Cyber Vulnerability Reporting Law requires China-based companies to report security flaws to the Chinese government so they can “exploit system flaws before cyber vulnerabilities are publicly known.” Article 7 of China’s National Intelligence Law of 2017 creates “a legal obligation for those entities to turn over data collected abroad and domestically to the” Chinese government.
These laws effectively turn Apple-approved, China-based apps into spyware for the Chinese government.
Apple must fix this problem. The company touts its App Store as “a safe and trusted marketplace for [its] users.” And it boasts about rejecting 375,000 app submissions for “privacy violations.” With these Chinese apps in the marketplace, how can Apple plausibly claim it’s protecting American consumers?
Apple allows users to easily find these apps, with some even in the top 100 within their app category. Apple is not just distributing these apps but promoting them. This fact alone shows that Apple’s safety and privacy claims are hollow and disingenuous.
So why does Apple keep promoting Chinese spyware? Money. Apple’s cut of App Store sales gives it a reason to ignore privacy and security issues for high-revenue apps.
American tech companies don’t want to offend China because the country is tied to their bottom lines. Apple CEO Tim Cook described China as “critical” to Apple’s supply chain and has pledged to increase investment and expand research and development facilities in the region. Couple that with Apple’s multi-billion dollar deal with the Chinese government requiring it to “store customer data on Chinese servers and to aggressively censor apps” and you have the makings of a national security disaster.
TikTok was only the beginning. It’s time to bring more accountability to Apple’s App Store to thwart the clear threat that Chinese spyware presents to the nation.
Joel Thayer is president of the Digital Progress Institute and a tech and telecom lawyer in Washington.
Copyright 2024 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
No comments:
Post a Comment