Apple has incorporated differential privacy in all of their products so yea they get to publicize it more.
I think their principled stand in the US is somewhat diminished because they take no risks from it, it comes mostly with free marketing differentiation. But when the rubber hits the road and they face a choice between selling a compromised product based on government demands or deciding to refuse, they bow down.
What does that say about what would happen if one day they develop a multibillion dollar revenue stream for profiling say, app installs and store behavior. Would they be able to resist that if their stock is otherwise sagging because the market demands the new revenue stream?
To me, Tim Cooks statements on commitment to privacy are hypocritical and contradicted by legitimizing and even failing to criticize openly the actions of Beijing.
Some people will say "but he has to follow local laws". IMHO, "just following orders" is too often an excuse for enabling evil behavior. If you are stately that you are strongly principled about issue X, and then decide you're going to go to Region Y where it is well known they don't respect X and with high probability will compel you to act against X, then you don't get to make the excuse you have no choice but to jettison your principled stand on X while in Region Y. You could also just decide not to sell in Region Y so as not to be subject to compulsion against your principles.
This whole episode makes their stance look like a marketing campaign. It's easy to say "I don't do X" if not doing X doesn't cause you to lose any money from your existing business. Hey, my work doesn't make weapons that bomb people. We're taking a principled stand and pledge not to include any feature that could be used for bombs. Very brave. But then one day, a government contract forces you to sell something to a bomb maker, and suddenly you're like "I have no choice. They won't buy my coffee makers unless I sell them this timer that can be used to make bomb triggers."
I don’t expect them to break laws. And I don’t expect them to pull out of entire countries, let alone the most populous one on earth.
It's unlikely any online service they can come up with from data will come close to their iPhone business, so it would mostly be a cost and distraction and a risk. That's why I say, investing in differential privacy or running photo recognition on device is a much smaller effort than scaling out a billion user service.
That's not to say what they're doing is bad, but I don't think it's a brave stand, and I don't buy it as a principled stand, because of the complete silence on China, not just obeying the government actions, but not even verbally protesting them -- even in Western media.
In the US, Apple, if compelled by an FBI warrant to hand over data, would do it, but would publicly resist and complain about it. Not only does Apple comply with Chinese demands, they don't even dare criticize the Chinese government or resist in any way. This to me is selling your soul for marketshare.
And Tim Cook's appearance at the Wuzhen conference extolling China's "open" internet just made him look like a tool.
That's the most important bit when it comes to trust them on privacy. They don't have a major incentive to exploit user data.
Corporate responsibility is not about good and bad people, it is about incentives. You can pick from any number of stories to learn the lesson from: Enron, Wells Fargo, etc.
If you are not in a customer relationship with Google and they provide you a free service, you must simply assume you are the product they are developing. It’s not because they’re evil and Apple is good; it’s because both have a fiduciary duty to their shareholders, and Apple can increase your value to them by offering you value in return. Google cannot seem to find a way to do so at the scale their business already exists.
In the absence of evidence in either direction, assume rational actors.
It's hard to know for sure what they (or any company) are doing in production, but I'd be surprised if they don't use these things internally.
I would love to see them take it further by reducing the amount of "trust" required, such as more open sourcing and support for open source OSes (like Linux). They have definitely improved from "closed end to end" of Steve Jobs, but they could do even better.