Quartz Gets It Wrong on Apple, Encryption, and China [Updated]

| The Devil's Advocate

Quartz reporter Joon Ian Wong wrote an article where he appears to conflate Apple’s showing its source code to China as somehow being the same thing as putting in a backdoor.

"Apple's response to US and UK government demands for backdoors to user data has been direct, bordering on defiant," Mr. Wong wrote. "Apple appears to take a different tack in dealing with data security demands from China, a key growth market for the company."

Apple logo in front of a Chinese Flag

So did Apple give China a backdoor or some secret keys? His assertion seems to be that maybe Apple gave China access to see Apple's source code. Here is the choice quote:

If Apple had indeed agreed to a Beijing security audit, it could have shared vital information with the Chinese government, such as its operating system's source code, that could indirectly help government agents discover vulnerabilities on their own. It would have been a serious departure from Apple's public, privacy-centric stance.

The assertion apparently is that if Apple lets China see Apple's source code, it's somehow akin to letting the government see what is on every person's iPhone.

This maybe one of the most profoundly misguided assertions about encryption software ever made. It is laughable to anyone that knows anything about cryptography. Showing the source code in no way reveals the magic encryption keys generated by the source code and maintained in secret on peoples' individual devices.

It would be like saying revealing the source code to Microsoft Word would let the government know the contents to the novel you wrote using Word. To call this horse$%!# is an odious insult to horse$%!#.

Open Source

If you do a search for "encryption" on GitHub (an open source repository), you get over 6,500 open source application/library results. Check it out. This is why it's moronic that the government wants Apple to put in a backdoor into its operating systems, something that TMO’s own Bryan Chaffin has ranted about many times.

Terrorists will simply pick any one of those 6,500-plus open source encryption packages on GitHub or elsewhere, and have their own private encryption software that cannot be defeated, and meanwhile the government will deprive all honest law abiding citizens of their right to privacy.

So why are there so many encryption projects that expose their source code? Well, encryption experts believe that seeing source code to encryption software makes the software better because anyone can confirm there are no backdoors.

In other words, this is exactly the opposite reason implied by Joon Ian Wong's article. The US and UK have asked Apple to put a backdoor into its source code, while China wants to see the source code is to ensure there is no backdoor, at least one that China itself doesn't have access to.

Furthermore, asking Apple to see its source code is not the same as giving China Apple's source code; for such an audit, there is no reason to believe Apple just handed China the source code for its entire operating system. The more likely scenario that Apple would let Chinese engineers examine its software under the supervision of Apple engineers without actually turning the software over.


So why is the Quartz article conflating Apple's maybe making source code available to inserting a back door? Other than the obvious attraction of clickbait, an alternative theory for the creation of an article that so grossly misrepresents the reason for a software audit is some anti-Apple agenda.

His article may have been a fair bit of questioning if we knew Apple had handed over its source code to China, while denying the US and UK that same access—that would have been an Apples to Apples comparison. But, as far as we know, the US and UK did not ask Apple to view its source code, and there is no reason to believe that if Apple showed its source code to China that it would not show its source code to the US and UK.

And to iterate, the US and UK governments likely have zero interest in just seeing Apple’s source code, because that won’t give them what they really want, a back door.

That makes the Quartz piece either deliberately disingenuous or based on a foundation of ignorance. Reporter Joon Ian Wong should either provide evidence that Apple gave China its source code (as opposed to merely letting China see its source code), or worse some kind of back door access to the Chinese government. Absent such evidence, Quartz and Mr. Wong should apologize for being so profoundly wrong and/or disingenuous with his article.

[Correction: This article originally named Reuters as the publisher of this article, but Joon Ian Wong was writing for Quartz. The article has been corrected accordingly. - Editor]

Image made with help from Shutterstock.

Popular TMO Stories



And, of course, a huge part of iOS source is already open. Not all, by any means, but quite a lot.

As for Windows, I think that the answer is “zero”.


I think this article would have been better placed as a comment in the comment section of the original article.

That said,  do we know if Apple makes it a habit of giving governments its source code?


daemon: did you not read the previous item? Much of the OS is ALREADY open. That said, there is more that’s not open.

Whether or not Apple “makes a habit” of giving governments access to code is a separate issue. But is *showing* the code an issue, as long as Apple retains control?


Just to elaborate on vpndev’s comment, “Darwin” is the open-source part of OS X / iOS and is the core underneath the operating system. The parts that are not open source are the UI layer and some of the system services and framekworks. Furthermore, Apple software is built using either GCC or Clang, both of which are open source compilers. Obj-C and Swift are open source, and languages like C and C++ are open standards. So the foundational technologies used are all open.

I do not know at what level the iOS security checks reside. They may be microcode that runs inside certain bits of the hardware like the “Secure Enclave” or they may be system services that run in the OS but are not included with Darwin.

Anyway, from yesterday’s articles on the requested backdoor it sounds like the approach is to build a version of the OS without certain checks and load it directly into memory. If a government has access to the source code, they can make these modifications themselves and only need Apple’s help for the code-signing step. They can also try to hack the device using insider knowledge. The open source parts would be subject to open security audits and fixes, while the closed source parts would only have Apple security audits, so it is slightly more likely that they have vulnerabilities that a government could find.


@vpndev: LoL! After your ad hominem attack you turn around and admit that Apple keeps source code secret, the code that I was obviously referring to. What was the point of your ad hominem attack?

Any ways,  the reason why it’s relevant is that it could be subject to a FOIA request.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account