Studies indicate that Apple’s mobile devices face fewer serious cyber-security threats than Android-powered equivalents. So when Google revealed that hackers were using booby-trapped websites to exploit previously unidentified flaws in iOS, potentially affecting “thousands of visitors per week”, it was big news. For days there was speculation about who might have been exposed. Apple eventually released a statement saying it believed that fewer than a dozen websites focused on “content related to the Uighur community” had been affected. Many took this to suggest that the Chinese state was involved. However, Apple did not explicitly draw this conclusion itself, which was unsurprising given its ties to the country. This was not Apple’s only Uighur-related controversy this year. The campaign group Sum of Us has repeatedly claimed that the firm’s willingness to comply with a Chinese ban on virtual private network VPN apps has made it harder for civil rights defenders to safely discuss claims of abuses against the ethnic minority. The organisation now plans to raise the matter at Apple’s next annual shareholders’ meeting.