We use cookies and other tracking technologies to improve your browsing experience on our site, show personalized content and targeted ads, analyze site traffic, and understand where our audiences come from. To learn more or opt-out, read our Cookie Policy. Please also read our Privacy Notice and Terms of Use, which became effective December 20, 2019.
By choosing I Accept, you consent to our use of cookies and other tracking technologies.
Filed under:
The company has taken a strong stance on safeguarding its customersâ data â but some employees donât believe it protects theirs
Jacob Preston was sitting down with his manager during his first week at Apple when he was told, with little fanfare, that he needed to link his personal Apple ID and work account.
The request struck him as odd. Like anyone who owns an Apple product, Prestonâs Apple ID was intimately tied to his personal data â it connected his devices to the companyâs various services, including his iCloud backups. How could he be sure his personal messages and documents wouldnât land on his work laptop? Still, he was too giddy about his new job as a firmware engineer to care. He went ahead and linked the accounts.
Three years later, when Preston handed in his resignation, the choice came back to haunt him. His manager told him to return his work laptop, and â per Apple protocol â said he shouldnât wipe the computerâs hard drive. His initial worry had come to pass: his personal messages were on this work laptop, as were private documents concerning his taxes and a recent home loan. Preston pushed back, saying some of the files contained highly personal information and there was no reasonable way to make sure they were all removed from the laptop without wiping it completely.
He was told the policy wasnât negotiable.
Prestonâs story is part of a growing tension inside Apple, where some employees say the company isnât doing enough to protect their personal privacy and, at times, actively seeks to invade it for security reasons. Employees have been asked to install software builds on their phones to test out new features prior to launch â only to find the builds expose their personal messages. Others have found that when testing new products like Appleâs Face ID, images are recorded every time they open their phones. âIf they did this to a customer, people would lose their goddamn minds,â says Ashley Gjøvik, a senior engineering program manager.
Apple employees also canât use their work email addresses to sign up for iCloud accounts, so many use their personal accounts.
The blurring of personal and work accounts has resulted in some unusual situations, including Gjøvik allegedly being forced to hand compromising photos of herself to Apple lawyers when her team became involved in an unrelated legal dispute.
Underpinning all of this is a stringent employment agreement that gives Apple the right to conduct extensive employee surveillance, including âphysical, video, or electronic surveillanceâ as well as the ability to âsearch your workspace such as file cabinets, desks, and offices (even if locked), review phone records, or search any non-Apple property (such as backpacks, purses) on company premises.â
Apple also tells employees that they should have âno expectation of privacy when using your or someone elseâs personal devices for Apple business, when using Apple systems or networks, or when on Apple premisesâ (emphasis added).
Many employees have a choice between getting an Apple-owned phone or having the company pay for their phone plan. But one source tells The Verge that trying to maintain two phones can become impractical. In software engineering, certain employees are expected to participate in a âlive-onâ program that puts out daily builds with bug fixes. âYou canât have a successful live-on program without people treating these devices exactly the same as a personal phone,â the source says. âSo a work device or a work account just wonât cut it.â
None of these policies are unique. Tech companies almost always have rules in place to search employeesâ corporate devices, including personal devices used for work. Itâs also common practice for tech companies to ask employees to test new software, which could potentially expose personal information. But Apple sets itself apart from other tech giants through its commitment to consumer privacy. As Tim Cook said at the CPDP Computers, Privacy and Data Protection conference in January 2021, businesses built on buying and selling user data, without the knowledge or consent of consumers, â[degrade] our fundamental right to privacy first, and our social fabric by consequence.â The lack of employee privacy has made the perceived hypocrisy particularly irksome to some workers.
Now, as employees begin to push back against a variety of Apple norms and rules, these policies are coming under the spotlight, raising the question of whether the company has done enough to safeguard personal employee data. It might seem like a company obsessed with secrecy would be sympathetic to its employeesâ wishes to have confidential information of their own. But at Apple, secrecy requires the opposite: extensive knowledge, and control, over its workforce.
This is how it starts: a new Apple employee is told during onboarding that collaborating with their colleagues will require them to make extensive use of iCloud storage, and their manager offers a two terabyte upgrade. This will link their personal Apple ID to their work account â in fact, the instructions for accessing this upgrade explicitly say âyou must link your personal Apple ID with your AppleConnect work account.â The connection will give them access to collaborative apps like Pages and Numbers that they might need to do their jobs. (Apple employees who do not have a business need to collaborate do not go through this process.)
Employees could pause during onboarding and say they want to create a new Apple ID specifically for work or use a different phone. But most do not â it seems a little paranoid, and the Apple instructions say to go ahead and use your personal account. Whatâs more, most Apple devices donât support using multiple Apple IDs. To switch between iCloud accounts on an iPhone, you have to completely sign out of one ID and into another â a clunky, disruptive process. It is far easier culturally and technically to simply link personal and work accounts, which adds a new Apple Work folder to the employeeâs iCloud account.
In theory, this Apple Work folder is where all of the collaborative documents for employees are supposed to live in order to keep personal and work files separate. In practice, the owner of a document often forgets to store files in the work folder, and documents quickly become intermingled. In fact, when Apple employees create a document in, say, Pages, the app automatically enters the personal email address used for their Apple ID. âI asked my manager about it and itâs just sort of an issue everyone deals with,â Preston says.
Employees can choose to not sync certain folders, like their photo libraries. But others, like messages, can be trickier. Apple adopted Slack in 2019, but some teams still use iMessage as a primary way to communicate, which makes opting out of a message sync nearly impossible.
Over the past few weeks, employees have been discussing the difficulty of setting up different Apple IDs to keep work and personal files separate, noting that while itâs possible, there are significant technical hurdles. âI donât understand why they didnât create an Apple ID and iCloud account from our work email address during the onboarding process,â one employee said on Slack. âI get mad that I have to use my personal phone to text my Integrated,â said another.
Concerns about data privacy are not ubiquitous inside Apple. Many employees who spoke to The Verge said they were aware the company gave itself extensive rights to search their data, but â for various reasons â werenât overly worried about the fallout.
âWhen I joined Apple, I personally expected it to be pretty invasive and took some serious steps to separate my work and personal life,â one source says.
For other employees, however, the mixing of personal and work data has already had real consequences. In 2018, the engineering team Ashley Gjøvik worked on was involved in a lawsuit. The case had nothing to do with Gjøvik personally, but because sheâd worked on a project related to the litigation, Apple lawyers needed to collect documents from her phone and work computer.
Gjøvik asked the lawyers to confirm that they wouldnât need to access her personal messages. She says her team discouraged the use of two phones; she used the same one for work and personal and, as a result, had private messages on her work device.
A member of the legal team responded that while the lawyers did not need to access Gjøvikâs photos, they did not want her to delete any messages. During an in-person meeting, Gjøvik says she told the lawyers the messages included nude photos sheâd sent to a man she was dating â a sushi chef who lived in Hawaii. Surely, those werenât relevant to the lawsuit. Could she delete them? She says the lawyers told her no.
In 2017, Apple rolled out an app called Gobbler that would allow employees to test Face ID before it became available to customers. The process was routine â Apple often launched new features or apps on employeesâ phones, then collected data on how the technology was used to make sure it was ready for launch.
Gobbler was unique in that it was designed to test face unlock for iPhones and iPads. This meant that every time an employee picked up their phone, the device recorded a short video â hopefully of their face. They could then file âproblem reportsâ on Radar, Appleâs bug tracking system, and include the videos if they found a glitch in the system. âAll data that has your face in it is good data,â said an internal email about the project. After rumors of criticism, Apple eventually changed the codename to âGlimmer.â
Unlike other Apple features, Glimmer wasnât automatically installed on employee phones. It required an informed consent form so employees would know what they were getting into. Still, for some people on engineering teams, participation was encouraged â even expected, according to two staff members. Once it was installed, some data that didnât contain personally identifiable information would automatically upload to Radar, unless employees turned off this setting.
Apple was careful to instruct employees not to upload anything sensitive, confidential, or private. But it didnât tell people what was happening with the hundreds of images they didnât upload in Radar reports.
The reports themselves were also a cause for concern. When employees file Radar tickets, they include detailed information about the problems they are seeing. In 2019, Gjøvik filed a ticket about Appleâs photo search capabilities. âIf I search for âinfantâ in my photo library, it returns a selfie I took of myself in bed after laparoscopic surgery to treat my endometriosis,â she wrote, including four images in the ticket. The default sharing settings for the ticket included all of software engineering.
Radar tickets also are not removable. Even when the tickets are closed, they remain searchable. In training, employees say they are told: âRadar is forever.â
Whatâs more, when employees file Radar tickets, they are often asked to include diagnostic files, internally called âsysdiagnoseâ to give Apple more information about the problem. If they are filing a bug about iMessage, they might be asked to install a sysdiagnose profile that exposes their iMessages to the team tasked with fixing the issue. For employees using a live-on device, default settings can mean that, as they are filing a Radar ticket, a sysdiagnose profile is being automatically created in the background, sending data to Apple without the employee realizing it.
When sysdiagnose profiles are not included, employees have been known to post memes calling out the omission.
Gjøvik is currently on administrative leave from Apple due to an ongoing investigation into claims she made about harassment and a hostile work environment. If she leaves the company, sheâll likely face the same conundrum as Jacob Preston, related to the mixing of her personal and work files.
Employees likely wouldnât care too much about this were it not for another Apple rule that bars them from wiping their devices when they leave the company. If they do, theyâll be in direct violation of their employment agreement, leaving them vulnerable to legal action.
After Preston gave notice, he received a checklist from his manager that explicitly said: âDo not wipe or factory reset any Apple owned units (such as laptops, Mac, ipads, and iPhones).â
âBefore joining Apple I had a lot of respect for the company,â Preston says. âTheyâre the one tech company that takes privacy seriously. But then they go and have these policies that are hypocritical and go against their stated values. Itâs sort of hard to reconcile. Itâs like now that Iâm leaving, my privacy isnât a concern anymore.â
Apple did not respond to a request for comment from The Verge.
