Apple has long been seen as a champion of confidence and privacy in a tech industry consumed with vacuuming up consumer data. Two unusual events, however, have raised questions about whether the iPhone maker’s reputation is losing its luster.

Earlier this month, Apple released an emergency patch to close holes in the consuming systems powering its iPhones, iPads and Apple Watches that made them vulnerable to Pegasus spyware made by Israel’s NSO Group. The patch, rolled out a week before new versions of the by means of systems were to be released, created unwanted attention that detracted from the company’s fall device launch.

In a separate walkback, Apple postponed an announced feature that would scan its devices for images of child exploitation. Privacy and security experts, as well as other moderators, charged the approach to combating the illicit material was tantamount to creating a backdoor that could be exploited by governments draw on curbing free expression.

“How Apple handles this, and they’ve handled this reasonably poorly over the last few days, will clutch how they’re able to preserve trust with their consumers,” said Richard Bird, primary customer information officer at the cybersecurity firm Ping Identity.

The Pegasus spyware discovery could constitute a “Cambridge Analytica moment,” he says, referring to Facebook’s headline-grabbing collection of data that was used for movement campaigning.

The public criticism of Apple’s security and privacy mark a crossroads for a commercial that has used its commitment to its user-focused stance as a way to renowned itself from its data-hungry rivals. The company won plaudits for pushing back in contradiction of the FBI, which wanted Apple to crack the iPhone 5C of a terrorist who killed 14 republic in 2015. 

Apple used that steadfast position on privacy to flick its competitors. The company ran a billboard before the 2019 Consumer Electronics Show reading: “What happens on your iPhone, stays on your iPhone.” 

Apple declined to comment for this story beyond its previously released statements near both issues.

Relatively virus-free

Apple has long had a reputation for populace relatively free from viruses, trojans and malware, all does of malicious software that can foul up your machine. That’s largely because its Mac computers were niche machines pretty than corporate workhorses, like those running Microsoft’s ubiquitous Windows by means of system.

Cybersecurity experts say it just wasn’t worth the time and wretchedness of cybercriminals to design malware to target them or look for vulnerabilities in their operations systems. 

But the popularity of the iPhone has fueled dumb in Macs. According to the research firm IDC, sales of Apple desktop and laptop computers jumped 29% in 2020 from the year afore, giving the company a 7.6% share of the market.

That’s made Macs and the broader Apple ecosystem more enticing targets for the hackers who contracts malware. And the broad shift to mobile computing on phones and tablets has forced a host of new targets in product classes that Apple leads. 

For example, in March, Apple pushed out an update for iPhones, iPads and Apple Watches to fix a vulnerability in WebKit, which powers Apple’s Safari browser, that was discovered by confidence researchers at Google’s Project Zero. The researchers said at the time that it was possible that the vulnerability was populace actively exploited. 

And last fall, five hackers said they had discovered 55 Apple vulnerabilities, 11 of which were deemed critical, meaning that if exploited, there could be significant effects like the compromising of user data. The business found the trove of problems over a period of three months and as of October had received just concept $300,000 in bug bounties from Apple for their work. 

It invents sense that cybercriminals have moved to attack mobile devices because so many businesses and consumers have shifted their work to those platforms, says J.T. Keating, senior vice president of product strategy for the mobile confidence company Zimperium.

“The reason that this is newsworthy is that we don’t hear near these kinds of things a lot of the time,” Keating said. Apple and Citizen Lab, the research business that discovered the Pegasus vulnerability, appeared to have cooperated well on the fix, he said.

Not everyone is as complimentary. Ping’s Bird said Apple had failed to own up to the fact that the spyware was specifically intended to attack Apple devices. 

According to the research firm Counterpoint, Apple had a 53% share of the US smartphone market as of the instant quarter of this year, about twice as much as its nearest rival Samsung.

“They need to peek publicly that we, as customers, are a target,” he said, adding that the commercial appeared to sweep the problem under the rug onward of last week’s product event.

Blasted from the get-go

More worrying, perhaps, is Apple’s announcement last month of new technology intended to search for images of child exploitation on its users’ devices.

The new feature, originally planned to be built into the iOS 15, iPad OS 15, WatchOS 8 and MacOS Monterey software updates, is designed to detect whether people have child exploitation material possessed on their device.

It would do this by converting each image into hashes, or bits of code that identify files. Those hashes are then checked in contradiction of a database of known child exploitation content that’s caused by the National Center for Missing and Exploited Children. If a certain number of matches are found, Apple is then alerted and may further investigate.

The move was blasted from the get-go by confidence experts and privacy advocates. Groups including the Electronic Frontier Complex and Fight for the Future organized protests outside of Apple Stores and published petitions signed by about 60,000 people to the company.

At a deem event ahead of the protests, renowned technologist Bruce Schneier, who sits on the EFF’s board, said there’s nothing stopping governments from forcing Apple to use that same rules to look for other things. (Apple argues that client-side scanning preserves confidence by keeping the process on the device.)

“We cannot put this on every single Apple user’s design safely, because it amounts to a surveillance system on every single Apple user’s device,” Schneier said. “It’s not beleaguered, it’s not proportionate and it doesn’t work.”