At its Worldwide Developers Conference on June 10, Apple announced a late but major move into AI with “Apple Intelligence,” confirming months-long rumors that it would partner with OpenAI to bring ChatGPT to iPhones.
Elon Musk, one of the cofounders of OpenAI, was quick to respond on X, branding ChatGPT-powered Apple AI tools “creepy spyware” and an “unacceptable security violation.”
“If Apple integrates OpenAI at the OS level, then Apple devices will be banned at my companies,” Musk wrote.
But at a time when the privacy of AI is under the spotlight, the iPhone maker says Apple Intelligence offers a new way of protecting people’s data, with the firm working out which core tasks can be processed on the device.
For more complex requests, Apple has developed a cloud-based system called Private Cloud Compute (PCC) running on its own silicon servers, which the company says is an innovative new way to protect privacy in the nascent AI age.
Apple senior vice president of software engineering Craig Federighi calls its strategy “a brand-new standard for privacy in AI.” Are Apple’s claims valid, and how does the iPhone maker’s strategy compare to “hybrid AI” offerings available on devices including Samsung’s Galaxy range?
AI, Meet E2E
With PCC, Apple has designed “a new end-to-end AI architecture” and “a private cloud enclave extension of a user's iPhone,” allowing more control over data, says Zak Doffman, CEO of Digital Barriers, which specializes in real-time surveillance video storage and analysis.
In practice, this means Apple can mask the origin of AI prompts and prevent anyone, including the iPhone maker itself, from accessing your data. “In theory, this is as close to end-to-end encryption for cloud AI as you can get,” Doffman says.
Apple has put together a “pretty impressive privacy system” for its AI, says Bruce Schneier, chief of security architecture at Inrupt. “Their goal is for AI use—even in their cloud—to be no less secure than the phone's security. There are a lot of moving parts to it, but I think they've done pretty well.”
And so far, there’s nothing else quite like it. “Hybrid AI” used on Samsung Galaxy devices running Google Android and Google’s Nano range sees some AI processes handled locally, leveraging cloud when necessary to enable more advanced capabilities.
The idea is to provide as much privacy as possible while offering powerful AI functionality, says Camden Woollven, group head of AI at GRC International Group, an IT governance firm. “This means you could potentially see some pretty sophisticated AI, even on midrange smartphones.”
But this type of hybrid AI processing still may pose risks because some data is sent to cloud servers without the levels of accountability that Apple offers with its PCC. “With hybrid AI, some data must leave the device and be processed elsewhere, making it more susceptible to interception or misuse,” says Riccardo Ocleppo, founder and director of Open Institute of Technology, which provides technology-focused courses.
Yet Google and its hardware partners argue privacy and security are a major focus of the Android AI approach. VP Justin Choi, head of the security team, mobile eXperience business at Samsung Electronics, says its hybrid AI offers users “control over their data and uncompromising privacy.”
Choi describes how features processed in the cloud are protected by servers governed by strict policies. “Our on-device AI features provide another element of security by performing tasks locally on the device with no reliance on cloud servers, neither storing data on the device nor uploading it to the cloud,” Choi says.
Google says its data centers are designed with robust security measures, including physical security, access controls, and data encryption. When processing AI requests in the cloud, the company says, data stays within secure Google data center architecture and the firm is not sending your information to third parties.
Meanwhile, Galaxy’s AI engines are not trained with user data from on-device features, says Choi. Samsung “clearly indicates” which AI functions run on the device with its Galaxy AI symbol, and the smartphone maker adds a watermark to show when content has used generative AI.
The firm has also introduced a new security and privacy option called Advanced Intelligence settings to give users the choice to disable cloud-based AI capabilities.
Google says it “has a long history of protecting user data privacy,” adding that this applies to its AI features powered on-device and in the cloud. “We utilize on-device models, where data never leaves the phone, for sensitive cases such as screening phone calls,” Suzanne Frey, vice president of product trust at Google, tells WIRED.
Frey describes how Google products rely on its cloud-based models, which she says ensures “consumer's information, like sensitive information that you want to summarize, is never sent to a third party for processing.”
“We’ve remained committed to building AI-powered features that people can trust because they are secure by default and private by design, and most importantly, follow Google’s responsible AI principles that were first to be championed in the industry,” Frey says.
Apple Changes the Conversation
Rather than simply matching the “hybrid” approach to data processing, experts say Apple’s AI strategy has changed the nature of the conversation. “Everyone expected this on-device, privacy-first push, but what Apple actually did was say, it doesn’t matter what you do in AI—or where—it’s how you do it,” Doffman says. He thinks this “will likely define best practice across the smartphone AI space.”
Even so, Apple hasn’t won the AI privacy battle just yet: The deal with OpenAI—which sees Apple uncharacteristically opening up its iOS ecosystem to an outside vendor—could put a dent in its privacy claims.
Apple refutes Musk’s claims that the OpenAI partnership compromises iPhone security, with “privacy protections built in for users who access ChatGPT.” The company says you will be asked permission before your query is shared with ChatGPT, while IP addresses are obscured and OpenAI will not store requests—but ChatGPT’s data use policies still apply.
Partnering with another company is a “strange move” for Apple, but the decision “would not have been taken lightly,” says Jake Moore, global cybersecurity adviser at security firm ESET. While the exact privacy implications are not yet clear, he concedes that “some personal data may be collected on both sides and potentially analyzed by OpenAI.”
This means for some data, “you're stuck with OpenAI's rules,” says Schneier. “Apple strips identifying information when sending OpenAI the queries, but there's a lot of identifying information in many queries.”
The collaboration between Apple and OpenAI has the potential to “totally reshape accountability across the AI landscape,” says Andy Pardoe, a professor of artificial intelligence and founder of tech consultancy Wisdom Works Group. “Partnerships like this distribute liability across multiple different entities, impacting how responsibility is assigned for the successes and potential failures within their interconnected systems.”
There are also security risks to be considered as AI technology is integrated into tech giants’ operating systems. While Apple Intelligence is an impressive feat in theory at least, the firm’s AI tools also create “a huge attack surface that's never before seen the light of day,” Doffman says. “It takes a raft of different security innovations and combines them in a new offering for a new purpose, so if it works, it's a game changer. But there will be issues when it goes live that Apple will need to manage.”
It is for this reason that Apple and Google are encouraging security researchers to find holes in their AI solutions. Google’s Secure AI Framework sees security outfit Mandiant test the defenses of AI models.
An Apple spokesperson provided links to its PCC security paper and the model paper detailing its “responsible” approach to AI development. Apple did not have an on-the-record response to WIRED’s follow-up questions regarding privacy concerns related to its OpenAI partnership or potential security risks.
Apple is using a model it calls “verifiable transparency” for PCC. “We want to ensure that security and privacy researchers can inspect Private Cloud Compute software, verify its functionality and help identify issues—just like they can with Apple devices,” Apple said in a blog post introducing PCC. To allow this, Apple is making software images of every production build of PCC publicly available for security researchers.
Apple Intelligence will be integrated into its soon-to-launch iOS 18 software update alongside ChatGPT, with the full suite of features coming to the iPhone 16 this fall. You will be able to switch it off, but if you want to use AI features on any device, it is wise to consider the privacy and security implications.
When choosing between iOS and Android AI specifically, it comes down to who you trust. Pardoe recommends evaluating the operating systems’ overall trade-offs in terms of privacy features, data-handling practices, and transparency. That said, as Pardoe points out, “Apple's strong privacy focus remains a key highlight for users who prioritize data security above all else.”