Under the heading “The most personal technology must also be the most private,” the site runs down all of Apple’s core services, and explains how Apple protects user data in each case.
Here are some of the highlights:
“Your actual card numbers are not stored on the device or on Apple servers. Instead, a unique Device Account Number is created, encrypted in such a way that Apple can’t decrypt, and stored in the Secure Element of your device. The Device Account Number in the Secure Element is walled off from your iOS device and Apple Watch, is never stored on Apple Pay servers, and is never backed up to iCloud.”
iMessages and FaceTime
“Apple has no way to decrypt iMessage and FaceTime data when it’s in transit between devices. So unlike other companies’ messaging services, Apple doesn’t scan your communications, and we wouldn’t be able to comply with a wiretap order even if we wanted to. While we do back up iMessage and SMS messages for your convenience using iCloud Backup, you can turn it off whenever you want. And we don’t store FaceTime calls on any servers.”
Health and Fitness
“The information you add about yourself is yours to use and share. You decide what information is placed in the Health app, as well as which third-party apps can access your data. When your phone is locked with a passcode or Touch ID, all of your health and fitness data in the Health app is encrypted. And any Health data backed up to iCloud is encrypted both in transit and on our servers.”
“All your iCloud content like your photos, contacts, and reminders is encrypted when sent and, in most cases, when stored on our servers. All traffic between any email app you use and our iCloud mail servers is encrypted. And our iCloud servers support encryption in transit with other email providers that support it.
If we use third-party vendors to store your information, we encrypt it and never give them the keys. Apple retains the encryption keys in our own data centers, so you can back up, sync, and share your iCloud data. iCloud Keychain stores your passwords and credit card information in such a way that Apple cannot read or access them.”
“Apple does not know what devices you’re controlling, or how and when you’re using them … Data related to your home is stored encrypted in the keychain of your device. It’s also encrypted in transit between your Apple device and those you’re controlling. And when you control your accessories from a remote location, that data is also encrypted when it’s sent. So HomeKit doesn’t know which devices you’re controlling or how you’re using them.”
“Other companies try to build a profile about you using a complete history of everywhere you’ve been, usually because they’re targeting you for advertisers. Since our business doesn’t depend on advertising, we have no interest in doing this — and we couldn’t even if we wanted to.”
“The songs you stream aren’t used by any other service to advertise to you. And if you don’t want to keep your music collection on our servers, you can opt out of iCloud Music Library.”
The references to “other companies” is primarily a dig at Google, which makes its money by providing ostensibly “free” services, while mining user data for advertising. It’s a clever strategy on Apple’s part, because it not only gives Cupertino the moral high ground, but is also one innovation many of the company’s rivals can’t easily copy.
The push to make Apple a company which protects customer data has largely been a Tim Cook project. Cook memorably explained his stance in an interview with Charlie Rose, in which he noted that, “you are not our product,” referring to selling the data produced by customers.
Earlier this year, Apple was awarded the full five-stars in the Electronic Frontier Foundation’s (EFF) “Who Has Your Back” report, with the conclusion that, “We commend Apple for its strong stance regarding user rights, transparency, and privacy.”
Long may it continue!