Would You like a feature Interview?
All Interviews are 100% FREE of Charge
Apple has long touted privacy as a major advantage over rivals like Google and Microsoft. Instead of relying on cloud processing to enhance and organize images, which requires sending your photos to Google’s servers, Apple handles those tasks directly on the device. But with the introduction of Apple Intelligence, its artificial intelligence mindset, the company is stepping outside of its comfortable territory with “private cloud computing.” It has “private” in the name, so it has to be secure. right?
While Apple AI runs some models locally, more complex requests may require sending data to Apple’s servers. So how does the company reconcile this with its traditional security posture?
According to Craig Federighi, Apple’s SVP of software engineering, the company is being very careful about how it sends user data to its servers. “We put a lot of trust in the cloud, but with private cloud computing, the risk is even higher,” he said during a conversation with Apple’s AI head John Giannandrea and YouTube influencer iJustine at WWDC 2024.
During the WWDC keynote, Federighi showed how Apple AI could help him reschedule a meeting or determine whether he could attend his daughter’s dance recital – it could also determine who she really was, where the event was located, and the estimated travel time from the meeting.
Federighi said that Apple does not send all of users’ data to the cloud, but only uploads the most important information relevant to Apple AI queries. Moreover, server requests are anonymous because they use the same IP masking technology as iCloud Private Relay. Federighi also pointed out that Apple’s cloud servers have no persistent storage and no ability to store logs.
To further secure the company, Federighi said, the private cloud computing servers run software from publicly available images that can be audited by security researchers. Apple Intelligence devices can only communicate with servers running approved images. If there are changes to the server, the local device must also update so it can see the changes.
The process may be a bit restrictive, but that’s exactly the point: Federighi calls it a “step up” in the level of trust in server computing. “It’s critical to know that neither Apple nor anyone else has access to the information used to process your request,” he said.