Apple’s Tim Cook leaves behind complicated legacy on privacy

In his 15 years as Apple’s top executive, Tim Cook has projected an image of the company as a champion of privacy rights. As he prepares to leave that role in September, that legacy has come back into focus. Cook trumpeted the iPhone maker’s commitment to privacy at home in the US and the EU, calling privacy “a fundamental right” but his acquiescence to government demands abroad call his dedication to protecting users into question.

Cook cemented Apple’s pro-privacy reputation in 2015 when he resisted the FBI’s demands to unlock the iPhone of a mass shooter in San Bernardino, California. The company played up that public image in 2019 with playful ads that read, “Privacy. That’s iPhone”, positioning Apple as the obvious choice for people who cared about privacy. In 2021, Apple added a feature, App Tracking Transparency, that allowed iPhone owners to limit an app’s ability to track their mobile activity. Apps that tracked users without permission would be removed, Cook said.

The company even sued Israeli spyware firm NSO group that same year, accusing it of surveilling iPhone users. Throughout his tenure, Cook spoke about privacy as a “fundamental human right” – and criticized Silicon Valley competitors Meta and Google for their expansive collection of user data. “This is surveillance,” he said at an EU privacy conference in 2018. Unlike Apple, Google’s search engine, as well as Meta’s Facebook and Instagram, are not available in China.

But Apple’s international concessions, particularly in China, its second-largest and fastest-growing market, complicate Cook’s privacy legacy.

Cook has walked a tightrope to ensure Chinese regulators allow Apple to maintain its strong presence in the region, which is key to its supply chain and consumer base. In Apple’s latest earnings report, the company reported a massive spike in iPhone revenue, driven by renewed demand in China.

Privacy advocates say Cook has been too submissive to President Xi Jinping’s demands and in doing so has jeopardised the privacy of Chinese customers and their free speech.

Apple did not immediately respond to a request for comment but Cook has said that there is little to gain from castigating China, a response to criticism in 2017, when Apple pulled hundreds of apps from the country’s app store at the government’s request.

“When you go into a country and participate in a market, you are subject to the laws and regulations of that country,” he said. Cook’s preferred choice, he added, was to “get in the arena, because nothing ever changes from the sidelines”.

In 2018, Apple transferred its Chinese users’ iCloud accounts to a state-backed datacenter in the country, following the enactment a year before of a cybersecurity law that required companies in mainland China to host all data inside the country. The Guizhou-Cloud Big Data (GCBD) center allows the Chinese government to more easily access texts, emails and images in these accounts, human rights activists say.

Chinese officials could, for the first time, bypass American courts to obtain iPhone users’ data directly from Apple. Human rights groups, including Amnesty International, worry this arrangement has helped China crack down on dissidents, as Chinese law enforcement already has broad discretion to silence dissent “in the name of national security”.

“Chinese internet users can face arrest and imprisonment for merely expressing, communicating or accessing information and ideas that the authorities don’t like,” Amnesty wrote in a blogpost. Apple said in a 2018 statement it was obligated to comply with new Chinese cybersecurity laws, noting: “While we advocated against iCloud being subject to these laws, we were ultimately unsuccessful.”

Under Cook, Apple has likewise moved Russian users’ data to local servers in Russia in compliance with local laws, raising similar privacy concerns amid the country’s crackdown on dissent and general online expression, according to Bloomberg.

Since the onshoring of Chinese users’ data, Beijing has continued to pressure Cook and Apple, and in 2024 demanded the company remove popular messaging apps like Telegram as well as the encrypted services WhatsApp and Signal from the iPhone app store. Apple complied. “We are obligated to follow the laws in the countries where we operate, even when we disagree,” a spokesperson for Apple told the Wall Street Journal at the time. While these apps could only be accessed in China through virtual private networks, they still had many Chinese users. The crackdown on messaging apps is part of a broader trend: a New York Times investigation in 2021 found that tens of thousands of apps disappeared from Apple’s Chinese app store over the past several years, including foreign news outlets, gay dating services and other encrypted messaging apps.

Apple’s “private relay” feature, designed so no one – not even Apple – can see a user’s identity or the sites they’re visiting, was not rolled out in China when it was released in 2021, nor in Saudi Arabia. The company said this was for regulatory reasons.

“What Apple has been very good at is being a pioneer at marketing privacy protections – but in reality, we found that a lot of that doesn’t actually play out in the way it operates,” says Katie Paul, director of the Tech Transparency Project.

In the US, Apple telegraphed a strong commitment to privacy when it refused to help the FBI bypass security measures of the San Bernardino shooter’s phone. Apple refused to help the FBI circumvent the phone’s four-digit login code and a feature that would have erased its data after 10 failed attempts. Cook had more to say, so he wrote an open letter to Apple’s customers, explaining his decision. The ability to encrypt phones is essential, and while he was outraged by the San Bernardino murders and willing to comply with valid subpoenas and search warrants, Apple drew the line at enabling “a back door to the iPhone”.

“The US government has asked us for something we simply do not have, and something we consider too dangerous to create,” he wrote. “The FBI may use different words to describe this tool, but make no mistake: building a version of iOS that bypasses security in this way would undeniably create a back door. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”

The FBI ultimately withdrew its case, explaining that it no longer needed Apple’s help to access the phone.

On the domestic front, Apple has still faced criticism for the ways it cooperates with law enforcement. In September 2015, a few months before the San Bernardino shooting and well into Cook’s term as CEO, Apple turned on iCloud by default for iPhone users, which largely remains the case today. The Tech Transparency Project points out that turning on iCloud allows most users’ data to be accessible to law enforcement without the need for a passcode. Rolling Stone reported in 2021 on an FBI document that indicated it was easy to get iMessage data via warrant or subpoena.