#privacy: Apple hits back at Google for sparing the facts about iPhone device hack

After last week’s revelations about Google describing a cyber-attack of unprecedented scale on iPhone users, Apple has hit back against what it feels is an act of reputational sabotage. 

Apple has sought to put the record straight, underlining how Google’s characterisation of the incident amounts to an attack on all Apple device users.

In a statement, the iPhone creator said:

“Google published a blog about vulnerabilities that Apple fixed for iOS users in February. We’ve heard from customers who were concerned by some of the claims, and we want to make sure all of our customers have the facts.

The tech giant had a bee in its bonnet about Google’s failure – possibly down to a desire to protect business interests in China – to underline how the attack primarily targeted the Uighur community, a Turkish ethnic group originating from and culturally affiliated with Central and East Asia.

“First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones “en masse” as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community. Regardless of the scale of the attack, we take the safety and security of all users extremely seriously,” the statement read.

“Google’s post, issued six months after iOS patches were released, creates the false impression of “mass exploitation” to “monitor the private activities of entire populations in real time,” stoking fear among all iPhone users that their devices had been compromised. This was never the case,” it continued.

Apple’s argument is supported by an independent study by cyber-security firm, Volexity, which said that the Uighurs had been the target, and describing 11 websites that had been involved in the hacking campaign. Volexity also said that Google’s Android system had also been targeted – another element that failed to make the final cut of Google’s initial report.

Google maintains it was unaware that Android had been impacted too, but understands how its inaccurate report doesn’t look great. Tim Willis, a researcher at Google, tweeted that he had only seen “iOS exploitation on these sites when TAG found them back in Jan 2019 (and yes, they looked for everything else as well)”.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.