Security, privacy, and supply chain issues for the Chinese army in your iPhone

Apple reportedly began shipping iPhones in May with flash memory chips, a critical data storage component, produced by Yangtze Memory Technologies (YMTC). The People’s Republic of China (PRC) owns the YMTC, cleverly directs about $200 billion in subsidies to it to avoid the WTO’s trip wires, and runs the entity with leaders sourced from the country’s military modernization efforts. YMTC’s partnership with Apple raises security, privacy, and supply chain concerns. Apple did not respond to a request for comment.


Electronic attacks that are enabled via semiconductors are not theoretical. Take the Supermicro case that has been confirmed by several US intelligence and security officials. The People’s Liberation Army (PLA), in coordination with a subcontractor in the People’s Republic of China, allegedly plugged a microchip into thousands of motherboards with the intent of creating remote remote access. The attack was reported to have affected at least 30 companies, including a major bank, Apple and Amazon Web Services. Apple later looted and replaced 7,000 servers, as a result of which Amazon terminated one of the suppliers of the People’s Republic of China.

Reliance on YMTC for chips means that they can be intentionally compromised during the design process. If they are inserted into a product with sufficient skill, it will be very difficult to detect these vulnerabilities during testing. It can be exploited months or years later to disable or steal data from a system containing the compromised chip. Such a scenario is detailed in PW Singer’s novel Ghost Fleet: A Novel of the Next World War, which describes the shutdown of US combat aircraft due to chips made from the People’s Republic of China. The Pentagon’s Trusted Integrated Circuit Strategy and Trusted Foundry Program are designed to ensure clean chips for defense, but there is no such program for consumer devices, which can also be hacked with catastrophic consequences or to install a bot as part of a bot attack on a larger system machine.

Apple has led innovation in System-on-a-chip (SoC), a value proposition it describes as security embedded in silicon, although a major vulnerability in this platform is the inability to isolate resources between trusted and untrusted proxies.


Apparently, Apple, the world’s richest company with the most valuable brand, cannot afford to jeopardize security by partnering with a Chinese military supplier and the possibility of hacked chips. On the contrary, with nearly a quarter of the smartphone market in the People’s Republic of China, Apple cannot afford it. The bottom line is that Apple has calculated that security takes a back seat to profitability. By working with the YMTC, the national hero of the People’s Republic of China, which aims to disrupt and displace US leadership in the field of semiconductors, Apple can put pressure on chip suppliers in democratic countries.

Apple may claim that YMTC chips won’t be installed in phones destined for the US market, but that’s hard to promise, let alone deliver. Almost all Apple products are made in China. An Apple trade association told regulators that the devices “…include hundreds of components – each with their own complex supply chains – sourced from around the world from trusted vendors and suppliers. Even network products assembled in the US by companies America is dependent on foreign input from its global partners.” Increased supply chain challenges and geopolitical uncertainty are likely to increase the likelihood that any iPhone will have a YMTC chip.

Apple is no stranger to following the People’s Republic of China’s line on human rights abuses such as censorship, surveillance or slave labor, the New York Times revealed in detail. In 2017, Apple launched a joint venture in the People’s Republic of China to build a data center in accordance with the country’s cybersecurity law, likely to enable government access to Apple customer data easily.


Apple has already built the preferred model for monitoring and censorship in the People’s Republic of China, and it is deployed to 230 million users of the People’s Republic of China. Expanding these systems to other countries is not necessarily difficult from a technical perspective.

The rule of law is the mainstay for such practices, at least in the US and EU, although Apple has an army of lawyers and lobbyists to challenge the barriers. Keep in mind that national security experts have called for the YMTC to be added to the Bureau of Industry and Security (BIS) entity list. for years With proven to be an end military user, this fell on deaf ears. In fact, US semiconductor tool makers have enjoyed record profits by supplying YMTC chip-making tools.

Memory chips are called the “bottom line” for the semiconductor market, but they still allow Apple ID data to be stored, relevant and sensitive customer information from iCloud, the App Store, and other Apple online stores, iMessage, and FaceTime.


It is hard to see how the People’s Republic of China would not benefit from partnering with the YMTC for geopolitical advantage. The option for Apple to work with the YMTC was supposed to be deleted years ago. Apple claims to be a pro-US company, but when a fifth of its revenue comes from the People’s Republic of China, its patriotism goes too far. Senator Marco Rubio (R-FL) has stormed the CEO of Apple for its hypocrisy. He wrote, “No consumer in the United States should be made complicit in the evils of the People’s Liberation Army just because they own an iPhone.” Since end users cannot control the chips that go into their iPhones, policy makers must step in to ensure security.

While Apple lowers the security rating of Americans and Europeans using PRC chips, new BIS agent, Alan Estevez, can escalate it by adding YMTC to the entity list.