Apple Allows China To Search Its Software For Backdoors

According to a report in Beijing News, Apple agreed to allow security audits of its software before it gets used in China. Apple has denied that its software has any backdoors in the past, but it appears the Chinese wants to see for themselves if that's true.

This comes after it was discovered from Snowden's NSA documents that tech companies either willingly cooperate or have their software and networks hacked so American intelligence agencies can spy on other foreign nations. That discovery has made foreign countries less trusting of American companies, and some have already started taking actions to resolve this potential security issue.

Some countries have started passing laws that force foreign companies to keep the data they have on their citizens in a local database. Although this makes some sense, it's difficult to enforce for all companies, in practice. It becomes too expensive for those companies to operate, so they may just end up leaving the country.

These laws have also been used mainly as a way for those governments to access data on their citizens that they previously couldn't access. For instance, if Google doesn't store the data in a certain country, then that country can't demand the emails of its citizens, because it has no jurisdiction over them. It can only have jurisdiction if the servers with the local citizens' data are located in that country.

The second solution that's beginning to get some traction, including in China, is the requirement that foreign companies show the source code for their software, especially if that software is to be used in government institutions.

Auditing the proprietary software of all foreign companies may prove quite difficult and time-consuming, as not only must the whole OS be studied with all of its intricacies, but also every single update from that point forward. Software audits are also quite expensive, and it's another cost the government must support.

Another option for governments could simply be the adoption of open source solutions, where possible, as opposed to proprietary ones. China has in fact already banned Windows 8 for use by government officials and institutions.

China has already begun collaborating with Canonical on a Chinese version of Ubuntu, so in a way it's also leading the charge in open source adoption for government use. Some European countries have also begun adopting Linux for use in some government institutions, not just as a national security solution, but also as a way to cut costs in the long run.

A combination of open source solutions for government use and security audits for proprietary software that gets sold or used by local companies and citizens may be a good mix that increases both the privacy of that countries' citizens as well as the security of its institutions. 

Follow us @tomshardware, on Facebook and on Google+.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • mortsmi7
    China sounds pretty anal.
  • vaughn2k
    ... and then China will not tell Apple, if they found one.. ;)
  • Dietdee
    next year chi phone 7
  • kenjitamura
    Next week in the news: "China has started using OS X since they got hold of the source and it appears they have no intentions of buying overpriced Apple hardware now that there's no need."
  • blackmagnum
    Steve is rolling in his grave!
  • Murissokah
    In completely unrelated news, the Chinese government has just announced their own groundbreaking OS and software distribution platform, the Nac OSX.
  • The comments here are pretty stupid. Apple allowing access to source code is a basic thing. Microsoft also allows access to source code to large business partners.

    Personnal example, we needed Outlook not to go through American servers, because of the size of our business, they allowed making a server elsewhere (Canada). It cost a lot. But if you believe that your internal data and the data of your clients is confidential, you can't just say yes to external software, or cloud services. You need to be able to make an audit and see what is going on. Costs a lot? You bet. But what happens if your customers lose confidence in you? How much cost to your reputation if your data is hacked?

    Ask Sony.
  • nuvon
    I would let them audit too if I were Apple. The reason is simple: China's huge market! Why work against the local government when your intention is to sell more product, and this applies to other countries not just China.
  • Camikazi
    @Andy Chow There is a difference between allowing Canada to check the source and allowing China to, considering that 9 out of 10 copies of Windows are pirated and the LARGE amount of iPhone clones that pop up from there. Hell there are even Chinese copies of BMWs and other cars, they clone and copy anything they can get their hands on so showing them how your OS works directly is a bit dangerous.
  • everlast66
    Man, in China they make copies of copies, and then sue the manufacturer of the very original for ripping off their IP ...