Skip to main content

Opinion: Should Apple be more aggressive in its defensive PR to correct misleading allegations?

When the celebrity nudes story broke back in 2014, it was headline news in the mainstream media. The story was that ‘iCloud had been hacked.’ The truth, of course, was a little different. As we suspected at the time, and Apple later confirmed, the ‘hack’ wasn’t really any such thing. A combination of two techniques were used to gain access to the iCloud accounts.

First, phishing: sending emails designed to look like they were from Apple asking the celebrities to login to their accounts, and directing them to a fake website made to look like the real thing. Second, guessing the answers to security questions – something easier to do with celebrities given the amount of biographical information available in the public domain.

That’s not to say Apple was entirely blameless. iCloud did not, at the time, offer two-factor authentication. Given that an iCloud backup is a near-complete copy of all the data stored on an iPhone, that was something which should have been included from the start. But the bottom-line is that iCloud itself wasn’t really hacked in any meaningful sense of the word.

It was this week confirmed that phishing was the approach taken by the main offender in this case. In other words, nothing whatsoever to do with iCloud security. This news hasn’t resulted in a single headline in the mainstream media. The average non-tech person out there still believes ‘iCloud was hacked’ …

This isn’t just a theory on my part. I have non-tech friends who, when teasing me about my addiction to all things Apple (well, almost all things), still refer to the supposed hack even now.

Had the case been contested in court, it’s possible that it would have once more made the headlines, and that would have provided an opportunity for people to learn the truth. But because the person responsible has pleaded guilty and signed a plea agreement, it’s gone mostly unnoticed by the mainstream press.

That strikes me as something Apple ought to address. There are many millions of people out there who, to this day, believe that iCloud was hacked. That someone was able to break through Apple’s security and go rifling through as many accounts as they wanted. That’s a belief which damages Apple’s reputation, and were I Tim Cook, I’d be pretty keen to set the record straight with some high-profile interviews.

Cook would have no difficulty getting those opportunities. Especially right now, when iPhone security is headline news for other reasons.

The so-called Bendgate was another example where Apple did surprisingly little to respond to frankly silly allegations that got a lot of play in the mainstream media. Again, to this day there are plenty of people convinced that iPhones are weaker than competitor phones.

The reality, of course, is that Bendgate was mostly stupid. The ‘revelation’ was that if you apply a ridiculous amount of pressure to a large, thin gadget made from aluminum, it will bend.

Again, Apple was not entirely blameless. There did appear to be a specific weakness in the iPhone 6 Plus chassis where, if you happened to apply pressure at just the right (or wrong) point, it would bend more easily than otherwise. But something that was affecting tiny numbers of people, and which mostly applied to every competitor device out there, got massively blown out of proportion.

Apple did respond, but very quietly. It could have lined up a whole bunch of competitor devices and conducted public bend tests right on its front lawn, and it would have had TV cameras three deep. No-one would have been left in any doubt about the reality. But it didn’t.

I can understand a quiet response when something hasn’t really got much traction. Responding in such cases can do more harm than good, by drawing more attention to the issue than it had gotten beforehand. A variation on the Streisand Effect. But both Bendgate and the celebrity nudes stories were already in the headlines. By that point, correcting the misapprehensions could only have helped.

Perhaps Apple prefers to maintain a dignified silence, quietly stating the facts but not making any fuss. I can understand that as a philosophy, and it’s very much in keeping with what we see of Cook’s personality.

But there’s a second reason I think Apple should do much more in response to the celebrity nudes case: it would draw widespread attention to phishing attacks. It’s an opportunity to educate the non-tech public about a growing danger.

Sure, many phishing emails are still pathetic, with poor grammar and mis-spelled words, but I’ve seen some pretty convincing examples. Emails that closely replicate the format of genuine emails from Apple and other large companies, which contain stolen graphics and small-print and which display genuine URLs. They often lead to some very close copies of Apple’s own website, complete with header links to the real thing.

Now, you and I know that the displayed URL means nothing – it’s what shows up when you hover over it that matters. We also know other clues to check, such as being addressed by name and so on. And we know that the safest course is always to ignore the link altogether and login from our own bookmarks.

But many non-techies don’t know those things, and it’s not just Hollywood celebrities who have been taken in by convincing-looking phishing emails. Plenty of ordinary people have too. A high-profile response by Apple would serve the greater good of public education as well as undoing the damage to the company’s own reputation.

What’s your view? Is Apple right to adopt the dignified silence approach, or should it do more to defend its reputation against misleading claims? And in the specific case of the celebrity nudes case, should it consider the wider benefits of educating the public about the dangers of phishing? As ever, take our poll and share your thoughts in the comments.

Images: Massima Bianchi; ExtremeTech; Consumer Watchdog

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. jwestveer - 8 years ago

    Should Apple do more to protect your freedom and privacy? Actually it is embarrassing the the US Government is not doing more to protect our freedoms and privacy.

  2. Scott (@ScooterComputer) - 8 years ago

    First things first: Bendgate WAS a thing. The 6 chassis was poorly designed from a mechanical engineering perspective. Any 3rd year structural engineer can explain why. The “myth” that it only affected small numbers of people WAS propagation of Apple’s PR juggernaut. I’ve personally seen more than 9 iPhone 6’s with warped chassises. Warped–but not bent, to the point of broken, like in the videos. The “bend” was just the issue taken to the extreme. The solution, what Bendgate ultimately communicated, was don’t put your iPhone in your pocket and sit on it. Further, the testing that was done, that Apple did, was structurally wrong. I (and others) attempted to explain why, but nobody (9to5 included) cared. Given that Apple certainly has engineers as smart as I, that they chose to hype (there’s that PR again!) such a misleading stress test means they WERE being “aggressive”, just not in the way you’ve suggested (being honest). That the iPhone 6s design saw a change around the structural element (the pivot point caused by the volume button retention plate screw-down) proves Apple “fixed” a problem. If Bendgate was NOT a thing, Apple should have rested on their initial design, because it was fine, right??

    To The Fappening, Apple didn’t WANT to be any more aggressive on PR because ultimately there WERE significant flaws that were Apple’s FAULT in the security paradigm around iCloud. Security researchers like Jonathan Zdziarski had been screaming about them well prior. Apple, stupidly, stuck to their iOS dev cycle to fix them, and therefore it took YEARS to get done right. That’s not how GOOD SECURITY ENGINEERING is done. The most egregious of the flaws was the complete (obviously, because it happened) failure to anticipate account access by 3rd parties and respond accordingly. That’s a Security 101 Engineering Fail. Apple played too fast and loose, and it Fappened. Again, that security researchers were talking about it just proves Apple also knew; they were playing with fire and they got burnt. Certainly MORE PR would have only served to spotlight their failure more. It is significant to see how Apple did communicate: the company “officially” minimized the issue and was as-typical quite short on details, to the point of being deceptive. (Again, JZdziarski has great write-ups at his blog about the time-line and Apple’s pensiveness on the issues.) It wouldn’t have taken 2FA for Apple to have sent emails merely COMMUNICATING that backup restores had been accessed; they didn’t even do that. Beyond that, Apple STILL hasn’t taken some basic steps that they should: for instance, why aren’t AppleID-related emails cryptographically signed by Apple and treated specially by Apple’s mail clients?? Being phished on an Apple platform for an Apple service just should NOT be a thing.

    Which brings us back to now…I really don’t care if Apple wants to PR aggressively or not. What I DO care about is that Apple is a) HONEST when it speaks and b) that it is actually walking the walk it talks. Too often since Steve Jobs returned they’ve been shown to not have done either. That just isn’t acceptable. And just because the Apple press isn’t subject-matter savvy enough to catch them on it (or, worse, subject-matter stupid enough to play gotcha on other, dumb/wrong issues), doesn’t make it okay. Both of these issues are cases where knowledgeable sources were available and could explain better than what got done, but simply the “stupid” press didn’t do the job of elevating those voices; instead we got hysteria, inaccurate information, innuendo, propaganda, and a war between fanboy tribes. Specifically, your continuing to claim that Bendgate was a “myth” when Apple clearly responded with a physical design change to remedy the issue, shows that the incorrect narratives are pervasive. A “myth” requires NO CHANGE, because by definition IT DID NOT EXIST. (“Myth”, look it up.) There is no way Apple didn’t play a part in propagating these narratives, and I’d call THAT “aggressive”.

    • rnc - 8 years ago

      “First things first: Bendgate WAS a thing.”

      No, it wasn’t. It bent like MANY, MANY phones out there, was even stronger. While those phones never draw ANY criticism from anyone!

  3. John Smith - 8 years ago

    ‘Bendgate’ wasn’t a false allegation – the phones bent, Apple beefed up subsequent models.

    ‘Celebgate’ wasn’t a false allegation – the photos and personal information really did leak, Apple subsequently tightened up logins (2SA, eliminated the flakey security questions if 2SA is selected, controlled multiple attempts on all logins).

    The biggest and most serious allegation – that Apple deliberately obstructs law enforcement – is also true.

    • Ben Lovejoy - 8 years ago

      Bendgate was slightly real, just massively overblown. What happened with celebgate was real, but the mechanism wasn’t what the mainstream media implied.

      • John Smith - 8 years ago

        Agreed – bendgate was blown out of proportion, more media articles than actual bent phones.

  4. bdkennedy1 - 8 years ago

    I’ve learned over the years that sometimes silence magically makes things go away.

  5. blockbusterbuzz - 8 years ago

    Apple should be more aggressive with a lot of things. OSX Development, Apple Watch, Beats… The list goes on!

  6. Smigit - 8 years ago

    I don’t think they necessarily should unless they are 100% confident in their assertions. They came out publicly about antenna gate pretty strong and I’d say that was by and large a bit of a PR misfire…Steve Jobs email response to one customer to this day gets quoted. I’m fairly confident had Jobs not fired off that email then the issue wouldn’t have escalated and seen the press it did.

    Similarly bendgate etc did make the news, but only relatively briefly. If Apple makes a song and dance about it but then the issue gets more coverage and people aren’t necessarily going to take Apples word for it. Apple could show competitors phones bending too, but that doesn’t necessarily ease concerns of Apples customers who own an iPhone who are also being told their device can bend.

    As for the celebrity nude scandal…perhaps in the future they could respond but Apple was caught wrong footed there. Their implementation of Two Step authentication only asked for that second step in relatively uncommon situations, so while the issue was with social engineering, Apples Platform wasn’t great. If I’m honest I find it a bit frustrating that the staged rollout of two factor authentication is being staged and therefore is still not available to me…I’m stuck on the older two step method. Until they complete that rollout of their improved two factor authentication I don’t think they can really use that as a defense.

    As for the fact phishing was used in the attack and hasn’t been heavily reported on this week…well I’m pretty sure we knew that was the case back when it first happened and it was reported then.

    • Ben Lovejoy - 8 years ago

      We did, but the mainstream press didn’t. Agree about antennagate, but that was the reality distortion field at work. :-)

  7. yojimbo007 - 8 years ago

    Apple PR should take control of the Narrative out there.

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear