Apple’s (AAPL) sudden removal of an entire category of privacy apps from its Chinese-market App Store should be upsetting news. But it shouldn’t be unexpected.
Something like this was bound to happen when a government that strictly controls its citizens’ access to information meets a smartphone vendor that strictly controls its users’ access to apps. And if Apple wants to continue to sell its devices to China’s citizens, it’s going to have to play by China’s rules.
What’s more, this probably won’t be the last time Apple finds itself in such a situation.
Why “VPN” matters—especially in China
The apps in question provide virtual-private-network services, which offer encrypted connections from a device to the rest of the internet, ensuring that your internet provider and any other third parties can’t see what websites you’ve visited.
VPNs remain something of a niche app in the U.S. A survey conducted last June found that only 13% of Americans understood a VPN’s ability to shield your privacy on open, public Wi-Fi networks.
Such apps can be tricky to set up, and require complete trust in the company running the service, as cybersecurity journalist Brian Krebs notes in this excellent essay: The VPN company will know every site you visit.
But in countries like China and Russia with a history of snooping on internet traffic, a VPN’s ability to encrypt your online traffic is essential to stop such routine government surveillance.
You may also need it strictly on functional grounds: Without using a VPN app during my recent visit to Shanghai for the CES Asia conference, I risked not being able to use Google (GOOG, GOOGL), Facebook (FB) and Twitter (TWTR), which are all routinely blocked in China.
Precedents in the U.S.
When the Chinese government demanded that Apple remove VPN apps that didn’t have newly mandatory government licenses from China’s version of the App Store, Beijing knew Apple could fulfill that directive and do so quickly.
“Apple removed us from the Chinese App Store without any warning,” explained Sunday Yokubaitis, president of the Austin-based VPN service Golden Frog. He forwarded a vague notice from Apple saying its VyprVPN app “included content that is illegal in China.”
But Apple has a history of exercising its control over the App Store — the only way everyday users can install programs on an iOS device, aside from small-scale app beta tests — suddenly and sometimes capriciously.
In just the first two years of the store’s existence, Apple used its authority to reject apps that let people look up swear words, read a text-only copy of the Kama Sutra and see an argument for single-payer health insurance. In the most egregious case, the company briefly tossed Pulitzer Prize-winning political cartoonist Mark Fiore’s app because it violated a rule against content that “ridicules public figures.”
The company has since tried to make the app-review process more predictable and transparent — for instance, you can read the review guidelines in comic-book form. But just months ago, Apple’s ban on “offensive, insensitive, upsetting” content apparently led it to evict a news app that lets you track U.S. drone strikes.
That’s a big reason why Apple fared so poorly in a recent survey of how well major tech companies protect digital rights.
Apple PR didn’t respond to a request for comment Monday morning, but in a statement sent to other news outlets it acknowledged that “We have been required to remove some VPN apps in China that do not meet the new regulations.”
A plan B in the PRC, but what about the next time?
Privacy-minded Chinese iOS users aren’t completely out of luck, however. Golden Frog’s Yokubaitis said that Chinese users who set a billing address outside the country can still download its apps, while others can follow manual-setup instructions to configure iOS’s built-in VPN support to use its service.
The same risk does not apply to Android users because Google doesn’t offer its Play Store at all in China. Consumers there can install apps off other stores — or they can disable a security setting and download apps directly from specific websites.
Both practices increase the odds of malware infecting an Android phone, but they also ensure there’s no app-procurement choke point for a government to control.
Apple has done a good job in standing up to the U.S. government’s appetite for information about its users: see its refusal last year to defeat an iPhone’s encryption to help out FBI investigators. But other governments don’t have the Constitution and the Bill of Rights to limit their reach into people’s lives.
And if Apple wants to do business in other countries — besides China, where it’s now trying to get slumping iPhone sales to rebound, there’s Russia, which just enacted a ban on VPN use that goes into effect Nov. 1 — it will find itself asked, nicely or not, to exercise its App Store control on those governments’ behalf.
Not only have we seen this movie before, I fear it will spawn many sequels.
More from Rob: