My new project: Tact, a simple chat app.

Which side are you on, Apple?

February 19, 2025

In about four months, Apple will have its annual WWDC event for developers. Some new technology and products will be announced. Some changes will be good, some will be meh. Apple will release new operating systems with some new features, and developers like me will whine about how they should slow down the pace and fix old bugs instead. It’s all predictable, and routine.

What are you most excited about? What is your biggest question? Is it the new products? Developer tools and APIs? Next steps in Apple Intelligence?

I am a developer in the Apple ecosystem, and this year, I do not care about any of that. At all. Seriously.

This year, I only have one question to Apple:

Which side are you on?

Is it your users and developers?

Or is it the United States federal government?

I ask because I predict that in 2025, the interests of these two groups will collide, and you will need to pick a side.

The Apple privacy story

Privacy. That’s Apple.

Apple has made privacy central in its offering, and claims that it protects user data better than some other big tech companies. It also makes sense business-wise, because Apple’s business is about selling devices and services, not user data.

As a security- and privacy-minded developer in the Apple ecosystem, I can assert that Apple so far has been serious about privacy, and it is reflected in the design and implementation in their technology. Much of the computation happens on the device side, not in the cloud. The data on devices is sandboxed, and apps can’t see each other’s data. iCloud and CloudKit are designed in a way where I as a developer literally do not have access to the user data. Users can opt in to Advanced Data Protection to get end-to-end encryption protection for both Apple and third-party developer app data. The cloud side of Apple Intelligence, Private Cloud Compute, is designed and built in a privacy-conscious way.

To me as a developer, this so far has been a consistent and trustworthy picture. I am building Tact, a messaging app based on Apple platform, which is sort of an experiment of building such an app only with Apple technologies, including on the cloud side. Tact stores its data in iCloud with CloudKit, and I say that it has the same level of privacy as Photos.

iCloud data privacy has so far been with a positive sign for me. In 2025, I am no longer certain of this.

The new political reality

US voters elected Donald Trump as their president in November 2024, which has changed many things about how the federal government operates. One thing we have seen that is relevant to this post, is how the DOGE team goes around US government institutions and collects data, often illegally. I don’t want to speculate on their goals, but the fact is that they are doing this.

I have no doubt that the new US federal government will try to collect data from private companies for political purposes. As a specific example, imagine that you are an iPhone app developer in the space of reproductive health, and you keep your user data in iCloud, because so far you have believed the Apple privacy story, as I have.

It’s not far fetched to imagine that the US government will walk up to Apple and demand data about the users of your app, including the data they have stored with your app.

How will Apple respond?

That is the point of this post. I don’t know. I would like to know.

Apple’s stance in this new political reality

To my knowledge, there haven’t yet been such cases of such conflict. But we have seen other ways of Apple trying to be on the good side of the current US federal government.

Tim Cook donated $1 million to Trump’s inauguration.

The case of Gulf of Mexico/America.

Apple starts advertising on X again. X and Elon Musk are just not a good site and a good person to be associated with.

There is also UK demanding access to Apple users’ encrypted data, including data that is protected with Advanced Data Protection. This is not related to US federal government, but it does illustrate that Apple is operating in an increasingly hostile political environment.

Apple complies with local laws. There is likely a different attitude to data that Apple has to Chinese users’ data in China. I don’t even know exactly, but there is probably less security and privacy there, and the government has more access to the data. Many of us haven’t paid attention, because “China is China”, and that’s just how it is there, while we have remained on the side of freedom, and the government not interfering with companies and user data in this way.

It’s possible that in 2025 the US law will change to compel private companies to furnish data to government for political purposes, or that the government will demand such things outside of law.

All these developments make me uncomfortable as a developer and custodian of my users’ data, and I have less reason to believe that in the face of the political reality of 2025, Apple’s privacy story will remain entirely true.

What’s Apple to do?

What could Apple do to make me as a developer comfortable?

General – give us reassurance about commitment to privacy. I don’t know what this would look like. Perhaps tell us specific stories about how Apple is committed to people’s privacy? At many Apple marketing events, there are now segments about how Apple Watch has saved people’s lives by letting them contact emergency services. Preserving people’s privacy is an equally noble goal, and there could be stories shared around that. It’s more controversial because it might be at odds with what the government wants, but who said this would be easy?

Specific and technical - make it easier to me as a third-party developer to understand how data protection in iCloud works, including Advanced Data Protection, and how sharing plays into this.

I have previously written this technical post about third-party CloudKit apps and data protection, which outlines some rough edges. It would be helpful if Apple provided security audits of CloudKit and ADP, were more clear about how sharing and ADP interact, and provided more tools for developers like me to provide assurances to our users, including assurance about end-to-end encryption.

iCloud data security overview has this paragraph about third-party app data, which I think has been added since I wrote that post. It answers the base technical question of what’s protected, but doesn’t address the parts about sharing and reassuring the users.

Third-party app data stored in iCloud is always encrypted in transit and on server. When you turn on Advanced Data Protection, third-party app data stored in iCloud Backup and CloudKit encrypted fields and assets are end-to-end encrypted.

Will Apple do any of these things? I think it’s unlikely and low on their priority list. I don’t actually expect to get anything out of WWDC this year in this area.

The shareholder view

Note that I left out one group in the list of conflicting parties above: the shareholders.

I think there are Apple shareholders on both sides, and probably more on the side that prefers compliance over privacy. Business means complying with law, and if the law (or environment of de facto law) changes, so be it.

Besides being a developer, I own some Apple stock, and will continue to own it, because it has been a good investment. I have no doubt that Apple will prioritize my interests as an investor over my interests as an Apple ecosystem developer. It’s just that up to this point, my interests as an investor and developer were largely aligned, and I think they will now align less.

Conclusion

There is no conclusion to this story today. The question remains open, and I’ll be looking for signals and evidence through the coming months and years, to inform my career and technology choices as an Apple platforms developer and user.

Which side are you on, Apple?