Apple’s Privacy Nightmare and Crucial Q1 Results

“We have always maintained there is no such thing as a backdoor just for the good guys. Backdoors can also be exploited by those who threaten our national security and the data security of our customers.” - Apple on building backdoors into its software

Apple’s first test of the decade - Q1 fiscal results

Tomorrow, at the closing bell of Wall Street (4.30pm eastern time), Apple will release its most important fiscal results of the year and arguably an important benchmark for the decade ahead. After a rockstar year for Apple’s stock price, there’s a lot of expectations resting on the shoulders of the company.

General consensus from analysts and observers is that the iPhone 11 and iPhone 11 Pro have given the iPhone its star status back. After several years of steady revenue, Wall Street has been disappointed with the growth of the iPhone and is looking for that comeback. The real question is not whether Apple’s strategy of repositioning the iPhone lineup to boost numbers has worked, but whether it has it dented the average selling price (ASP) and thus dented the revenue potential?

Apple also pushed out new, more expensive, AirPods during the quarter and these have been universally backordered worldwide. Generally a good sign of a blockbuster product, much like the original AirPods upon release. In the quarter ending September 2019, Apple’s wearable category (including AirPods, Apple Watch, and Beats, etc) grew 54% year-over-year—expect it to pull similar numbers again as the category approaches $10 billion in revenue per quarter.

On November 1, 2019 Apple’s next big bet went live. Since the launch of Apple TV+ we’ve not heard how it is performing. Coupled with Apple Music, Apple Arcade, Apple Card, and Apple News+ we now have the full suite of recurring revenue generators in the market. The question is, will Apple reveal anything meaningful about the uptake of ATV+?

Finally, Apple continues to be plagued by its China problem. Not helped by an ongoing tussle of tariffs between the US and China. So far Apple has skilfully avoided the brunt of Trump’s actions, and as the trade war settles down it looks like this threat is diminishing (possibly now outdone by an outbreak of coronavirus that could impact manufacturing in the country). But a China problem remains, how does Apple compete with the likes of Huawei, Xiaomi, Vivo, and Oppo who have cheaper handsets with 5G in the world’s biggest market? In the quarter ending September 2019, Apple’s revenue for the Greater China area was down 2.4%, will the same remain true for the December quarter? What will Apple’s outlook be for the current quarter, which includes the lucrative Chinese New Year holiday.

Current analyst estimates sit at an average of $88.4bn in revenue for the December quarter, this is against Apple’s guidance of $85.5 billion to $89.5 billion. However, some observers have noted that maybe the Street is underestimating the potential—with some saying the revenue could climb as high $89-90bn. Apple’s last record breaking revenue for Q1 was in 2018 at $88.2bn.

Privacy, privacy, privacy, privacy, privacy, privacy!

What does the hacking of Jeff Bezo’s iPhone, President Trump calling out Apple’s willingness to comply to information requests, and iCloud encryption all have in common? Well, they are all privacy related stories that have plagued Apple’s January.

Shall we remind ourselves of this marketing campaign... 

Any tech company can be forgiven for security mishaps. A simple adage is that if you write code then it can in theory be vulnerable to some from attack, and I’m not an information security expert but even I recognise that the iPhone and iOS are platforms large enough to have armies of people and hoards of cash dedicated to getting in and doing nefarious things. So I’m not going to sit here and suggest that Apple should never have run its privacy focused campaign—which featured this fantastic TV ad.

And, it is true that Apple’s privacy focus is clearly a big driver for many customers. Their approach on ad tracking, end-to-end encrypting iMessages, processing photos on the device, doing Siri request locally, and general awareness about what’s going on Privacy wise is admirable.

And it is fair to say that when Apple took a stance back in 2016 over the terrorist attack in San Bernardino it was on the right side of history. On face value when Apple says it cannot get into an iPhone that has a passcode, they are not lying. But of course, they could write and sign a custom iOS version that bypassed the passcode, or very least bypassed the delay in allowing guesses. This is, by all accounts, how devices by companies like Cellebrite and Grayshift work, they can bypass iOS using known software exploits to remove the 10 guesses limit and keep trying—a six digit passcode takes a mere 11 hours to crack.

So again, when the FBI came knocking in December 2019 trying to get into the two phones of a terrorist that shot up a Naval base in Pensacola Florida, Apple provided what it could from iCloud (more on that later) and refused to crack the iPhones on behalf of the US government. Now, we know from the 2016 case that the FBI has the contracts in place to have these phones broken into, so let’s just accept that calls from the FBI, the Attorney General, and President Trump were just attempts to turn public opinion against bad Apple and in favour of software backdoors for the good US government. This is just history repeating itself, and Apple is right to stand its ground. 

Apple’s response to the FBI’s claim that the company had not provided “any substantive assistance” created a terse and interesting response. Apple said “[w]e reject the characterization that Apple has not provided substantive assistance in the Pensacola investigation” adding, “[f]rom December 7th through the 14th, we received six additional legal requests and in response provided information including iCloud backups, account information and transactional data for multiple accounts”.

In itself, this is not news. Apple publicly details requests it gets from governments around the world, and it’s not news that some of what is stored in iCloud is not end-to-end encrypted. That is to say that both the data and the keys are accessible by Apple; although Apple does describe it slightly obscurely on that overview page. In short: if you’re pushing data to the cloud, it’s possible that at the request of a government then Apple could hand over the data which could include your Messages and more.

What followed was not best timed for Apple’s case against the FBI, it started with a Reuters report with no less than six sources claiming that Apple dropped plans—at request of the FBI—to allow users to encrypt their iPhone iCloud backups. Well.

The story goes on, and is corroborated by other reports from that timeframe, to say that more than two years ago Apple had plans “to offer users end-to-end encryption when storing their phone data on iCloud” (that is to say that Apple would have the data but not the key). But those plans were dropped after the FBI objected, Gruber finds such a claim hard to understand and Joseph Menn writing at Reuters himself ends the piece by saying: “Reuters could not determine why exactly Apple dropped the plan”, after admitting that the plan could have been dropped because of “concern that more customers would find themselves locked out of their data more often”.

Many words of opinion have been spilled on this subject over the weeks and days since the story came out. Many have concluded, possibly fairly, that Apple most likely dropped plans for end-to-end encrypted backups because the rate of users forgetting their passwords is concerningly high and once the key to data stored in this way is lost, it’s lost.

Apple now straddles the difficult tightrope, under renewed pressure will it give the option for complete E2E encryption for iCloud stored data, and inevitably face the furore and bluster of the FBI and the US government (amongst others), or will it save face in this regard and let the whole thing blow over until it comes back around again.

My final thought on this: Apple is able to, with the support of the general public, ride out these public admonishments from Trump and the FBI because it can frame the argument that creating a backdoor into iOS will harm more people in the long run than understanding the motives of a dead terrorist. In 2016, Tim Cook said: "We have a responsibility to protect your data and your privacy. We will not shrink from this responsibility."

But what if the iPhone that the FBI is requesting to be unlocked could save the lives of thousands of US citizens? Would that move the moral compass?

What I’ve been reading...

Next time…

I’ll explore Apple’s year and decade ahead, and we’ll poke around the reasons why Apple might be forced to switch away from the Lightning connector in the future.