The combination of mobile broadband and Wi-Fi in the iPhone has long been one of its selling points, and seamless data roaming between cell and Wi-Fi, location discovery, and free access to Wi-Fi networks operated by cellular carriers in some countries make Wi-Fi seem essential. Not so in China. The iPhone model for sale by China Unicom lacks Wi-Fi. This was widely rumored months before the deal was in place for China Unicom to offer the iPhone.
The reason for this omission is the Chinese government’s efforts since 2003 – in fits and starts – to promote a proprietary security standard for 802.11 devices called WAPI, which stands, in a cumbersome fashion, for “WLAN (Wireless Local Area Network) Authentication and Privacy Infrastructure.”
For the first few years, non-Chinese firms were required to partner with one of a handful of Chinese companies that had access to the WAPI specification, and many of these companies were tied to the Chinese military, which has active control of a number of businesses separate from the rest of government. Foreign firms protested, because they would have had to disclose significant portions of their intellectual property in a country that has a mixed record in honoring patents and trade secrets.
The issue was significant enough that U.S. Secretary of State Colin Powell raised WAPI in trade talks in 2004 because if required it would be a bar for U.S. firms to sell Wi-Fi products in the country. The WAPI requirement may also violate World Trade Organization rules, although that hasn’t been tested. China attempted to get WAPI approved by standards group ISO, but that effort failed largely because the group representing China wouldn’t provide the spec’s details – kind of a problem for a proposed standard. China was recently invited to introduce WAPI to ISO once more, although it’s hard to see how it has a better chance. (The IEEE 802.11i security standard was accepted instead of WAPI.)
A second concern about WAPI, one that I’ve raised for years in my writing at Wi-Fi Networking News, is that one must presume that a proprietary standard that hasn’t been subjected to full disclosure and outside scrutiny includes backdoors for government access to secured sessions. The Wi-Fi approved WPA/WPA2 (Wi-Fi Protected Access) has no known generic exploits, and can’t be deciphered over the air. While WAPI may be completely secure, this can’t be determined, nor does that conform with the Chinese government’s history of Internet oversight.
There is some suspicion that WAPI’s authentication aspect, in which a login would be required to join a network securely, was partly desirable to track users, too. This would eliminate the “problem” of untrackable connections to Wi-Fi hotspots, coupled with security that would prevent local interception.
In the last few years, China hasn’t pushed WAPI with the same vigor, and has made noises about backing down. However, its official status appears to still be in place, and other mobile phones in China have WAPI installed. This AP story says that Wi-Fi was banned in China, but it’s apparently possible and straightforward to buy Wi-Fi access points without WAPI in China, and Wi-Fi is in wide use.
Because Apple already has its phones manufactured in China, there appears to be wide agreement that future versions of the iPhone will have Wi-Fi with WAPI as an option.
The Associated Press estimates as many as two million unlocked iPhones brought in from other countries are in use in China already, and none of those use WAPI.