Apple, Inc. has released its Transparency Report this week, revealing government requests for device and account information for its customers have significantly increased in recent months.
The report covered the period from July 1 to December 31, 2015 and includes data on how many requests it received for device, account, emergency, national security orders, and even account deletion.
Report breakdown
The regions considered for the report includes Asia Pacific; Europe, Middle East, India and Africa; Latin and North Americas. Device requests for Asia Pacific totaled to 7,300; for Europe, Middle East, India and Africa, the number goes up to 19,322; 56 for Latin America; and 4,009 for North America. Device requests that Apple provided some data are as follow: 4,586 for Asia Pacific, 10,127 for Europe et al, 45 for Latin America and 3,201 for North America.
For account requests, Apple received a total of 223 requests from Asia Pacific which includes 6,973 account, 536 requests with 612 accounts from Europe et al, 33 requests with 64 accounts from Latin America, and 1,021 requests with 5,021 accounts from North America. Of the accounts requested, Apple provided data for 5,189 accounts in Asia Pacific, 290 in Europe et al, 57 for Latin America, and 4,420 for North America.
This transparency report is particularly of interest thanks to Apple’s recent battle with the Federal Bureau of Investigation, where the iPhone maker stood fast to its policy of not providing backdoor access to devices despite law enforcement’s demands. Looking at the numbers, it’s clear that Apple is still obligated to comply with government requests for data, but the type of request is paramount to fully understanding Apple’s relationship with law enforcement, especially when it comes to an individual losing access to their own phone.
Device vs Account requests
According to Apple’s Government Information Request page, 94 percent of the requests it receives regarding devices are usually done on behalf of customers who requested assistance in locating their stolen or lost devices. Device request may include customer contact information used to register the device, the date(s) the device used Apple services, or transactions made using the device.
For the remaining 6 percent of account requests Apple receives, the company states that data may include the account holder’s iTunes or iCloud account, name, address, or in some cases iCloud content which may include stored photos, email, iOS device backups, contacts, calendars, and even bookmarks. Apple states that account requests are carefully considered and only provide account content when there is a search warrant.
However, if the device is running iOS 8 or later and has a passcode in place, even if Apple is served a search warrant, the company cannot grant the requesting body access to data as it will not be able to bypass the encryption key put in place by the user.
Retrieving stolen or lost Apple devices
As mentioned, most device request are from law enforcement who were asked by the device owner themselves in the hopes of recovering their lost or stolen device.
If users have enabled the Find My iPhone feature, they can use it to track the whereabouts of their lost or stolen device. Users will then need to sign in to icloud.com/find on a Mac or PC, or use the Find My iPhone app on another iPhone, iPad, or iPod touch. They can then select a device to see its location on a map. If the device is nearby, users can have the lost device play a sound to help the user or other people find it.
Users also have the option of turning on Lost Mode, which remotely locks the device with a four-digit passcode, displays a custom message which can contain the user’s alternate contact information on the missing device’s Lock screen, as well as keep track of the device’s location. If the user has added credit or debit cards to Apple Pay, the ability to make payments using Apple Pay on the device will be suspended when the device is in Lost Mode.
If users have lost all hope of finding their device, they have the option to remotely erase all the data on the device. This will delete all credit and debit cards used for Apple Pay, messages, photos, videos, apps, as well as disable Find My iPhone, remove the device from the user’s account, as well as erase Activation Lock, which means whoever has the device can now set the it up as their own device.
If the feature is turned off, Apple advises users to change all their passwords and report the device stolen to their local police station. The authorities will likely ask the owner for the device’s serial number as proof of ownership. Since the user will not have the device, they can see it in the barcode of the original packing of on the receipt. You can also check here to find more information on how to check a particular device’s serial number.
Users are also advised to report the theft to their service provider who can disable the account to prevent phone calls, texts, and data use. Unfortunately, if Find My iPhone is not turned on before the device was stolen or lost, Apple has no other service that can help users or law enforcers locate the device.
How to setup passcode
As mentioned earlier, devices running iOS 8 with a passcode in place are safe from the prying eyes of the FBI.
To do this, go to Settings > Touch ID & Passcode. From there you will see options for where to use Touch ID; scroll down to Turn on Passcode and tap on it. You will then be asked for a six-digit passcode, but you can tap on Passcode Options to choose from Custom Alphanumeric Code, Custom Numeric Code, and a 4-Digit Numeric Code if you want a stronger or shorter passcode. After entering your chosen passcode, you will be asked to verify it by re-entering the passcode to complete the process.
For those still using older Apple devices that don’t run iOS 8 or later, Apple will not be able to protect you from the FBI. The newer iPhones, starting from iPhone 5s, have Secure Enclave protections implemented starting with the A7 chip. Secure Enclave provides cryptographic operations for data protection and uses encrypted memory and includes a random number generator. This setup allows for the data saved to the file system by the Secure Enclave be encrypted and not allow brute force to unlock the device.
Encryption apps
There are also apps available to help protect your phone from government snooping, such as Signal, which offers free, secure, end-to-end encrypted text messages, group chat, and calls.
Another app to consider is the paid app Silent Phone, which offers end-to-end encryption for communication and file transfer, as well as the option to choose how long messages will be available before being deleted on both ends.
For a tougher app, Confide utilized military-grade end-to-end encryption, with all messages going through Transport Layer Security (TLS) to thwart man-in-the-middle attacks. Messages also get deleted automatically after they have been read once, and screenshots are prevented — any attempts to do so will notify the sender.
It’s important to note that as these apps get updated with newer versions of iOS are released, there is little chance for these apps to run on iPhones running dated iOS.
For more encryption apps, check out SiliconANGLE’s Collen Kriel’s “8 apps to encrypt your iPhone data if FBI beats Apple“.
Photo by HonestReporting.com