I think the part of the discussion that is ignored here is the security aspect.
Apple has hardened their hardware against attackers replacing components of the phone with compromised versions. Sure, at the same time it prevents 3rd party repairs, but I don't think Apple's only motivation for doing this was to screw over 3rd party repair shops.
When the NSA leaks came out, there was some sections that showed how shipments of electronics could be intercepted and backdoored. I would 100% believe there are groups out there that have or are working on chip level attacks for iPhones and other mobile products. Swap Apple's Face unlock chip with a custom one that includes other embedded profiles that can unlock the phone without the owner's knowledge does not seem far fetched.
A lot of the changes to the MacBooks seem to also have been done with device hardening in mind.
I cannot tell you how much damage my iPhone 12 Pro has taken without the screen cracking, which makes me personally think the reasons these changes have been made are not just related to 3rd party repairs.
If you look back at the history of Apple you'll find they've always been authoritarian control-freaks, ever since the original Macintosh. This is merely another step in the same direction.
The article even says that the repair shops have already found ways around it, so whatever element of "security" it provides is clearly extremely low. It only exists as a (low) bar against third-party repair, with "security" as an excuse.
As the saying goes "those who give up freedom for security..." etc.
The workaround requires physically moving the original chip to new phone screen. Assuming that chip is where the important Face ID stuff happens, this ensures the important component hasn’t been tampered with and would thwart the NSA hardware intercept attacks op mentioned. Can anyone confirm this chip is also where the Face ID profiles are stored/enforced?
That said, I’m still doubtful this is entirely for security. What’s frustrating with Apple is that their moves to secure their hardware at every level also have the effect of tightening their stranglehold on the ecosystem. Unclear what the core motivation is.
Except that the 'work around' does maintain security since it preserves the original FaceID chip assembly.
"The most sophisticated repair shops have found a workaround, but it’s not a quick, clever hack—it’s physically moving a soldered chip from the original screen onto the replacement. "
You're wrong to say that the element of security it provides is low because, even with this workaround, you still don't have access to the data on the device. All this "workaround" does is keep the chain of trust from the original device. You'd still need to be able to unlock the device in order to get anything from it. It doesn't reset the FaceID information or bypass it in any way.
way to make a total strawman. that quote about freedom has nothing to do with digital security which enhances your privacy and the knowledge that your phone isn't compromised.
i'm all for right to repair and for apple to provide cheaper repairs and more authentic parts to resellers, but don't be obtuse about the reasoning.
the way around it, as i read, was to solder a chip to another board, which has some information authenticating the part and digital trust chain. anyway, i'm sure people like you just love to find reasons to hate apple, as it's grown to be a sort of cult rivaling the one that supports 'em
I mean, yes, this change makes them more money. But Apple is weird, because they are actually able to convince themselves that they're doing this for a good reason, and if you follow them closely you can almost see their central argument: when it comes to security, they trust nobody but themselves, not even the user they sell the device to. It's kind of a strange mindset, but if you look at it under that lens a lot of the concerns about sideloading and repairs make sense from their perspective ("we don't trust the user to do the right thing for their devices").
How does this look like from the outside? I think there are genuinely a lot of people who actually agree with this. Actually, I think almost everyone agrees with this to some extent: people only have a limited amount of effort they can spend managing different parts of their life. The conflict occurs for the parts where people do feel like they can make better decisions than Apple, but they can't because Apple won't let them. For most people, going to an Apple Store or AASP to get a repair is generally fine and saves them hassle. But for the people who are willing to save money to go elsewhere, or do their own repairs, it really sucks.
it would be easier to stomach “apple owns the device not the loser customer” if there was a single major oem who was focused only on producing customer-owned devices
Let's examine your premise: Apple acts in the best interest of the customer. In this light FaceID is a bug, not a feature. If somebody wants to get into your phone they don't even need to beat you up; they just have to restrain you, take your phone, point it at your face, and they're in.
With a decent password, the adversary has to at least use a rubber hose. More important, cops can't legally use a rubber hose but they can damn well take your phone and point it at your face with no repercussions.
> when it comes to security, they trust nobody but themselves, not even the user they sell the device to. It's kind of a strange mindset
It is a strange mindset until you remember that obvious phishing attempts are still crippling organisations and so does ransomware and social engineering.
The security aspect is commonly brought up for justification for moves like this.
Would something like this even remotely stop an actor with the resources like the NSA? Does this even remotely benefit people that are not being targeted by intelligence services? I'd guess no. Security benefits for most people don't outweigh the downsides. If they are so security conscious why even have FaceID at all? It's already been shown to be not that secure why not instead require users to enter a 15 digit password and use 2FA to unlock their phone instead? Is it that they value convienence over security in that case but not where it potentially loses them money?
I think you got it backwards. The main reason is to exclude 3rd party repairs and extra security is a side effect that can be used as justification. Follow the money.
IMO there is way more money, like orders of magnitude more, to be made from successfully branding the iPhone as the most secure and private smartphone, compared to the repairs market.
Also as far as the NSA is concerned, surely it'd be easier if they have a single supply chain where they are guaranteed to be able to compromise every single iPhone?
Seems a lot easier than compromising some random repair shop.
If Apple actually cared about security & privacy they would make iCloud et al. E2E encrypted but they don't.
A sophisticated hardware attack is probably going to be government sponsored anyway in which case that government can just request data from Apple directly.
You can care about security and privacy and also still care of ease of use. For 99.99% of their customers, encryption is enforced by default and being able to recover their data is more important than E2E encryption.
It's easy to view every move Apple makes through the lens of money.
Their platform is locked down so that nobody can carve out their own turf. No custom browsers with modern web features. No runtimes. Apple's rules and taxes, or you're banned.
I've never been afraid of batteries compromising my system. Or new screens. Apple wants the extremely lucrative device repair market, and this is how they get it. Screens are the most common and expensive part to replace.
I am, however, afraid of my device reporting files that the government doesn't like. The Russian FSB is salivating at Apple's new device spying "CSAM" capabilities. Apple built this system to satisfy totalitarian regimes so they could still sell their devices. It turns their entire platform into a dragnet so that intelligence knows exactly who to target. The FBI probably put pressure on the DOJ for these same capabilities too. Apple is deathly afraid of antitrust breaking up their gravy train and would bow to pressure.
This is about money. Apple wants it all. They need extreme growth to justify their stock price and future outlook.
>I've never been afraid of batteries compromising my system.
Another case of "this doesn't affect me so there's no way anyone else would need it" that has recently plagued this site. This doesn't affect you but it does affect the millions of users that depend on the security of the phone - any enterprise level corporation with employees, government organizations, companies that deal with sensitive data, hospitals and other parts of the medical industry.
You're not afraid of batteries compromising your system but you're not the only person using these devices. Offering a more secure solution benefits everyone using these devices, even if you don't personally recognize a benefit from it.
Accusing a business of being motivated only by money is completely trivial and in informative.
For example iFixit clearly cares absolutely nothing for user security and is only motivated by money. They simply don’t care if devices are secure as long as they can sell repair kits.
Also it is clearly in ifixit’s interest to have unreliable devices that break often and need more repairs. This is true of the entire repair business - all they care about is money.
"Sure, at the same time it prevents 3rd party repairs, but I don't think Apple's only motivation for doing this was to screw over 3rd party repair shops."
Is that why they don't let you replace the microphone jack on a macbook and prevent their suppliers from selling me a replacement battery, keyboard or display?
Yes. If you can replace the microphone jack, or any of the other hardware you mention without verifying its integrity, you can add surveillance hardware to the device. I could replace your microphone with one that records everything and sends it to me and you'd be none the wiser.
If Apple Stores have the ability to pair a new FaceID module after an "official" repair, then why wouldn't the NSA have that same ability? Only third-party repair shops don't have that ability.
Presumably it would be some sort of signing solution, which would be a level of cryptography that not even the NSA with their infinite resources can defeat. Their only hope is to find bugs in the system that can be exploited. In this case such a “bug” would be replacing a module that doesn’t have any hardware integrity checking.
> When the NSA leaks came out, there was some sections that showed how shipments of electronics could be intercepted and backdoored. I would 100% believe there are groups out there that have or are working on chip level attacks for iPhones and other mobile products. Swap Apple's Face unlock chip with a custom one that includes other embedded profiles that can unlock the phone without the owner's knowledge does not seem far fetched.
Which class of attackers are those hardenings supposed to deter? For three letter agencies, or groups with the resources to produce chip level attacks, this is child's play.
It was fair when Apple banned 3rd party home button(TouchID) replacement because it's sensor itself so it's natural that they should make tamperproof. But this case is FaceID. I'll accept they ban to replace FaceID module, but why they integrate security chip onto display module (say, most fragile part) despite it wasn't? It looks they aren't legit for me.
Techniques like this; tying hardware together and not allowing legitimate owners pair them to work is purely anti-competitive garbage. We've seen this with coffee pods, automated cat litterbox cleaners, dish washers, inkjet printers, and more.
Apple finally wanted the market for themselves. And since they control the hardware, well, yeah.
You are wrong. With a state actor in the room, it is quite possible to place a complex die with static ram on a thin substrate inside a multilayer board, using the +5 and ground and a number of traces that lead to I/O ports etc,
https://hackaday.com/2019/01/18/oreo-construction-hiding-you...
Remember these are all from 15 down to 10 nanometer parts and at that size circuit complexity takes little space and since they live beneath other chips, they are hard to find with x-rays if there is a +5 and ground plane that hides them.
Remember are 16 billion gates in an Apple M1 CPU,
https://www.macrumors.com/guide/m1/#:~:text=M1%20Macs%20max%....
A million gate parts is as small as a poppy seed and would need to have a fan out - perhaps they could have an optical I/O and live within the corporate data stream, only waking up when special complex command sequences occur and they read their RAM and do their job - back to waiting...
What a straw man! Coffee pods, automated litterboxes, dish washers, and all the rest don't carry an individual's entire digital life on them. You're literally comparing devices that really don't need any kind of security (other than, at worst, network security) to devices that demand privacy and security.
This is either a disingenuous attempt to downplay the important of hardware security or an extremely ignorant analysis of the situation being described.
I'm not against blocking government level physical security attacks on personal devices but I am against the idea such a thing warrants or truly requires every user to be blocked from all but first party repairs.
If whatever infallible repair process and repair techs Apple is using internally can truly not be open to 3rd parties without compromising against such nation level attacks then at the very least protections against such attacks should be an option you enable which tells the security processor to never accept new hardware, not a forced default for all consumers which just happen to need repairs over time and are given only one place to get them.
Yeah. This should be what regulations enforce. I’m fine with parts serialization to help identify genuine, certified parts, but as the user I should be able to bypass it if I want to use compatible parts.
We don’t really have to assume that Apple is intentionally harming 3rd party repair, but even if we believe they are operating in good faith they seem to be ignoring third party repair. Which means they don’t really care about saving their customers time and money or reducing waste.
Since you can bypass it with a microscope and soldering, moving a chip from the old screen to the new screen, this doesn't seem like much added difficulty for someone who is already implementing a hardware-based attack?
I'd guess the aim is to be secure on all components (most of these things have their own processor(s)). If you can compromise one component you can move from there to compromise another one, until you get to something worthwhile.
I don't think my main concern would be three letter agencies (they're going to find a way in to your average consumer one way or another). Probably more likely some organized crime gang backdooring cheap replacement screens and using that to perform an attack on financial data or similar. Attacker doesn't have physical access to the device, just manipulated the supply chain.
So they have all these restriction for security and privacy, but they’re all worthless if Apple decides they’re going to provide surveillance for the government, right?
IMO this is a win win for Apple. They get to pretend the anti-repair shenanigans are for your protection, but they also have the option of turning around and selling access to you and your device to whoever they want.
The NSA spying isn’t comparable either. That was mass surveillance. Swapping a piece of hardware, which requires hands on the device, doesn’t scale to the point of being a threat like that IMO.
For me, the negatives of non-repairability outweigh the pros of the security provided. I’m not worried about the government swapping my screen to gain access to my device.
This. Every iPhone owner gains some tangible value from every disappointed thief. And this will rise as more and more of the userbase converts to totally locked down phones.
Cumulatively over every user, that seems to be a huge value add.
So, we worry so much that the NSA will conduct a supply chain attack against an adversary (domestic surveillance does not fall under the NSA) that we further lock down our own devices?
Everything Apple does in the name of security or privacy is about enforcing Apple's control over what you do with their hardware after you buy it. They give not one thin damn about your privacy: They want to know everything you're doing with your Apple hardware. Put a sniffer on your Mac and count the daemons phoning home to Apple. Your jaw will drop.
As to the supply chain issue, microsoldering is trivially easy for serious adversaries, as TFA suggests. Apple just wants that sweet revenue stream from people who drop their phones. That's what they're protecting.
This is the most ridiculous thing I read this year - and I've read a lot of mad stuff. Let's assume your justification is true and Apple cares so much about the privacy that they implemented this feature just to protect them and that they don't care about the money from repairs.
So, in your scenario, someone would have to steal my phone, disassemble it, and replace the face unlock recognition chip with a custom version. Let's assume this is easy technically, i.e. you could actually do it in the iPhone 12 and the phone would happily accept the modified version (not a small feat if you ask me). Now, while I don't think it's absolutely impossible, the means to accomplish this are usually available to nation-state actors, and in cases like this one the xkcd 538 comes to mind.
This anti consumer approach by Apple is why I refuse to buy anything from them. My last Apple purchase was the iPad Gen 1 as I thought it was a truly remarkable device when it came out but the planned obsolescence was obvious after a few short years.
Recently I had my XPS15 power cord plug break and while I waited for the spare part (that I could repair myself) I had the pleasure of borrowing my partner's MacBook which was an amazing experience compared to Windows. However, that experience is nothing to the cost and pain if something with the hardware goes wrong. Even when I forgot my Apple ID (as it had been so long) it took over a week before Apple deemed it okay for me to recover my password.
I get the seduction of using a snappy beautiful machine and UX, but I just don't think it's worth it tying myself to Apple and being walled in the whole ecosystem upgrade treadmill.
> Even when I forgot my Apple ID (as it had been so long) it took over a week before Apple deemed it okay for me to recover my password.
I do not see what is wrong this added security. For something that unlocks basically everything about me, it seems reasonable to not let it be unlocked at a moment’s notice.
From my point of view I believe I can be trusted to reset my Apple ID quickly. I'm very security conscious which is why unlocking my Apple ID does not unlock 'everything about me'. As I mentioned in a previous reply, I get it now... if you did trust Apple with everything about yourself, you would see the delay as reasonable security.
However, I just don't trust Apple that much because they are at the end of the day a huge corporation that couldn't give a monkey's if my data was compromised. I'm a little guy and Apple isn't going to apologise or make it right if something catastrophic happened. The Fappening is case and point. These celebrities trusted Apple and completely outsourced their security only to find their privacy violated in shocking horror.
So, I understand where you're coming from, but it's a step too far for me.
It's a magician trick. Distract you with one hand while performing the trick with the other. Watch the dazzling performance while they further lock down your device.
> However, that experience is nothing to the cost and pain if something with the hardware goes wrong.
I have never been able to understand that. I can appreciate conviction of not using any manufacturer's products as some kind of a political statement, but this?
How often does something with your hardware goes wrong? I assume it's single-ish number of events per year, but you choose to suffer every day for the experience you deem subpar in a windows device?
Fair point. It's not just this, it's the lack of being able to upgrade. I guess I'm just old and remember when I did my first upgrade from a 14.4k modem to a 33.6k modem and how much faster it was (lol). This is why my next laptop won't be another XPS, but will be a Framework laptop.
I would have bought the Framework laptop now if it wasn't for the fact that they don't ship to the UK (yet) and there's no 15" version.
>This anti consumer approach by Apple is why I refuse to buy anything from them.
What is anti-consumer about this? I am a consumer and active user of these products and I want this posture when it comes to the security of my devices. I don't want just anyone to be able to tamper with the hardware of my phone nor do I want anyone to be able to access my Apple ID or other info without some kind of time delay for me to take action to secure it.
I couldn't really understand comments like yours until I read a comment by saagarjha above which summed it up nicely by saying, "The conflict occurs for the parts where people do feel like they can make better decisions than Apple, but they can't because Apple won't let them."
I understand now the difference is that you're willing to trust that Apple knows best for you, whereas I trust myself to know what's best for me. I accept that you see this as pro-consumer from your point of view, but from my point of view surely you can see it's not? We just want different things.
What helped me get it was your point about security and that you'll have a different attack surface and will have made different security trade offs to me. Thanks for sharing your point of view, I appreciate it.
I haven't noticed that as a user of Apple phones and laptops. The 4 year old iphone SE is working fine with the latest OS. I stopped using the 2013 macbook air because it was kind of falling apart a bit, not due to any weirdness from Apple. I'm not even sure what the "ecosystem upgrade treadmill" is.
I did have the issue of the screen of the SE being harder to replace than the 5 because it has a fingerprint scanner that can access your credit cards. I can understand Apple having security standards for that. The local repair shop still does it but it's £50 with an official part rather than £20 with some Chinese knock off.
Um, what upgrade treadmill? This argument is so tiresome.
Apple's products consistently last longer and hold their value much longer than the competition. That is the exact opposite of an "upgrade treadmill". I've used various Apple devices for as long as 8 years or so, then sold them to others who kept using them.
In addition, this entire thread just blew up today:
This has nothing to do with security. Real life security works like this: you leave your device unattended for an hour or two - it can get compromised. Period. If you are serious about opsec - just take this into account.
My personal devices were hacked in Russia a few years ago. 2 hours out of the hotel room to have dinner. They broke through - what I thought was - decent security of a linux os used properly. I only learned since the device had a 3g modem that would send a ping to my phone on every login. Since then, I assume any hardware is easily compromisable and dont mind the security theather vendors rely on to get sales.
You're literally responding to an article that shows that the situation you're describing would be impossible with this device. How does this have nothing to do with security?
The point I was trying to make was that this does not, in fact, prevent hacking. It merely presents an inconvenience - as evidenced by the amateur repair technicians being able to defeat it. Apple surely expected that to be possible.
Inconvenience to many means fewer repair shops. That, too, they have likely anticipated.
Relying on this "feature" to trust your device not having been physically tampered with would be poor judgement.
>One experienced repair shop told me they’ve been swapping screen chips since the iPhone X to avoid touch calibration issues and “genuine” part warnings; they’ve got the process down to about 15 minutes.
15 minutes is "impossible with this device"?
> How does this have nothing to do with security?
because FaceID hardware is NOT on the screen assembly, and the only part generating the warning is the hardware DRM ID chip.
> The most sophisticated repair shops have found a workaround, but it’s not a quick, clever hack—it’s physically moving a soldered chip from the original screen onto the replacement.
Sounds like that's not a problem for sophisticated adversaries, such as, say, the United States Government.
You can argue that the biometric sensor shouldn't be integrated into the screen, but you can't argue that the biometric sensor that is integrated into the screen has nothing to do with security.
This anti-Apple commentary is getting boring. We don’t have all the information and we definitely can’t guess Apple’s motivations. They definitely aren’t focused exclusively on maximising profits: they already have all the money, and they make plenty of things that don’t start life as a cash cow (Apple TV, AirTags, even iPads for a while).
If you don’t like Apple’s approach, use one of the other brands instead. The problem is no other mainstream manufacturers can be trusted to provide a device as secure and private as Apple’s.
I am a strong supporter of the right to repair, and it informs my decisions, but in many cases, I am willing to pay a premium for known, trusted and secure platform with hardened components from a trusted and secure supply chain. That includes the labour of installing those parts. There are cheaper options around if that isn’t important to me.
> I am a strong supporter of the right to repair, and it informs my decisions, but in many cases, I am willing to pay a premium for known, trusted and secure platform with hardened components from a trusted and secure supply chain. That includes the labour of installing those parts. There are cheaper options around if that isn’t important to me.
IMO, that's the same sentiment that comes up in the app store tax threads. Some Apple users say they're willing to pay more, but the reality is they're being subsidized by the users that don't need or want those features.
In the case of device repair, I don't see an issue with locking the phone as perfectly as possible from the factory, but once I buy it and own it I should have the option of putting it into some type of repair mode where I accept the risk of having it repaired with 3rd party parts.
If you want to pay 2x or 3x or whatever's needed to make up the difference that's fine by me. Just don't make me participate in that system because I don't need it.
> If you don’t like Apple’s approach, use one of the other brands instead.
There's not a manufacturer in the solar system that's going to forgo the use of parts serialization unless it gets prohibited with legislation. The money to be made by locking out competition is too appealing.
> IMO, that's the same sentiment that comes up in the app store tax threads. Some Apple users say they're willing to pay more, but the reality is they're being subsidized by the users that don't need or want those features.
Well, true, but I have no influence on other consumers decisions, but they obviously see value in the overall proposition. I don’t demand a price reduction from my ISP because I don’t use torrents or tor.
If you don’t see the total value in Apple’s offer, buy something else.
> If you want to pay 2x or 3x or whatever's needed to make up the difference that's fine by me. Just don't make me participate in that system because I don't need it.
Buy a different brand, then.
I do agree that it’s very desirable to be able to simply and cheaply replace broken components. It intensely annoys me too, but, for me, it’s ok (not great) given the overall proposition, to ensure end to end security.
I replaced a screen, parts and labour, on my phone this week for AUD$45 with Apple Care. Can anyone else do that for $15 or $25 as you suggest?
I don’t see the other manufacturers being significantly better in this regard.
The big opportunity for Apple, in my opinion, is to figure out a more compelling recycling program.
> There's not a manufacturer in the solar system that's going to forgo the use of parts serialization unless it gets prohibited with legislation. The money to be made by locking out competition is too appealing.
Our points are the same, but one never hears this level of criticism directed at Samsung or Google. Are they any better? Maybe in a few different ways, but not as a whole.
But pretending that Apple is somehow the worst, when they are categorically far from it, is just disingenuous and frankly boring.
>They definitely aren’t focused exclusively on maximising profits: they already have all the money, and they make plenty of things that don’t start life as a cash cow (Apple TV, AirTags, even iPads for a while).
Which part of Apple TV, AirTags, or even iPad were not profitable from the start? Even assuming you mean AirPod instead of iPad.
While I dont disagree ( or agree ) whether Apple make these decisions on security or repair priority. Apple under Tim Cook have been very much a maximising profits company. Every single step, big or small he has been extremely cautious of revenue and profits compared to Steve Jobs. And the reason why Apple has managed to give precise forecast every quarter.
Absolutely seconded. While I understand the reaction that many people here have to these sorts of things, in the end it is Apple's product and nothing forces you to buy it.
People shill alternatives all the time here, why not do it in these sorts of discussions too.
>The problem is no other mainstream manufacturers can be trusted to provide a device as secure and private as Apple’s.
As much as I hate to admit it this is pretty much true, and extends beyond just security and privacy for me, having an actually reliable (and power user friendly) ecosystem to dump my tech needs into has been a godsend.
I'd venture to say most consumers won't know of this new limitation if previous to now they have used 3rd party repair shops. Does anyone know how much an "authorized" screen repair costs vs. an "unauthorized" one previous to this model?
out-of-warranty Apple Store (and AASP, presumably) screen repairs are pretty expensive[0], although I can't find anything that lists the hardware cost of getting a replacement screen for repair (probably because that requires an AASP to defect and leak it, risking their AASP status).
The problem is that we don't have much choice brand-wise. We get to pick Apple or Android. From a security/privacy perspective, the various Android brands are more or less the same (or, more accurately, the best of them are still likely much worse than Apple, and the worst of them are likely backdoored by the manufacturer or the government where it's manufactured).
Capitalism and the mythical free market have given us two choices, each with very big negatives. I don't want either. I want a phone that respects and fights for my privacy and security, and is relatively easy and cheap to repair, and allows me control over what I run on it.
(And I don't consider platforms like the PinePhone to be choices here. I want contactless payments on my phone, as well as Venmo/Cash App. I want my banking and airline/travel apps. I want Signal, Slack, Whatsapp. I want the app for my local gym. These things either don't run on other platforms, or provide a janky mobile web experience.)
> The problem is that we don't have much choice brand-wise. We get to pick Apple or Android. From a security/privacy perspective, the various Android brands are more or less the same (or, more accurately, the best of them are still likely much worse than Apple, and the worst of them are likely backdoored by the manufacturer or the government where it's manufactured).
Completely agree. But this is always argued as it being Apple’s fault and not a market failure. Why don’t the supposedly better options ever gain enough share to be important?
> Capitalism and the mythical free market have given us two choices, each with very big negatives. I don't want either. I want a phone that respects and fights for my privacy and security, and is relatively easy and cheap to repair, and allows me control over what I run on it.
I mostly agree, but this isn’t an option we have. Again, is this Apple’s fault?
> (And I don't consider platforms like the PinePhone to be choices here. I want contactless payments on my phone, as well as Venmo/Cash App. I want my banking and airline/travel apps. I want Signal, Slack, Whatsapp. I want the app for my local gym. These things either don't run on other platforms, or provide a janky mobile web experience.)
Exactly. One doesn’t usually buy a thing based purely on one feature. All design has compromises, and we pick the most suitable from a limited set.
On my 5 year old iPhone SE, I've had the battery replaced twice and the power button replaced by a third party. The Apple-partnered shop actually said they are unable to replace the power button and referred me to the third party, who were surprisingly great (fast + guaranteed that if they wouldn't be able to fix it, I'd only pay a small diagnostic fee). I'm sure by Apple's standards I should have already bought a new phone. I expect to get similar repairs done on my next phone.
For what it's worth, the face recognition unlock is probably the most insecure unlock there is on the phone (and unsettling to me when I've tried it). I'm sure they've fixed it by now, but I recall an early story of an asian woman giving her phone to a coworker and being startled by the phone unlocking. The fingerprint readers also creep me out (not as much as the facial recognition) and they're very efficient, you can use them without even looking or while picking up the device.
Different login mechanisms have different trade-offs. A big advantage of FaceID (or TouchId) is that it isn’t vulnerable to shoulder-surfers. This is especially important on a mobile device that you unlock in public all the time.
For example, if I’m riding in a train I feel a lot more comfortable unlocking my MacBook with TouchID than typing my password for all to see.
So it’s not true anymore and yet you seem to be claiming it is,
> but I recall an early story of an asian woman giving her phone to a coworker and being startled by the phone unlocking.
Do you? Is there any evidence or a link to a credible source? Seems like a weird racist trope. Given how popular iPhones are in China, we’d likely know if there was anything to this.
> So it’s not true anymore and yet you seem to be claiming it is,
I was just giving them the benefit of the doubt to be charitable since it seems like the kind of thing that is fixable with years of technical development. I have no evidence.
> Do you? Is there any evidence or a link to a credible source? Seems like a weird racist trope. Given how popular iPhones are in China, we’d likely know if there was anything to this.
No. Its the code for Apple requiring you to sign agreement giving Apple ALL of your clients data (even non apple related ones) and access to shop books for up to 5 years after you exited IRP program. You also agree to being audited at any time, and to not being able to to component level repair at all.
My understanding is that the repair shop has to provide full customer details including address, phone number, and the like to Apple for any repairs done.
Readit News
Apple has hardened their hardware against attackers replacing components of the phone with compromised versions. Sure, at the same time it prevents 3rd party repairs, but I don't think Apple's only motivation for doing this was to screw over 3rd party repair shops.
When the NSA leaks came out, there was some sections that showed how shipments of electronics could be intercepted and backdoored. I would 100% believe there are groups out there that have or are working on chip level attacks for iPhones and other mobile products. Swap Apple's Face unlock chip with a custom one that includes other embedded profiles that can unlock the phone without the owner's knowledge does not seem far fetched.
A lot of the changes to the MacBooks seem to also have been done with device hardening in mind.
I cannot tell you how much damage my iPhone 12 Pro has taken without the screen cracking, which makes me personally think the reasons these changes have been made are not just related to 3rd party repairs.
The article even says that the repair shops have already found ways around it, so whatever element of "security" it provides is clearly extremely low. It only exists as a (low) bar against third-party repair, with "security" as an excuse.
As the saying goes "those who give up freedom for security..." etc.
That said, I’m still doubtful this is entirely for security. What’s frustrating with Apple is that their moves to secure their hardware at every level also have the effect of tightening their stranglehold on the ecosystem. Unclear what the core motivation is.
"The most sophisticated repair shops have found a workaround, but it’s not a quick, clever hack—it’s physically moving a soldered chip from the original screen onto the replacement. "
i'm all for right to repair and for apple to provide cheaper repairs and more authentic parts to resellers, but don't be obtuse about the reasoning.
the way around it, as i read, was to solder a chip to another board, which has some information authenticating the part and digital trust chain. anyway, i'm sure people like you just love to find reasons to hate apple, as it's grown to be a sort of cult rivaling the one that supports 'em
Deleted Comment
How does this look like from the outside? I think there are genuinely a lot of people who actually agree with this. Actually, I think almost everyone agrees with this to some extent: people only have a limited amount of effort they can spend managing different parts of their life. The conflict occurs for the parts where people do feel like they can make better decisions than Apple, but they can't because Apple won't let them. For most people, going to an Apple Store or AASP to get a repair is generally fine and saves them hassle. But for the people who are willing to save money to go elsewhere, or do their own repairs, it really sucks.
With a decent password, the adversary has to at least use a rubber hose. More important, cops can't legally use a rubber hose but they can damn well take your phone and point it at your face with no repercussions.
It is a strange mindset until you remember that obvious phishing attempts are still crippling organisations and so does ransomware and social engineering.
Relevant: https://youtu.be/kkCwFkOZoOY
Would something like this even remotely stop an actor with the resources like the NSA? Does this even remotely benefit people that are not being targeted by intelligence services? I'd guess no. Security benefits for most people don't outweigh the downsides. If they are so security conscious why even have FaceID at all? It's already been shown to be not that secure why not instead require users to enter a 15 digit password and use 2FA to unlock their phone instead? Is it that they value convienence over security in that case but not where it potentially loses them money?
Seems a lot easier than compromising some random repair shop.
A sophisticated hardware attack is probably going to be government sponsored anyway in which case that government can just request data from Apple directly.
Their platform is locked down so that nobody can carve out their own turf. No custom browsers with modern web features. No runtimes. Apple's rules and taxes, or you're banned.
I've never been afraid of batteries compromising my system. Or new screens. Apple wants the extremely lucrative device repair market, and this is how they get it. Screens are the most common and expensive part to replace.
I am, however, afraid of my device reporting files that the government doesn't like. The Russian FSB is salivating at Apple's new device spying "CSAM" capabilities. Apple built this system to satisfy totalitarian regimes so they could still sell their devices. It turns their entire platform into a dragnet so that intelligence knows exactly who to target. The FBI probably put pressure on the DOJ for these same capabilities too. Apple is deathly afraid of antitrust breaking up their gravy train and would bow to pressure.
This is about money. Apple wants it all. They need extreme growth to justify their stock price and future outlook.
Everything is about money to Apple.
Another case of "this doesn't affect me so there's no way anyone else would need it" that has recently plagued this site. This doesn't affect you but it does affect the millions of users that depend on the security of the phone - any enterprise level corporation with employees, government organizations, companies that deal with sensitive data, hospitals and other parts of the medical industry.
You're not afraid of batteries compromising your system but you're not the only person using these devices. Offering a more secure solution benefits everyone using these devices, even if you don't personally recognize a benefit from it.
For example iFixit clearly cares absolutely nothing for user security and is only motivated by money. They simply don’t care if devices are secure as long as they can sell repair kits.
Also it is clearly in ifixit’s interest to have unreliable devices that break often and need more repairs. This is true of the entire repair business - all they care about is money.
Not very informative, but, certainly easy!
Is that why they don't let you replace the microphone jack on a macbook and prevent their suppliers from selling me a replacement battery, keyboard or display?
Which class of attackers are those hardenings supposed to deter? For three letter agencies, or groups with the resources to produce chip level attacks, this is child's play.
Scary high-end governmental supply chain backdooring with chips the size of a grain of rice are for fiction rags like Bloomberg:
https://www.bloomberg.com/news/features/2018-10-04/the-big-h...
Techniques like this; tying hardware together and not allowing legitimate owners pair them to work is purely anti-competitive garbage. We've seen this with coffee pods, automated cat litterbox cleaners, dish washers, inkjet printers, and more.
Apple finally wanted the market for themselves. And since they control the hardware, well, yeah.
This is either a disingenuous attempt to downplay the important of hardware security or an extremely ignorant analysis of the situation being described.
If whatever infallible repair process and repair techs Apple is using internally can truly not be open to 3rd parties without compromising against such nation level attacks then at the very least protections against such attacks should be an option you enable which tells the security processor to never accept new hardware, not a forced default for all consumers which just happen to need repairs over time and are given only one place to get them.
I don't think my main concern would be three letter agencies (they're going to find a way in to your average consumer one way or another). Probably more likely some organized crime gang backdooring cheap replacement screens and using that to perform an attack on financial data or similar. Attacker doesn't have physical access to the device, just manipulated the supply chain.
Deleted Comment
IMO this is a win win for Apple. They get to pretend the anti-repair shenanigans are for your protection, but they also have the option of turning around and selling access to you and your device to whoever they want.
The NSA spying isn’t comparable either. That was mass surveillance. Swapping a piece of hardware, which requires hands on the device, doesn’t scale to the point of being a threat like that IMO.
For me, the negatives of non-repairability outweigh the pros of the security provided. I’m not worried about the government swapping my screen to gain access to my device.
But they didnt think about that one...
It also hurts phone thieves.
Once the device is locked up remotely it's impossible to sell, and you can't even sell the thing for parts since they won't work.
Cumulatively over every user, that seems to be a huge value add.
What specifically is being guarded against by not allowing users to replace a screen, as in this case?
https://www.youtube.com/watch?v=v6025_yK02U
If Apple laptops internal harddrive gets broken, currently they can not boot from external harddrive:
https://news.ycombinator.com/item?id=29083633
Deleted Comment
As to the supply chain issue, microsoldering is trivially easy for serious adversaries, as TFA suggests. Apple just wants that sweet revenue stream from people who drop their phones. That's what they're protecting.
So, in your scenario, someone would have to steal my phone, disassemble it, and replace the face unlock recognition chip with a custom version. Let's assume this is easy technically, i.e. you could actually do it in the iPhone 12 and the phone would happily accept the modified version (not a small feat if you ask me). Now, while I don't think it's absolutely impossible, the means to accomplish this are usually available to nation-state actors, and in cases like this one the xkcd 538 comes to mind.
Recently I had my XPS15 power cord plug break and while I waited for the spare part (that I could repair myself) I had the pleasure of borrowing my partner's MacBook which was an amazing experience compared to Windows. However, that experience is nothing to the cost and pain if something with the hardware goes wrong. Even when I forgot my Apple ID (as it had been so long) it took over a week before Apple deemed it okay for me to recover my password.
I get the seduction of using a snappy beautiful machine and UX, but I just don't think it's worth it tying myself to Apple and being walled in the whole ecosystem upgrade treadmill.
I do not see what is wrong this added security. For something that unlocks basically everything about me, it seems reasonable to not let it be unlocked at a moment’s notice.
However, I just don't trust Apple that much because they are at the end of the day a huge corporation that couldn't give a monkey's if my data was compromised. I'm a little guy and Apple isn't going to apologise or make it right if something catastrophic happened. The Fappening is case and point. These celebrities trusted Apple and completely outsourced their security only to find their privacy violated in shocking horror.
So, I understand where you're coming from, but it's a step too far for me.
It's a magician trick. Distract you with one hand while performing the trick with the other. Watch the dazzling performance while they further lock down your device.
I have never been able to understand that. I can appreciate conviction of not using any manufacturer's products as some kind of a political statement, but this?
How often does something with your hardware goes wrong? I assume it's single-ish number of events per year, but you choose to suffer every day for the experience you deem subpar in a windows device?
I would have bought the Framework laptop now if it wasn't for the fact that they don't ship to the UK (yet) and there's no 15" version.
What is anti-consumer about this? I am a consumer and active user of these products and I want this posture when it comes to the security of my devices. I don't want just anyone to be able to tamper with the hardware of my phone nor do I want anyone to be able to access my Apple ID or other info without some kind of time delay for me to take action to secure it.
I understand now the difference is that you're willing to trust that Apple knows best for you, whereas I trust myself to know what's best for me. I accept that you see this as pro-consumer from your point of view, but from my point of view surely you can see it's not? We just want different things.
What helped me get it was your point about security and that you'll have a different attack surface and will have made different security trade offs to me. Thanks for sharing your point of view, I appreciate it.
I haven't noticed that as a user of Apple phones and laptops. The 4 year old iphone SE is working fine with the latest OS. I stopped using the 2013 macbook air because it was kind of falling apart a bit, not due to any weirdness from Apple. I'm not even sure what the "ecosystem upgrade treadmill" is.
I did have the issue of the screen of the SE being harder to replace than the 5 because it has a fingerprint scanner that can access your credit cards. I can understand Apple having security standards for that. The local repair shop still does it but it's £50 with an official part rather than £20 with some Chinese knock off.
Apple's products consistently last longer and hold their value much longer than the competition. That is the exact opposite of an "upgrade treadmill". I've used various Apple devices for as long as 8 years or so, then sold them to others who kept using them.
In addition, this entire thread just blew up today:
https://appleinsider.com/articles/21/11/09/upcoming-apple-so...
Dead Comment
My personal devices were hacked in Russia a few years ago. 2 hours out of the hotel room to have dinner. They broke through - what I thought was - decent security of a linux os used properly. I only learned since the device had a 3g modem that would send a ping to my phone on every login. Since then, I assume any hardware is easily compromisable and dont mind the security theather vendors rely on to get sales.
Inconvenience to many means fewer repair shops. That, too, they have likely anticipated.
Relying on this "feature" to trust your device not having been physically tampered with would be poor judgement.
>One experienced repair shop told me they’ve been swapping screen chips since the iPhone X to avoid touch calibration issues and “genuine” part warnings; they’ve got the process down to about 15 minutes.
15 minutes is "impossible with this device"?
> How does this have nothing to do with security?
because FaceID hardware is NOT on the screen assembly, and the only part generating the warning is the hardware DRM ID chip.
Sounds like that's not a problem for sophisticated adversaries, such as, say, the United States Government.
Deleted Comment
> I run a service with approx. 900k daily users
> I work for one of those staffing companies
> my purely anecdotal experiences of attending/organizing a few 500-person-plus hackstons
You can argue that the biometric sensor shouldn't be integrated into the screen, but you can't argue that the biometric sensor that is integrated into the screen has nothing to do with security.
If you don’t like Apple’s approach, use one of the other brands instead. The problem is no other mainstream manufacturers can be trusted to provide a device as secure and private as Apple’s.
I am a strong supporter of the right to repair, and it informs my decisions, but in many cases, I am willing to pay a premium for known, trusted and secure platform with hardened components from a trusted and secure supply chain. That includes the labour of installing those parts. There are cheaper options around if that isn’t important to me.
IMO, that's the same sentiment that comes up in the app store tax threads. Some Apple users say they're willing to pay more, but the reality is they're being subsidized by the users that don't need or want those features.
In the case of device repair, I don't see an issue with locking the phone as perfectly as possible from the factory, but once I buy it and own it I should have the option of putting it into some type of repair mode where I accept the risk of having it repaired with 3rd party parts.
If you want to pay 2x or 3x or whatever's needed to make up the difference that's fine by me. Just don't make me participate in that system because I don't need it.
> If you don’t like Apple’s approach, use one of the other brands instead.
There's not a manufacturer in the solar system that's going to forgo the use of parts serialization unless it gets prohibited with legislation. The money to be made by locking out competition is too appealing.
Well, true, but I have no influence on other consumers decisions, but they obviously see value in the overall proposition. I don’t demand a price reduction from my ISP because I don’t use torrents or tor.
If you don’t see the total value in Apple’s offer, buy something else.
> If you want to pay 2x or 3x or whatever's needed to make up the difference that's fine by me. Just don't make me participate in that system because I don't need it.
Buy a different brand, then.
I do agree that it’s very desirable to be able to simply and cheaply replace broken components. It intensely annoys me too, but, for me, it’s ok (not great) given the overall proposition, to ensure end to end security.
I replaced a screen, parts and labour, on my phone this week for AUD$45 with Apple Care. Can anyone else do that for $15 or $25 as you suggest?
I don’t see the other manufacturers being significantly better in this regard.
The big opportunity for Apple, in my opinion, is to figure out a more compelling recycling program.
> There's not a manufacturer in the solar system that's going to forgo the use of parts serialization unless it gets prohibited with legislation. The money to be made by locking out competition is too appealing.
Our points are the same, but one never hears this level of criticism directed at Samsung or Google. Are they any better? Maybe in a few different ways, but not as a whole.
But pretending that Apple is somehow the worst, when they are categorically far from it, is just disingenuous and frankly boring.
Which part of Apple TV, AirTags, or even iPad were not profitable from the start? Even assuming you mean AirPod instead of iPad.
While I dont disagree ( or agree ) whether Apple make these decisions on security or repair priority. Apple under Tim Cook have been very much a maximising profits company. Every single step, big or small he has been extremely cautious of revenue and profits compared to Steve Jobs. And the reason why Apple has managed to give precise forecast every quarter.
People shill alternatives all the time here, why not do it in these sorts of discussions too.
>The problem is no other mainstream manufacturers can be trusted to provide a device as secure and private as Apple’s.
As much as I hate to admit it this is pretty much true, and extends beyond just security and privacy for me, having an actually reliable (and power user friendly) ecosystem to dump my tech needs into has been a godsend.
Nothing except the lack of choice in the duopoly world, where Google is even worse.
0: https://support.apple.com/iphone/repair/service/screen-repla...
Capitalism and the mythical free market have given us two choices, each with very big negatives. I don't want either. I want a phone that respects and fights for my privacy and security, and is relatively easy and cheap to repair, and allows me control over what I run on it.
(And I don't consider platforms like the PinePhone to be choices here. I want contactless payments on my phone, as well as Venmo/Cash App. I want my banking and airline/travel apps. I want Signal, Slack, Whatsapp. I want the app for my local gym. These things either don't run on other platforms, or provide a janky mobile web experience.)
Completely agree. But this is always argued as it being Apple’s fault and not a market failure. Why don’t the supposedly better options ever gain enough share to be important?
> Capitalism and the mythical free market have given us two choices, each with very big negatives. I don't want either. I want a phone that respects and fights for my privacy and security, and is relatively easy and cheap to repair, and allows me control over what I run on it.
I mostly agree, but this isn’t an option we have. Again, is this Apple’s fault?
> (And I don't consider platforms like the PinePhone to be choices here. I want contactless payments on my phone, as well as Venmo/Cash App. I want my banking and airline/travel apps. I want Signal, Slack, Whatsapp. I want the app for my local gym. These things either don't run on other platforms, or provide a janky mobile web experience.)
Exactly. One doesn’t usually buy a thing based purely on one feature. All design has compromises, and we pick the most suitable from a limited set.
Disabling functionality is not the right way to implement this.
For example, if I’m riding in a train I feel a lot more comfortable unlocking my MacBook with TouchID than typing my password for all to see.
So it’s not true anymore and yet you seem to be claiming it is,
> but I recall an early story of an asian woman giving her phone to a coworker and being startled by the phone unlocking.
Do you? Is there any evidence or a link to a credible source? Seems like a weird racist trope. Given how popular iPhones are in China, we’d likely know if there was anything to this.
I was just giving them the benefit of the doubt to be charitable since it seems like the kind of thing that is fixable with years of technical development. I have no evidence.
> Do you? Is there any evidence or a link to a credible source? Seems like a weird racist trope. Given how popular iPhones are in China, we’d likely know if there was anything to this.
https://www.newsweek.com/iphone-x-racist-apple-refunds-devic...
I should add that I don't think asian people look alike and that it's racist to make those claims.
Is this code for shops that repair stolen phones?