Apple will no longer unlock most iPhones, iPads for government, police – even with search warrants

“Apple said Wednesday night that it is making it impossible for the company to turn over data from most iPhones or iPads to police — even when they have a search warrant — taking a hard new line as tech companies attempt to blunt allegations that they have too readily participated in government efforts to collect user information,” Craig Timberg reports for The Washington Post.

“The move, announced with the publication of a new privacy policy tied to the release of Apple’s latest mobile operating system, iOS 8, amounts to an engineering solution to a legal quandary,” Timberg reports. “Rather than comply with binding court orders, Apple has reworked its latest encryption in a way that prevents the company — or anyone but the device’s owner — from gaining access to the vast troves of user data typically stored on smartphones or tablet computers.”

“Apple once maintained the ability to unlock some content on devices for legally binding police requests but will no longer do so for iOS 8, it said in the new privacy policy,” Timberg reports. “‘Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data,’” Apple said on its Web site. ‘So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.'”

Read more in the full article here.

MacDailyNews Take: Bravo, Apple!

What’s left of the Fourth Amendment thanks you.

Checkmate, Google.

Eric Schmidt, Google Executive Chairman
Eric Schmidt, Google Executive Chairman

Related articles:
Would you trade privacy for national security? Most Americans wouldn’t – August 6, 2014
‘World’s most secure Android Phone’ hacked in under 5 minutes at DefCon Hacking Conference – August 12, 2014
Surveillance companies hate Apple’s impenetrable iPhones, iPads; Android infinitely more exploitable than iOS – August 12, 2014
Crucial security flaw found in Google Play: Thousands of secret keys found in Android apps – June 19, 2014
iOS 8′s extensions explained: Opening the platform while keeping it secure – June 9, 2014
New iOS 8 feature lets users cloak their iPhones from tracking by retailers, marketers, other companies – June 9, 2014
New malware takes Android phones hostage, demands ransom for unlock – June 5, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013
Android app malware rates skyrocket 40 percent in last quarter – August 7, 2013
First malware found in wild that exploits Android app signing flaw – July 25, 2013
Mobile Threats Report: Android accounts for 92% of all mobile malware – June 26, 2013
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013
Mobile malware exploding, but only for Android – May 14, 2013
Mobile malware: Android is a bad apple – April 15, 2013
F-Secure: Android accounted for 96% of all mobile malware in Q4 2012 – March 7, 2013
New malware attacks Android phones, Windows PCs to eavesdrop, steal data; iPhone, Mac users unaffected – February 4, 2013
FBI issues warning over Android malware attacks – October 15, 2012
Researchers discover serious flaw in Android app security, say HTC and Samsung ignore issue – September 28, 2012
Apple’s iPhone has passed a key security threshold – August 13, 2012
Android permissions flaw allows eavesdropping, data theft, location tracking – December 2, 2011
Massive HTC Android security flaw leaves security expert speechless – October 2, 2011
Apple’s iOS unaffected by malware as Android exploits surge 76% – August 24, 2011
Android malware records phone calls; iPhone users unaffected – August 2, 2011
Symantec: Apple iOS offers ‘full protection,’ Google Android ‘little protection’ vs. malware attacks – June 29, 2011
Malware apps spoof Android Market to infect Android phones – June 21, 2011
Google forced to pull several malware-infested apps from Android market – June 8, 2011
Android malware sees explosive growth; even faster than with PCs – April 27, 2011
Virus-laden apps infest Google’s ‘open’ Android platform; iPhone unaffected – March 3, 2011
Security firm warns of new Android trojan that can steal personal information; iPhone unaffected – December 30, 2010
Trojan infects Android smartphones; iPhone unaffected – August 10, 2010
Millions of Android phone users slammed by malicious data theft app – July 29, 2010
Unlike proactive Apple, reactive Google doesn’t block malware from Android app store – June 4, 2010
Malware designed to steal bank information pops up in Google’s Android app store – January 11, 2010


    1. One important note: your data is basically absolutely secure and private now only if you are not using iCloud.

      Apple still has the key for your iCloud data to ensure recoverability of your data if you forget your password.

      The best solution in the future would be offering opt-out option with Apple not having keys for your iCloud data at all at the expense you being never able to recover your data if you forget password.

      For now, there is no such option yet, but if you can live without iCloud syncing and archiving functionality, you can be nearly perfectly safe in your privacy since it would take forever to brute-force your iPhone/iPad if government or other bad guys would want to see your data.

      1. Actually Apple offers two step verification for iCloud accounts and Apple IDs (often the same account). With two step verification Apple can not help you recover your password. They give you a key that you can use and if you ever lose it, no one can reset your password.

        1. Apple has the keys to your iCloud data, they even write it in the latest security statement. Two-factor verification does not change this fact at all, it is about providing password/recovery for you or a third-party, and failing in one of the factors will break your ability to recover your data only for you, not for Apple. It is just matter of policy, not feasibility.

          But, as I wrote, there is road to the future with option where Apple would not have keys at all (no matter how many step verifications takes).

          1. How much of an idiot are you. Apple generates the unlock key and gives it to you. You must provide them with that key. They don’t have it. Without it, neither they or anyone else has any chance in any reasonable time to get your data. It’s estimated brute force on a 128 bit encryption would take something over two billion years to break. . . with a modern supercomputer of circa 2012.

            What part of “Apple just said they don’t have your keys at all,” do you fail to understand?

      2. I just read your comment so now that is is on the internet, it must be true. If someone says it on the internet, we all know it is absolutely true.

        Ya know . . . on the internet = TRUE, right?

      3. That is not true, ders. You upload your encrypted data to icloud, not unencrypted data. Apple anonymizes it further, adds additional 256 bit encryption for which they do have a key, and stores it until you require access. It is then unencrypted and your encrypted data is returned to your device which will then apply your key and do the final description. Apple does not have that key, and cannot get it. You don’t know what you are FUDing about.

    1. A user’s personal responsibility does not eliminate the need for the manufacturer/service provider from providing security and privacy. The problem is that there is no law protecting consumers — after all, the same large corporations that own legislatures around the world also are the ones who want all your data. You know, to keep you “safe” and to provide you “relevant information”.

      1. Foisting excessive responsibility on companies you have chosen to deal with would be unreasonable.. Part of a person’s responsibility for security and privacy starts at that choice. Some of Siri’s capabilities make me wonder how much of what you tell Siri is actually secure.. (e.g. remembering your relationships, the searches you request it to make, etc.) Basically you choose to stay or go based on your tolerance to the amount of privacy you give up for the value of the services you receive.

    1. Read the article: “Apple will still have the ability — and the legal responsibility — to turn over user data stored elsewhere, such as in its iCloud service, which typically includes backups of photos, videos, e-mail communications, music collections and more. Users who want to prevent all forms of police access to their information will have to adjust settings in a way that blocks data from flowing to iCloud.”

      The way I read it data backed up on your device is good, and on your computer if encrypted is good as well. The iCloud information can be accessed.

    2. The only encryption you’re going to see in iCloud (so far) is what you yourself provide BEFORE uploading the data. The easy way Apple provide for doing this is to create an encrypted sparsedisk or better yet sparse bundle disk image, create a nasty unguessable key for it, keep the key in your head ONLY, toss your data onto the disk image then upload that disk image. Encrypted disk images can be created inside Apple’s Disk Utility found in the Utilities folder of every Mac.

      As for ‘trust no one’, client side encrypted backup services to the cloud that do NOT share client keys with the server, there are a few different services that qualify. Arq, SpiderOak, Carbonite and BackBlaze (which I currently use) are all options. With time, there will be more.

      1. I guess for the first time ever NO ONE but you will be responsible for your device’s data access but you. No tech help to recover any data on the device, simply factory reset and gain access to what ever you were able to sync elsewhere. Double edged sword there. 😛

        1. Getting average people to understand backing up data is tough enough. I tell folks, plain and simply and cold, if you don’t back up, you get what you deserve when your drive fails. Try explaining tracking cookies and encryption to average folks and you realize you’re attempting to talk through impenetrable fog. This really is the point where technology leaps high over the heads of most folks. Then they turn on the technology and blame it for messing up their lives.

          It’s even worse when the technology is entirely out of their hands and it really does turn on them and wreck their lives thanks to worthless IT doofuses. Just today, Home Depot tentatively admitted that maybe 56 MILLION customer accounts have been stolen thanks to their ignoring the malware attacks on Windows XP Embedded run POS (point of sale) devices. Scan your card on infected machines and you’ve been PWNed. There is no excuse for this abuse of people’s lives by way of bad technology by way of bad technologists.

          Off on a rant. Sorry. But that’s what I see going on.

          Oh and ARR! It’s Talk Like A Pirate Day!

  1. And I still find it amazing that people think this idea is horrible, if you check out the comments section on the article.

    Do you give the government an extra set of keys when you buy a house? Or car? Or safe deposit box?


    1. House… Hmmm. It takes a locksmith 3 seconds with a pump gun to unlock my house. 5 seconds with a slim Jim for my car. And, yes, many banks keep a copy of your SD box key.

      So, what are you saying?

    1. This is pure rubbish! The suggestion that the desire for privacy means you have something to hide is utterly ridiculous. Do you want the police rummaging through your closets whenever they feel like it just because nothing illegal is hidden there? Get a clue, moron.

        1. On the contrary, the conservative trusts people far more than the left. We trust people to make their own decisions without government overseers, regulation, and control.

      1. omalansky, you remind me of me as a newbie.

        “/s” means the comment author is being SARCASTIC.

        The bullshit argument “If you’ve got nothing to hide, you’ve got nothing to fear” has been foisted on victim citizens since the creation of the first totalitarian state. The most infamous recent perpetration of the bullshit was by former Google CEO Eric T. Mole (alias ‘Eric Schmidt’). His rendition:

        If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place

        Wikipedia provides a discussion of this bullshit statement here:

  2. I wonder how much of this decision was “FIGHT THE POWER!” and how much was “How can we get the government agencies to leave us the hell alone?” Make it impossible for the company to unlock a phone, and they don’t have to worry about being asked to unlock phones.


  3. So Apple is helping the the terrorists!!!

    If you have nothing to hide, why do you care that the authorities can search your phone? Only criminals or terrorists hide behind the 4th Amendment!

    Sarcasm! If you believe the above statements then you should start a campaign to repeal the 4th amendment.

    1. Those who say “Apple is helping the Terrorists!!!” smacks of the people who complained about those who hid Jews from the Nazis in the 1930’s and 1940’s Europe.

      If we give up our freedoms in the interests of security from the terrorists, becoming a police state, out of fear, then the terrorists have achieved their objective. . . They’ve spread terror. And we’ve become less than we were. We are no longer free.

      I, for one, am willing to accept risk in the world for freedom. I will watch out for me, and thee.

    1. Actually, they are. In democracies, the liberties granted in their constitutions were only achieved after much negotiation and amendments. And any decent constitution has a mechanism for updating it — a reality that few people seem to realize when they pine for the old days. Change & progress is inevitable, and it is up to a civilization to keep its guiding principles updated accordingly. For example: when the US constitution was written, political parties and corporations did not exist. Now these legal entities have taken over the governing mechanisms of the nation and caused gridlock and divisionism that is literally tearing the nation apart. The constitution is long overdue for amendments to correct these faults: eliminate gerrymandering, eliminate “person” status for corporations, and ensure that all elections are instant-runoff electronic voting funded and organized by the government, not by two self-serving and corrupt political parties that eliminate all independent ideas and candidates from participation.

      1. Our system is predicated upon a number of things:

        1- Ciivil liberties are intrinsic to all people. If you are religious call it god given. If you are an agnostic like me, call it intrinsic.
        2- All government authority is given to it by the people. It is not given by the government- it is given TO the government. We have the right to take it back, sometimes by means the government may not be happy with.
        3- The national government and all subordinate governments have a responsibility to protect and respect the intrinsic rights of the citizen. No responsibility is higher- even national security.

        Most lawyers and many government officials will laugh at you if you tell them this, but this is the system founded by our basic law. The bullshit opinions of secret courts are illegal as are judicial review decisions pulled out of some justice’s ass -for example, corporate personhood. This shit goes on because Joe/Jane 6 pack let it go on.

  4. Apple goes for the jugular of competitors with a slow but well planned and executed strategy to undermine the raison d’être of the competitor. First Microsoft, now Google.

    Google’s raison d’être is exploitation of personal information for profit. For Microsoft it was exploitation by monopoly

  5. Wait!

    Read more carefully:

    “‘Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data,’” Apple said on its Web site. ‘So it’s not technically feasible for us to respond …”

    See, what’s being said is that *Apple* can’t bypass your code, but their competitors can!!! The nuance is important!


Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.