Apple’s Clamping Down Even Harder on Its Supply Chain to Stop Leaks

We’ve already seen several indications that Apple is taking a much harder line approach to security in recent weeks, and now it looks like it’s cracking down on potential leaks with its supply chain.

Although product information has been leaking out of Apple in bits and pieces for years, it seems like the company has gotten fed up with it, especially as it pertains to more recent leaks of some of its bigger initiatives.

After all, leaking specs on the screens found in the next iPhone model is one thing, but leaking an entirely new product category like Apple’s upcoming AR headset is quite another.

In a high-profile case reported on earlier this month by AppleInsider, Apple has pegged a former employee, Simon Lancaster, as a major source of leaks to at least one major media publication. A lawsuit filed by Apple alleges Lancaster abused his position to steal trade secrets and then pass them to an outside media correspondent for personal gain.

While Apple naturally takes far more of a hard-line approach to actual industrial espionage, the Lancaster case is one of the few occasions we’ve seen Apple taking legal action against someone merely as a result of leaks to the media.

Still, the case may have seemed like an isolated incident were in not for the fact that Apple also appeared to have deliberately planted false information about a March 23 event in an effort to try to identify the weak links in its wall of secrecy. It’s unclear what, if anything, Apple will do with that information, but it does seem clear that it’s ramping up its efforts to try to tighten its grip.

Supply Chain Security

To be fair, when it comes to Apple leaks, employees like Lancaster are likely the exception, rather than the rule. While there are some details that can only come from sources inside Apple Park, like event dates and long-term product roadmaps, the vast majority of leaks that we see come from Apple’s supply chain partners.

After all, no matter how tight Apple’s security and secrecy is within its own employee ranks, at some point these products have to actually be built by somebody, and it’s much harder for Apple to keep a grip on the hundreds of thousands of employees that work at its manufacturing partners in places like China and Vietnam.

In fact, two years ago, we saw a report on just how challenging it is for Apple to keep secrets once a product has moved into the prototyping and manufacturing stages. With competitors, accessory makers, and social media leakers willing to pay big bucks, factory workers can earn up to a year’s salary simply by smuggling a physical iPhone casing out of the plant. This has led to all sorts of creative attempts to hide parts in everything from mop water to bras.

It’s been a cat-and-mouse game for Apple for years, especially since it’s very difficult to prosecute factory workers under Chinese law — especially since Apple would need to put those secrets on the public record, which of course it’s not about to do.

That doesn’t stop Apple from trying, however, and now a new report from The Information reveals that it’s made several interesting changes to its factory security guidelines, mostly with an aim toward sewing up the holes in its curtain of secrecy.

The Information cites an internal Apple document that it obtained detailing the changes, which include a prohibition against collecting biometric data from Apple employees, requiring criminal background checks on all workers, and clamping down on how long it takes for sensitive parts to move around within its factories.

For example, Apple will focus more on tracking individual components that it deems to be particularly sensitive, with a time estimate of how long it should take for those parts to travel from one area of a plant to another.

If a component takes “an unusually long time to get to its destination,” suggesting that a worker may have stopped to photograph it, then an internal security alarm must be triggered and a team sent to investigate the reason for the delay.

New requirements for checkpoints also require that all security guards “keep detailed logs of the movement of workers carrying sensitive parts from one area to another,” which can help to track theft should any components go missing.

In addition, all factory visitors are now required to show government IDs at all times, and videos that “show the destruction of prototypes and defective parts” must be retained for at least 180 days for auditing purposes. Security cameras are also now required to show transport vehicles from all possible angles.

All assembly line workers who are involved with unreleased Apple products will also now be required to pass a criminal background check. Those who are found to have criminal records will be denied access to any areas where unreleased Apple products are being developed or assembled. However, they can still be employed in other areas, including the assembly of already-known Apple products. Previously, senior staff and engineers were required to pass background checks, however line workers were not.

Not all of Apple’s new supplier security requirements are about addressing leaks, however. For instance, the timing of the movement of parts is also intended to keep suppliers honest by determining if they’re cutting corners during the fabrication and manufacturing processes.

Similarly, the ban on the capture of biometric data is strictly a privacy policy that has nothing at all to do with preventing leaks. The ban applies only to Apple’s own employees, some of whom have raised concerns about being required to submit to facial or fingerprint recognition scans by third-party suppliers.

According to The Information, Apple doesn’t even employ biometric access systems within its own secure facilities, preferring to use a simple key card and badge access instead.