Tim Cook didn't address Apple's real privacy problem

tim cook
CEO Tim Cook says Apple has addressed customers' privacy concerns. But Apple's security record says otherwise.

Tim Cook is deflecting the conversation with his new statement about privacy.

Apple (AAPL) was all over the news earlier this month following the theft of celebrities' nude photos from their iCloud accounts. Though iCloud itself wasn't hacked, Apple's two-factor authentication -- a second, temporary password via text message that could have prevented the attack -- couldn't be used with iCloud until after the scandal.

This was just the latest in Apple's lousy record on security. Apple waits too long to fix bugs and fails to update its customers when a major vulnerability needs to be addressed.

That's a major issue as Apple gears up to launch Apple Pay, its mobile payments system that is set to debut next month. The point is not lost on its rivals: PayPal called out Apple in a full-page New York Times ad this week, saying "We the people want our money safer than our selfies."

Now Apple is saying it will be more transparent about the information it collects and shares; it won't sell information to advertisers based on the content of your emails and texts; and it has encrypted iPhones so the government can't get its hands on data stored on your phone.

Related: Apple says iOS 8 will shield your data from police

Those are noble actions. But Apple failed to address the real problem.

The reason customers are losing faith in Apple's ability to keep their information private is because Apple has a miserable security record. That needs to be addressed. Until it does that, Apple can't truly claim that it is protecting customers' data.

Dark Web: Nudes traded like baseball cards
Dark Web: Nudes traded like baseball cards

For example, Apple was plagued with a serious security flaw that allowed hackers to read private communications sent over Apple devices, including emails, instant messages, social media posts and even online bank transactions. But Apple waited four days to fix the "goto fail" bug on Macs after it had already patched iPhones and iPads. An app developer Roland Moriz also claims to have notified Apple about a curiously similar bug four months before Apple fixed it.

Apple waited far too long to fix the Flashback bug that hit Apple in early 2012 -- the largest targeted attack on Macs ever. Flashback exploited a hole in Java, and Oracle (ORCL) quickly fixed the bug. But Apple uses its own version of Java and didn't get around to patching its software until two months after Oracle fixed it.

And it took more than three years for Apple to fix the so-called FinFisher Trojan that allowed law enforcement to spy on iPhone users.

Apple declined to comment for this story.

Related: FBI launches a face recognition system

Transparency is a must, and Apple is taking a big step by publishing an easy-to-understand privacy website.

Encryption is a good step -- albeit a limited one (if you back your stuff up on iCloud or on your computer, it's no longer out of the government's reach).

It's good that Apple doesn't sell as much of its customers' personal information to advertisers as Google (GOOGL) and Facebook (FB) do. Though that's largely because Apple's iAd advertising business is extremely small -- not by choice, but because it failed to take off.

But few customers -- if any -- were saying they don't trust Apple because their iPhones weren't encrypted. Or that Apple wasn't clear about what information it provided to third parties. Or that Apple was selling their personal data to advertisers.

Apple's problem remains its lack of transparency and quick action on security holes. Tim Cook should fix that now.

CNNMoney Sponsors