Apple will no longer unlock most iPhones, iPads for government, police – even with search warrants

“Apple said Wednesday night that it is making it impossible for the company to turn over data from most iPhones or iPads to police — even when they have a search warrant — taking a hard new line as tech companies attempt to blunt allegations that they have too readily participated in government efforts to collect user information,” Craig Timberg reports for The Washington Post.

“The move, announced with the publication of a new privacy policy tied to the release of Apple’s latest mobile operating system, iOS 8, amounts to an engineering solution to a legal quandary,” Timberg reports. “Rather than comply with binding court orders, Apple has reworked its latest encryption in a way that prevents the company — or anyone but the device’s owner — from gaining access to the vast troves of user data typically stored on smartphones or tablet computers.”

“Apple once maintained the ability to unlock some content on devices for legally binding police requests but will no longer do so for iOS 8, it said in the new privacy policy,” Timberg reports. “‘Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data,’” Apple said on its Web site. ‘So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.'”

Read more in the full article here.

MacDailyNews Take: Bravo, Apple!

What’s left of the Fourth Amendment thanks you.

Checkmate, Google.

Eric Schmidt, Google Executive Chairman
Eric Schmidt, Google Executive Chairman

Related articles:
Would you trade privacy for national security? Most Americans wouldn’t – August 6, 2014
‘World’s most secure Android Phone’ hacked in under 5 minutes at DefCon Hacking Conference – August 12, 2014
Surveillance companies hate Apple’s impenetrable iPhones, iPads; Android infinitely more exploitable than iOS – August 12, 2014
Crucial security flaw found in Google Play: Thousands of secret keys found in Android apps – June 19, 2014
iOS 8′s extensions explained: Opening the platform while keeping it secure – June 9, 2014
New iOS 8 feature lets users cloak their iPhones from tracking by retailers, marketers, other companies – June 9, 2014
New malware takes Android phones hostage, demands ransom for unlock – June 5, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013
Android app malware rates skyrocket 40 percent in last quarter – August 7, 2013
First malware found in wild that exploits Android app signing flaw – July 25, 2013
Mobile Threats Report: Android accounts for 92% of all mobile malware – June 26, 2013
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013
Mobile malware exploding, but only for Android – May 14, 2013
Mobile malware: Android is a bad apple – April 15, 2013
F-Secure: Android accounted for 96% of all mobile malware in Q4 2012 – March 7, 2013
New malware attacks Android phones, Windows PCs to eavesdrop, steal data; iPhone, Mac users unaffected – February 4, 2013
FBI issues warning over Android malware attacks – October 15, 2012
Researchers discover serious flaw in Android app security, say HTC and Samsung ignore issue – September 28, 2012
Apple’s iPhone has passed a key security threshold – August 13, 2012
Android permissions flaw allows eavesdropping, data theft, location tracking – December 2, 2011
Massive HTC Android security flaw leaves security expert speechless – October 2, 2011
Apple’s iOS unaffected by malware as Android exploits surge 76% – August 24, 2011
Android malware records phone calls; iPhone users unaffected – August 2, 2011
Symantec: Apple iOS offers ‘full protection,’ Google Android ‘little protection’ vs. malware attacks – June 29, 2011
Malware apps spoof Android Market to infect Android phones – June 21, 2011
Google forced to pull several malware-infested apps from Android market – June 8, 2011
Android malware sees explosive growth; even faster than with PCs – April 27, 2011
Virus-laden apps infest Google’s ‘open’ Android platform; iPhone unaffected – March 3, 2011
Security firm warns of new Android trojan that can steal personal information; iPhone unaffected – December 30, 2010
Trojan infects Android smartphones; iPhone unaffected – August 10, 2010
Millions of Android phone users slammed by malicious data theft app – July 29, 2010
Unlike proactive Apple, reactive Google doesn’t block malware from Android app store – June 4, 2010
Malware designed to steal bank information pops up in Google’s Android app store – January 11, 2010

56 Comments

    1. One important note: your data is basically absolutely secure and private now only if you are not using iCloud.

      Apple still has the key for your iCloud data to ensure recoverability of your data if you forget your password.

      The best solution in the future would be offering opt-out option with Apple not having keys for your iCloud data at all at the expense you being never able to recover your data if you forget password.

      For now, there is no such option yet, but if you can live without iCloud syncing and archiving functionality, you can be nearly perfectly safe in your privacy since it would take forever to brute-force your iPhone/iPad if government or other bad guys would want to see your data.

      1. Actually Apple offers two step verification for iCloud accounts and Apple IDs (often the same account). With two step verification Apple can not help you recover your password. They give you a key that you can use and if you ever lose it, no one can reset your password.

        1. Apple has the keys to your iCloud data, they even write it in the latest security statement. Two-factor verification does not change this fact at all, it is about providing password/recovery for you or a third-party, and failing in one of the factors will break your ability to recover your data only for you, not for Apple. It is just matter of policy, not feasibility.

          But, as I wrote, there is road to the future with option where Apple would not have keys at all (no matter how many step verifications takes).

          1. How much of an idiot are you. Apple generates the unlock key and gives it to you. You must provide them with that key. They don’t have it. Without it, neither they or anyone else has any chance in any reasonable time to get your data. It’s estimated brute force on a 128 bit encryption would take something over two billion years to break. . . with a modern supercomputer of circa 2012.

            What part of “Apple just said they don’t have your keys at all,” do you fail to understand?

      2. I just read your comment so now that is is on the internet, it must be true. If someone says it on the internet, we all know it is absolutely true.

        Ya know . . . on the internet = TRUE, right?

      3. That is not true, ders. You upload your encrypted data to icloud, not unencrypted data. Apple anonymizes it further, adds additional 256 bit encryption for which they do have a key, and stores it until you require access. It is then unencrypted and your encrypted data is returned to your device which will then apply your key and do the final description. Apple does not have that key, and cannot get it. You don’t know what you are FUDing about.

    1. A user’s personal responsibility does not eliminate the need for the manufacturer/service provider from providing security and privacy. The problem is that there is no law protecting consumers — after all, the same large corporations that own legislatures around the world also are the ones who want all your data. You know, to keep you “safe” and to provide you “relevant information”.

      1. Foisting excessive responsibility on companies you have chosen to deal with would be unreasonable.. Part of a person’s responsibility for security and privacy starts at that choice. Some of Siri’s capabilities make me wonder how much of what you tell Siri is actually secure.. (e.g. remembering your relationships, the searches you request it to make, etc.) Basically you choose to stay or go based on your tolerance to the amount of privacy you give up for the value of the services you receive.

    1. Read the article: “Apple will still have the ability — and the legal responsibility — to turn over user data stored elsewhere, such as in its iCloud service, which typically includes backups of photos, videos, e-mail communications, music collections and more. Users who want to prevent all forms of police access to their information will have to adjust settings in a way that blocks data from flowing to iCloud.”

      The way I read it data backed up on your device is good, and on your computer if encrypted is good as well. The iCloud information can be accessed.

    2. The only encryption you’re going to see in iCloud (so far) is what you yourself provide BEFORE uploading the data. The easy way Apple provide for doing this is to create an encrypted sparsedisk or better yet sparse bundle disk image, create a nasty unguessable key for it, keep the key in your head ONLY, toss your data onto the disk image then upload that disk image. Encrypted disk images can be created inside Apple’s Disk Utility found in the Utilities folder of every Mac.

      As for ‘trust no one’, client side encrypted backup services to the cloud that do NOT share client keys with the server, there are a few different services that qualify. Arq, SpiderOak, Carbonite and BackBlaze (which I currently use) are all options. With time, there will be more.

      1. I guess for the first time ever NO ONE but you will be responsible for your device’s data access but you. No tech help to recover any data on the device, simply factory reset and gain access to what ever you were able to sync elsewhere. Double edged sword there. 😛

        1. Getting average people to understand backing up data is tough enough. I tell folks, plain and simply and cold, if you don’t back up, you get what you deserve when your drive fails. Try explaining tracking cookies and encryption to average folks and you realize you’re attempting to talk through impenetrable fog. This really is the point where technology leaps high over the heads of most folks. Then they turn on the technology and blame it for messing up their lives.

          It’s even worse when the technology is entirely out of their hands and it really does turn on them and wreck their lives thanks to worthless IT doofuses. Just today, Home Depot tentatively admitted that maybe 56 MILLION customer accounts have been stolen thanks to their ignoring the malware attacks on Windows XP Embedded run POS (point of sale) devices. Scan your card on infected machines and you’ve been PWNed. There is no excuse for this abuse of people’s lives by way of bad technology by way of bad technologists.

          Off on a rant. Sorry. But that’s what I see going on.

          Oh and ARR! It’s Talk Like A Pirate Day!

  1. And I still find it amazing that people think this idea is horrible, if you check out the comments section on the article.

    Do you give the government an extra set of keys when you buy a house? Or car? Or safe deposit box?

    Sheesh.

    1. House… Hmmm. It takes a locksmith 3 seconds with a pump gun to unlock my house. 5 seconds with a slim Jim for my car. And, yes, many banks keep a copy of your SD box key.

      So, what are you saying?

    1. This is pure rubbish! The suggestion that the desire for privacy means you have something to hide is utterly ridiculous. Do you want the police rummaging through your closets whenever they feel like it just because nothing illegal is hidden there? Get a clue, moron.

        1. On the contrary, the conservative trusts people far more than the left. We trust people to make their own decisions without government overseers, regulation, and control.

      1. omalansky, you remind me of me as a newbie.

        “/s” means the comment author is being SARCASTIC.

        The bullshit argument “If you’ve got nothing to hide, you’ve got nothing to fear” has been foisted on victim citizens since the creation of the first totalitarian state. The most infamous recent perpetration of the bullshit was by former Google CEO Eric T. Mole (alias ‘Eric Schmidt’). His rendition:

        If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place

        Wikipedia provides a discussion of this bullshit statement here:

        http://en.wikipedia.org/wiki/Nothing_to_hide_argument

  2. I wonder how much of this decision was “FIGHT THE POWER!” and how much was “How can we get the government agencies to leave us the hell alone?” Make it impossible for the company to unlock a phone, and they don’t have to worry about being asked to unlock phones.

    ——RM

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.