Incorrect. Please see the official Apple Support page [1] that debunks this. It specifically states:
"iCloud services and all the data you store with iCloud, including photos, videos, documents, and backups, will be subject to the new terms and conditions of iCloud operated by GCBD."
And since all Chinese companies are bound by local laws, you can be assured that your data is readily available for access by the government.
That still doesn’t make the original statement that “encryption keys are given to China” correct.
The data that is available in China is not encrypted and would also be available to US authorities.
Can you quote the part of the article that states that Apple must give China private keys? Can you find a citation where a third party has found proof that Apple changed the iMessage architecture?
Apple may still be controlling the encryption keys but this says nothing about sharing the keys if compelled to do so.
> Can you quote the part of the article that states that Apple must give China private keys? Can you find a citation where a third party has found proof that Apple changed the iMessage architecture?
Apple is smarter than to put some text on their official website saying that the Chinese government has access to all your data. The key here is that their Terms and Conditions state that they operate "...in accordance to local laws". This is a cop-out legalese way of saying "We abide by whatever the Chinese government tells us to do".
You need to take a step back, take off your engineering hat, and realize that the issue is not about private keys. This is about a company (Apple) needing to follow the laws of the country that it operates in or else it is banned. It doesn't matter if Apple was selling bread or handbags, they MUST provide the government with data about their customers when compelled. This is the case with all companies operating in China, foreign or domestic.
The only way it could follow the laws of the country would be to rearchitect its entire system and somehow send the private keys to its servers and save them.
While technically they could do that, do you realize how much legal trouble they would be in in the US if they did so without disclosing it?
Alternatively, they would have to have a special build of iOS for China.
Also, none of the “citations” make mention that the Chinese law forces Apple to give private keys to China.
The questions you are posing make it clear that you don't understand the issue at hand, much less the broader context behind these data laws. Companies have invested much more $$$ and resources for much less reward. Also, everything is legal as long as your lawyers sign off.
I perfectly understand how public/private key encryption works. Can you find any citations to support your specific claims that Apple is sending user’s private keys from their devices and giving those keys to China?
It doesn’t by itself - but you have neither shown that Apple has surreptitiously uploaded user’s private keys in China or that it was required to do so.
I think the overlooked answer in this conversation is that Apple doesn't need to modify their service for China at all. In in all countries, they hold the encryption keys for most user data. Only these things are E2E encrypted[1]:
Home data
Health data (requires iOS 12 or later)
iCloud Keychain (includes all of your saved accounts and passwords)
Payment information
QuickType Keyboard learned vocabulary (requires iOS 11 or later)
Screen Time
Siri information
Wi-Fi passwords
You might say "what about iMessage". The link has that answer, too:
>Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices.
This means Apple can produce the data a government is looking for in virtually all cases, and that's probably good enough for China.
Maybe the fraction of users who do that is small enough that China won't push them on it. Or (this would be relatively easy to check) they could just hide that option in settings when the device region is China.
Another factor to consider is that SMS and iMessage are rarely used in China due to SMS historically being more expensive than email/data over there.
That brings up another point. How important is iMessage in China? The iPhone’s market share in China is small and statistically when you’re using iMessage you would probably be sending a message to a none Apple device over unencrypted SMS.
Email is the least secure method of sending data and always has been.
I’ve never paid attention to it until now, but you can selectively disable iCloud backups for any of the built in apps and third party apps in settings.
That brings up another point. How important is iMessage in China? The iPhone’s market share in China is small and statistically when you’re using iMessage you would probably be sending a message to a none Apple device over unencrypted SMS.
Email is the least secure method of sending data and always has been.
"iCloud services and all the data you store with iCloud, including photos, videos, documents, and backups, will be subject to the new terms and conditions of iCloud operated by GCBD."
And since all Chinese companies are bound by local laws, you can be assured that your data is readily available for access by the government.
[1] https://support.apple.com/en-us/HT208351