Unfortunately this occurred in 2016, long before they added "repair mode" in iOS 17.
But I should mention, I was in the middle of writing a comment along the lines of "apple really needs to add a repair mode to iOS" before going to look it up and realizing that it's actually been there since iOS 17.
For me this highlights another issue with iOS which is it has many awesome features that you just won't know about unless you're a techie that keeps up with the news. One great example is the "hidden folder" feature that allows you to hide sensitive apps in an unmarked folder that when set to it's most secure setting, can only be opened with FaceID and no passcode backup. Along with some other features like preventing the app from showing up in your app switcher.
This is a genius feature but I see very few people with it enabled, mostly because they just don't know it's a thing. Something like this should be front and center when you first setup your device but instead it's a feature so buried that I had to lookup a guide on how to enable it.
And repair mode is equally buried, I had to lookup a guide on how to enable it as well. IMHO Apple really needs to tweak iOS to better surface these features.
> iOS which is it has many awesome features that you just won't know about unless you're a techie that keeps up with the news
Probably the single most useful hidden feature, valuable to parents everywhere, is “Guided Access” mode available through accessibility settings.
It lets you lock the screen to a single app or disable touch entirely (or even by custom region), so that you can hand your device to a kid without worrying they will delete your photos.
They never even really promoted this features in their news updates.
Samsung has this too (not sure about other Androids), it's called "pin app".
It also makes the app come up immediately when your turn on the screen, so it's in front of the lock screen basically (but you can only access that particular app). It's good for showing someone a specific app. I also use it for instant access to my train ticket (QR code on screen on the train company's app). The iOS version sounds better though.
It’s a very confusing and hidden feature. You have to start “deleting” your phone from Find My (which is itself an hidden swipe action) and it’ll tell you that you can’t but you can enable repair mode.
IMO the feature shouldn’t even be in Find My because it’s not really related to finding your phone or activation locking/unlocking it.
>Unfortunately this occurred in 2016, long before they added "repair mode" in iOS 17.
Why isn't showing the user how to enable "repair mode" one of the first things the "genius" does if such a feature exists? In the same spirit as us turning away when a user enters their password.
You can't overwhelm the user with 300 "Here's what you can do with your phone!" tips when they first start it, so maybe something like a push notification every few days telling the user about a couple features.
Repair State isn’t a feature that you need to know about unless you’re having your phone repaired or traded in, at which point you’ll learn about it.
It’s a perfect example of a feature being surfaced exactly as it should be, when needed. Quite a bit of mental gymnastics to twist that into being an ‘issue’.
I disagree. If I take my phone in, I'm going to wipe it first. If someone asks me, I'd say they should do the same.
Now that I know it's a feature, I won't suggest that for iPhone users as backup+restore just sucks. (I know restore is easy, but bank apps, Signal, etc don't get backed up, so it is an annoyance)
The word "easily" is doing some work here, as your scenario is already in the area of "rubber-hose cryptanalysis", where passcodes don't stay private for long either.
I had a friend a few years back that got taken for close to $50k and this feature would have prevented it.
- He was at a bar and got to talking to one girl.
- There was another girl watching him and his phone and figured out his passcode. The bar was dimly lit so FaceID didn't always work and at some point he entered his passcode and she saw.
- They all left to "go back to their place" and in the process the girls stole his phone.
- Mid ride they kicked him out of the Uber.
- He goes home and realized his bank accounts have all been cleaned out via Venmo and CashApp.
Had those apps been inside the "secure folder", they would have not been able to access them and thus would not have been able to clean him out like they did.
Congratulations on discovering XKCD 538 [1]. Depending on your exact threat model (i.e. barring a very surprise attack), this actually can be defended against in many cases, too.
I never understood why the repair techs need my passcode to repair my iPhone (like replacing display or battery) and they suggest it as a first option unapologetically without even explaining privacy risks.
Recently I had the screen replaced on my child’s iPad. The tech asked for passcode, and I refused to provide it. The tech complained and said when I came to pick it up he’d need to guide me through some things.
Indeed, there were some settings that needed to be set, to ”help” the new screen.
Having said that — I’ve previously documented a case (well over 10 years ago) where I caught a local PC repair company who used their access to a machine of mine they were repairing - to quickly scan through the thumbnails of our personal photos, and look closer at any image which showed any flesh.
People expect to be trusted but don’t act in a trustworthy manner.
I used to repair iPhone screens and can answer this. It was the easiest way to check the device worked after the repair and that the screen didn’t have any dead spots. We told people to wipe the phones before they brought them in, and gave people the option of either giving us the PIN code or accepting the device back without us validating the fix.
I don’t think I ever had a single person say no to the pin but we did have plenty of people wipe the device before they brought it in.
There are also stories of people losing all of their stuff by sending the device in. So the added benefit of suggesting a wipe is that it encourages you to assume total loss and plan ahead.
That doesn’t necessarily help with people sending in devices with special nostalgia for the physical hardware, such as a signature. Though whether those sorts of issues were from not paying attention to notes attached to the account or outright theft has rarely been clear.
Maybe the benefit of only ever dealing with extremely sketchy places for phone stuff is that they already know I won't give them information to unlock my phone so they never ask. Either the repair can be effected without, or I don't want it done. "Is it OK to wipe this phone?" is also an acceptable question, and sometimes the answer might even be "Yes".
> This case shows how, even when Apple tightly controls its repair infrastructure, it cannot prevent disastrous cases like this
Customers should be able to choose where to repair their device, or even be able to repair it themselves. Just because it's an "official" repair shop doesn't mean its the best and the safest. Louis Rossmann has been saying this for years.
It's crazy that a repair shop needs your passcode. I can't think of any case where it would be necessary.
I'm glad this person won the lawsuit though; getting your nudes leaked is a really shitty situation to be in. Apple needs to do a better job vetting their repair shops.
The problem is that Android doesn't offer a pre-boot UI for testing anything unless you flash TWRP (at which point the userdata will be wiped), and I'm not sure if iOS does either.
Somewhere in the 2013-14's or something my MBP had a faulty GPU and I brought it in for free repair (that they put in another faulty GPU which failed after the same time as the first one, but it did get them over of the warranty period is besides the point), and they asked me for my root password. I gave it, and felt incredibly dirty. I would never do that again.
Was it an Nvidia GPU? I used to work for GeekSquad and we would gladly send the Mac to the Apple store to replace the whole thing with the newer model - always free.
People would come back and thank us for sending them to Apple.
They even honored them out of warranty due to the lawsuit they faced with Nvidia over the solder failures.
It was indeed an nvidia GPU, I desoldered something and got the thing working pretty much 100% on the iGPU of the corei7 in there... For 3 days until some update bricked it once and for good.
I never heard of any actions to take after the second failure, shame. Was that also valid in the EU?
Whole thing did leave me a bit sour about Apple tbh, it was my last macbook.
Why doesnt apple add a repair mode? Access to most settings but not data? Then train users to never give their password to Apple (like banks say never say even to us your PIN or online password)
Readit News
But I should mention, I was in the middle of writing a comment along the lines of "apple really needs to add a repair mode to iOS" before going to look it up and realizing that it's actually been there since iOS 17.
For me this highlights another issue with iOS which is it has many awesome features that you just won't know about unless you're a techie that keeps up with the news. One great example is the "hidden folder" feature that allows you to hide sensitive apps in an unmarked folder that when set to it's most secure setting, can only be opened with FaceID and no passcode backup. Along with some other features like preventing the app from showing up in your app switcher.
This is a genius feature but I see very few people with it enabled, mostly because they just don't know it's a thing. Something like this should be front and center when you first setup your device but instead it's a feature so buried that I had to lookup a guide on how to enable it.
And repair mode is equally buried, I had to lookup a guide on how to enable it as well. IMHO Apple really needs to tweak iOS to better surface these features.
Probably the single most useful hidden feature, valuable to parents everywhere, is “Guided Access” mode available through accessibility settings.
It lets you lock the screen to a single app or disable touch entirely (or even by custom region), so that you can hand your device to a kid without worrying they will delete your photos.
They never even really promoted this features in their news updates.
It also makes the app come up immediately when your turn on the screen, so it's in front of the lock screen basically (but you can only access that particular app). It's good for showing someone a specific app. I also use it for instant access to my train ticket (QR code on screen on the train company's app). The iOS version sounds better though.
IMO the feature shouldn’t even be in Find My because it’s not really related to finding your phone or activation locking/unlocking it.
Why isn't showing the user how to enable "repair mode" one of the first things the "genius" does if such a feature exists? In the same spirit as us turning away when a user enters their password.
It’s a perfect example of a feature being surfaced exactly as it should be, when needed. Quite a bit of mental gymnastics to twist that into being an ‘issue’.
Now that I know it's a feature, I won't suggest that for iPhone users as backup+restore just sucks. (I know restore is easy, but bank apps, Signal, etc don't get backed up, so it is an annoyance)
So it can easily be opened by someone who restrains you and holds your phone in front of your face then?
- He was at a bar and got to talking to one girl.
- There was another girl watching him and his phone and figured out his passcode. The bar was dimly lit so FaceID didn't always work and at some point he entered his passcode and she saw.
- They all left to "go back to their place" and in the process the girls stole his phone.
- Mid ride they kicked him out of the Uber.
- He goes home and realized his bank accounts have all been cleaned out via Venmo and CashApp.
Had those apps been inside the "secure folder", they would have not been able to access them and thus would not have been able to clean him out like they did.
[1]: https://xkcd.com/538/
[2]: https://daringfireball.net/2022/06/require_a_passcode_to_unl...
Indeed, there were some settings that needed to be set, to ”help” the new screen.
Having said that — I’ve previously documented a case (well over 10 years ago) where I caught a local PC repair company who used their access to a machine of mine they were repairing - to quickly scan through the thumbnails of our personal photos, and look closer at any image which showed any flesh.
People expect to be trusted but don’t act in a trustworthy manner.
I don’t think I ever had a single person say no to the pin but we did have plenty of people wipe the device before they brought it in.
Now I think this is what I would do if I need to send any electronic device for repairs.
All my data is backed up to cloud, yes setting it up again is a chore but it's better than risking my data with some unknown contractor.
How is that less worrisome? Your data is living in someone else's storage, waiting to be compromised.
That doesn’t necessarily help with people sending in devices with special nostalgia for the physical hardware, such as a signature. Though whether those sorts of issues were from not paying attention to notes attached to the account or outright theft has rarely been clear.
Customers should be able to choose where to repair their device, or even be able to repair it themselves. Just because it's an "official" repair shop doesn't mean its the best and the safest. Louis Rossmann has been saying this for years.
I'm glad this person won the lawsuit though; getting your nudes leaked is a really shitty situation to be in. Apple needs to do a better job vetting their repair shops.
Yes, this sucks hard.
People would come back and thank us for sending them to Apple.
They even honored them out of warranty due to the lawsuit they faced with Nvidia over the solder failures.
I never heard of any actions to take after the second failure, shame. Was that also valid in the EU?
Whole thing did leave me a bit sour about Apple tbh, it was my last macbook.
https://www.macrumors.com/2024/04/30/ios-17-5-repair-state/
Deleted Comment
[0] https://www.youtube.com/watch?v=-XQlZdTEhPg