I think the part of the discussion that is ignored here is the security aspect.
Apple has hardened their hardware against attackers replacing components of the phone with compromised versions. Sure, at the same time it prevents 3rd party repairs, but I don't think Apple's only motivation for doing this was to screw over 3rd party repair shops.
When the NSA leaks came out, there was some sections that showed how shipments of electronics could be intercepted and backdoored. I would 100% believe there are groups out there that have or are working on chip level attacks for iPhones and other mobile products. Swap Apple's Face unlock chip with a custom one that includes other embedded profiles that can unlock the phone without the owner's knowledge does not seem far fetched.
A lot of the changes to the MacBooks seem to also have been done with device hardening in mind.
I cannot tell you how much damage my iPhone 12 Pro has taken without the screen cracking, which makes me personally think the reasons these changes have been made are not just related to 3rd party repairs.
If you look back at the history of Apple you'll find they've always been authoritarian control-freaks, ever since the original Macintosh. This is merely another step in the same direction.
The article even says that the repair shops have already found ways around it, so whatever element of "security" it provides is clearly extremely low. It only exists as a (low) bar against third-party repair, with "security" as an excuse.
As the saying goes "those who give up freedom for security..." etc.
The workaround requires physically moving the original chip to new phone screen. Assuming that chip is where the important Face ID stuff happens, this ensures the important component hasn’t been tampered with and would thwart the NSA hardware intercept attacks op mentioned. Can anyone confirm this chip is also where the Face ID profiles are stored/enforced?
That said, I’m still doubtful this is entirely for security. What’s frustrating with Apple is that their moves to secure their hardware at every level also have the effect of tightening their stranglehold on the ecosystem. Unclear what the core motivation is.
So a marginally sophisticated player motivated by say stealing someone's content can still do it relatively easy, but if my 14-yr-old breaks her screen, we're SOL. You don't actually think this would even slow down the NSA do you? It's about Apple locking out independent repair businesses.
Would this stop the NSA? No way. But assuming this component is critical for Face ID security, then yes I do think it would slow down the NSA. And it's probably moot since well-funded state actors have access to RCE 0-days anyway.
But raising the cost of an attack might put it out of reach for lower-level actors. For example, there's a small industry of stalkerware [0] out there where the attacker is someone close to the victim. Like with a couple going through a divorce. This measure might make it infeasible for a stalker to compromise a victim's phone by replacing the Face ID chip with a hacked one.
Is security the only reason Apple's doing this? Not a chance. But I also don't think this is 100% useless security theatre. The better way to combat this is to fight against the false dichotomy Apple presents. They act like there's no middle ground between security and user control.
Rather than say all these security measures are useless, we can acknowledge that they have some value but present an alternative solution. I'm sure there are many options but here's a simple one: Don't put the secure Face ID chip on the replaceable screen! Put it somewhere else in the phone next to all the other secure hardware chips.
If I understand this correctly, this leaves the options of either keeping the existing chip that knows your face but isn’t backdoored, or replacing it with one that is backdoored but doesn’t know your face.
If so, I think it would slow down the NSA. They would have to figure out how to add a new face to an existing chip and, ideally, keep that hidden from the phone’s owner.
The chip establishes an authenticated, encrypted channel for faceID sensor information.
The goal is to prevent someone from silently replacing the camera module with a new device that is no longer capturing local/live data.
Since the ability to replace the camera is audited though, I would assume that this does lock out replacements of the FaceID module by unauthorized third parties, _unless_ there is also a process to do so via a full hardware/storage reset.
> Assuming that chip is where the important Face ID stuff happens, this ensures the important component hasn’t been tampered with and would thwart the NSA hardware intercept attacks op mentioned. Can anyone confirm this chip is also where the Face ID profiles are stored/enforced?
It can't be, otherwise Apples techs would not be able to replace it either. Even if it was, there wouldn't even be a reason to put it on the screen's ribbon cable. It could be integrated into the Apple-designed CPU, making the parts cheaper and more modular (i.e. easier to repair, even for Apple)
Right, the happy middle ground here would be to separate the security critical hardware from the fragile part which often needs replacement. It's unclear whether Apple repeatedly choose not to do this because of lack of incentive, lack of capability, or hostility towards repair.
i know so many inner city repair people, people of color who's business relies on fixing these phones. apple is effectively trying to dismantle these businesses by doing this type of tampering, i don't think it's right and it's effecting an already vulnerable segment of society.
Wow, that’s low. Not only are you needlessly bringing race into this, your comment comes across as deeply condescending to the very people you are purporting to support.
Except that the 'work around' does maintain security since it preserves the original FaceID chip assembly.
"The most sophisticated repair shops have found a workaround, but it’s not a quick, clever hack—it’s physically moving a soldered chip from the original screen onto the replacement. "
I'm not convinced by this - if you look at an iPhone 13's screen, it's entirely separate from the face ID hardware. https://i.imgur.com/D63HrIT.png (screenshot from [0])
On iPhones X through 12, if you kept the Face ID hardware and only changed the display, Face ID would continue to work. On the iPhone 13 series, if you keep the Face ID hardware and change the display, Face ID stops working.
The chip which people are removing seems to serve only to identify the display - nothing to do with the Face ID system. Apple has been using this chip for years to disable "true tone" display functionality when the screen was swapped (unless it was programmed by a proprietary tool, only available to first-party repair shops) - they're now also tying it disable Face ID.
You're wrong to say that the element of security it provides is low because, even with this workaround, you still don't have access to the data on the device. All this "workaround" does is keep the chain of trust from the original device. You'd still need to be able to unlock the device in order to get anything from it. It doesn't reset the FaceID information or bypass it in any way.
way to make a total strawman. that quote about freedom has nothing to do with digital security which enhances your privacy and the knowledge that your phone isn't compromised.
i'm all for right to repair and for apple to provide cheaper repairs and more authentic parts to resellers, but don't be obtuse about the reasoning.
the way around it, as i read, was to solder a chip to another board, which has some information authenticating the part and digital trust chain. anyway, i'm sure people like you just love to find reasons to hate apple, as it's grown to be a sort of cult rivaling the one that supports 'em
I mean, yes, this change makes them more money. But Apple is weird, because they are actually able to convince themselves that they're doing this for a good reason, and if you follow them closely you can almost see their central argument: when it comes to security, they trust nobody but themselves, not even the user they sell the device to. It's kind of a strange mindset, but if you look at it under that lens a lot of the concerns about sideloading and repairs make sense from their perspective ("we don't trust the user to do the right thing for their devices").
How does this look like from the outside? I think there are genuinely a lot of people who actually agree with this. Actually, I think almost everyone agrees with this to some extent: people only have a limited amount of effort they can spend managing different parts of their life. The conflict occurs for the parts where people do feel like they can make better decisions than Apple, but they can't because Apple won't let them. For most people, going to an Apple Store or AASP to get a repair is generally fine and saves them hassle. But for the people who are willing to save money to go elsewhere, or do their own repairs, it really sucks.
it would be easier to stomach “apple owns the device not the loser customer” if there was a single major oem who was focused only on producing customer-owned devices
“ It can be debated whether the Librem 5 should be called "free hardware" or "open hardware" since most of the complexity of a smartphone lies within the individual components which are not open hardware. The Librem 5 is free/open hardware in the sense that anyone can take the schematics and legally produce their own versions of the phone, but it isn't free/open hardware in the sense that people can't access the source files for the SoC, cellular modem, WiFi/Bluetooth, GNSS, USB controller, etc., so most of the functionality is hidden.”
Let's examine your premise: Apple acts in the best interest of the customer. In this light FaceID is a bug, not a feature. If somebody wants to get into your phone they don't even need to beat you up; they just have to restrain you, take your phone, point it at your face, and they're in.
With a decent password, the adversary has to at least use a rubber hose. More important, cops can't legally use a rubber hose but they can damn well take your phone and point it at your face with no repercussions.
> when it comes to security, they trust nobody but themselves, not even the user they sell the device to. It's kind of a strange mindset
It is a strange mindset until you remember that obvious phishing attempts are still crippling organisations and so does ransomware and social engineering.
The security aspect is commonly brought up for justification for moves like this.
Would something like this even remotely stop an actor with the resources like the NSA? Does this even remotely benefit people that are not being targeted by intelligence services? I'd guess no. Security benefits for most people don't outweigh the downsides. If they are so security conscious why even have FaceID at all? It's already been shown to be not that secure why not instead require users to enter a 15 digit password and use 2FA to unlock their phone instead? Is it that they value convienence over security in that case but not where it potentially loses them money?
I think you got it backwards. The main reason is to exclude 3rd party repairs and extra security is a side effect that can be used as justification. Follow the money.
IMO there is way more money, like orders of magnitude more, to be made from successfully branding the iPhone as the most secure and private smartphone, compared to the repairs market.
They can already do that without harming repairs. As if replacing the hardware with physical access and giving the phone back to you to tap you is an attack people are actually afraid of... (and if they were, e.g. targeted by state actors or whatever, they could just get a specialized phone, not a mass market one).
They already have non-E2E-encrypted iCloud backups where they give access to the Feds and others.
The same argument could be made for any security hardening. Why bother with MFA, biometrics etc when the chances of being compromised are statistically very low. The reason is that it does happen and on a scale that's hard to quantify.
We have examples in Australia of ordinary citizens being targeted by China for promoting Hong Kong or showing support for Uyghur Muslims. And evidence has come to light that their phones and cloud accounts were hacked and friends/families targeted.
So for me personally I will take security hardening any day over saving a few bucks to go to a cheap screen repairer.
>The same argument could be made for any security hardening. Why bother with MFA, biometrics etc when the chances of being compromised are statistically very low.
No, the chances there are statistically very big. Because a thief might get your phone, and then can exploit access to it without MFA, biometrics, etc, and stole your bank account, data, etc.
But the chances of people (a) getting your phone, (b) replacing the camera module and compromising the OS, (c) giving your phone back without you noticing, to get your data, are statistically tiny.
And we've somehow managed for 15 years of smartphones without those mitigations...
>And evidence has come to light that their phones and cloud accounts were hacked and friends/families targeted.
Where they hacked in the way we're talking about here? If not, how is this relevant?
Give me a break. A screen swap in a modern smartphone is not something you can do in a bar in the time it takes somebody to go the bathroom. You need tools like a heat gun to even get the things open which greatly greatly limits the scenarios where and when something like this could occur.
Yeah, sure. Let me put millions to compromise a supply chain and get access to what thousands of people are sending on their WhatsApp accounts /s.
There is a reason why any type of security analysis needs to depend on your treat model. Unless the target is worth it, it doesn't make sense to do what you described.
Instead, millions of people lose a option of doing their screen repairs for cheap. And of course, Apple will have access to more money as always. But sure, security...
What are you on about? All you'd need to do is find the place where your target is going and either bribe the teenager behind the counter or, depending on the value of the target, compromise the distributor from wherever the parts are coming. This is neither expensive nor difficult to do.
> All you'd need to do is find the place where your target is going and either bribe the teenager behind the counter or, depending on the value of the target, compromise the distributor from wherever the parts are coming. This is neither expensive nor difficult to do.
Sure you won't find strange that your smartphone disappear and appear later on, probably turned off (or at least asking for password) because I can't imagine someone doing this procedure with it powered on.
BTW, if you're really a so important target that your life depends on your phone not being tapped, you probably at this point would just throw away your phone and buying another, even if it is completely secure (that I am sure it iPhones isn't). I can imagine many other ways of compromising your privacy just by adding a small GPS tracker or something similar, and this way I don't even need to have access to the original hardware.
Now, of course only a small handful of people needs that amount of security. For most people, having hardware-level encryption of the data contents is fine, of course with trusted path with the bio-metric sensors so a just swap of parts doesn't give access to all its data. This level of security is available in any Android/iPhone. Anything else is just justification to allow Apples to earn even more money.
> If your argument is that insecure devices are ok for most people, you’ve already lost.
Quoting things out-of-context is really bad.
What I meant for that amount of security is the kinda of security where if you lose your device from your sight consider it already compromised. People that needs that amount of security will not be better with the Apple's new security theater.
Android devices are sufficient secure if they're up-to-date (this is not always true, sadly). iPhone devices are secure when they're up-to-date (more likely) and not suffering from the 0-day exploit of the week (that is happening more and more frequently). Arguably every iPhone user would be much better if Apple started to take software security more seriously, but they prefer to increase their profits by making screen repairs harder "in name of security".
Just to make it clear: you don't need to have "Apple certificated repair shops" replace the screen to have secure bio-metrics. The Google Pixel 6 shows this, you can change the screen, this will disable the bio-metrics until the device is re-calibrated (that doesn't need special hardware). Once re-calibrated the device will wipe itself, so there is no security issue here [1].
But even still, this is probably too much. 0-days seems to be so bountiful those days that buying a 0-day seems to be much cheaper than doing custom hardware, even when the hardware itself is not authenticated. Still, if you're gonna do it, do as Google at least.
As far as I know they didn't trash their reputation among normal end-users, as long as they don't know or care apple can pull shit like that all day while still raking in money from the "security-conscious" crowd.
Also as far as the NSA is concerned, surely it'd be easier if they have a single supply chain where they are guaranteed to be able to compromise every single iPhone?
Seems a lot easier than compromising some random repair shop.
If Apple actually cared about security & privacy they would make iCloud et al. E2E encrypted but they don't.
A sophisticated hardware attack is probably going to be government sponsored anyway in which case that government can just request data from Apple directly.
You can care about security and privacy and also still care of ease of use. For 99.99% of their customers, encryption is enforced by default and being able to recover their data is more important than E2E encryption.
I make encrypted iOS backups to my computer. Happens automatically when I plug in my phone. Data never touches the cloud.
Also Apple does use E2EE for some iCloud backup data like Health, and Keychain (passwords). If you lose access to all of your iDevices you can't recover that data.
I totally agree that Apple should just make all iCloud backup data E2EE. Given that users already lose some types of data from their backup when they lose the key, that doesn't seem like that much of a barrier. Supposedly the reason they're not all E2EE is because of pressure from the FBI[0]. But people like me that care can still have encrypted backups.
Making it an option results in people taking that option without fully understanding the consequences. Then those users forget their password and when Apple tells them it is impossible to recover their data they run to the local news station and Apple gets a black eye. Regular people see it on the news and stop buying iPhones.
On the other hand, by not making it an option, Apple annoys power users and others at the extreme tail of the distribution. These users write about it in the tech press and Apple gets a black eye there… But Apple has always been criticized in the tech press so it doesn’t really change anything.
You seem to be implying that E2E is impossible without client-side CSAM scanning, but this is obviously false since other companies offer E2E without that.
Not technically impossible, but legally risky, and Apple are very risk-averse, legally-speaking.
Client-side CSAM detection would allow full client-side secrecy unless there’s a pattern of in-violation imagery destined to be sent (presumably E2E encrypted and thus undetectable) to iCloud.
It's easy to view every move Apple makes through the lens of money.
Their platform is locked down so that nobody can carve out their own turf. No custom browsers with modern web features. No runtimes. Apple's rules and taxes, or you're banned.
I've never been afraid of batteries compromising my system. Or new screens. Apple wants the extremely lucrative device repair market, and this is how they get it. Screens are the most common and expensive part to replace.
I am, however, afraid of my device reporting files that the government doesn't like. The Russian FSB is salivating at Apple's new device spying "CSAM" capabilities. Apple built this system to satisfy totalitarian regimes so they could still sell their devices. It turns their entire platform into a dragnet so that intelligence knows exactly who to target. The FBI probably put pressure on the DOJ for these same capabilities too. Apple is deathly afraid of antitrust breaking up their gravy train and would bow to pressure.
This is about money. Apple wants it all. They need extreme growth to justify their stock price and future outlook.
>I've never been afraid of batteries compromising my system.
Another case of "this doesn't affect me so there's no way anyone else would need it" that has recently plagued this site. This doesn't affect you but it does affect the millions of users that depend on the security of the phone - any enterprise level corporation with employees, government organizations, companies that deal with sensitive data, hospitals and other parts of the medical industry.
You're not afraid of batteries compromising your system but you're not the only person using these devices. Offering a more secure solution benefits everyone using these devices, even if you don't personally recognize a benefit from it.
> Offering a more secure solution benefits everyone using these devices, even if you don't personally recognize a benefit from it.
It's a detriment to me. I don't need that level of security, so why should I pay extra for all my repairs which is effectively me subsidizing enterprise corporations and governments? Plus it's increasing the original development and manufacturing costs, so I'm paying a lot extra for something that doesn't benefit me at all.
If those companies and governments really need those security features, let them pay for them. I don't care if their phones cost $5k.
A monopoly like Apple, hoarding and gatekeeping the tech, raising their prices. Making 3rd party apps and services more expensive because they have less margin due to Apple taxes.
Apple is not a monopoly so the rest of your statement is meaningless drivel. Also, if I recognize you from other threads, you tend to be pretty sensationalist so forgive me if I feel like you're the one selling a boogeyman.
Accusing a business of being motivated only by money is completely trivial and in informative.
For example iFixit clearly cares absolutely nothing for user security and is only motivated by money. They simply don’t care if devices are secure as long as they can sell repair kits.
Also it is clearly in ifixit’s interest to have unreliable devices that break often and need more repairs. This is true of the entire repair business - all they care about is money.
iFixit's business incentives are more aligned with the interests of consumers than the incentives of manufacturers like Apple who obstruct the repair of the devices they sell. The negligible security difference that Apple is using as an excuse to enforce high repair charges plays a minimal role in an informed user's decision to use a third-party part.
Clearly this isn't the case. It seems that the majority of consumers prefer the higher security posture of the iPhone as opposed to the low repairability. You claim it's a negligible security difference yet government organizations and enterprise customers choose iPhones a majority of the time for exactly the security posture used by the iPhone.
Someone who purchases an iPhone does not automatically endorse every single aspect of the iPhone. Many people choose iPhones because they are fashionable, and not for any security consideration.
Governments and enterprises contract with original equipment manufacturers for repairs because it is more convenient at that scale. Most phone users are not government or enterprise users, and have lower budgets. The cost difference between an Apple repair and a third-party repair is negligible for an enterprise, but much more significant for the average user.
Apple also intends to make money on repairs, which is why they are charging a higher markup for parts and labor compared to independent repair shops, and implementing anti-competitive restrictions to make it more difficult for third parties to repair Apple products when they break. Many phones from other manufacturers are also bought secondhand, just check eBay for examples.
Or maybe the only way independent companies can undercut Apple is to use sub-standard replacement parts, such as screen glass which isn’t toughened. In my experience this is very common. And it means that people who are prone to breaking their screen get replacement after replacement after replacement — ultimately costing them more.
This exact scenario has happened to two close friends and I’ve heard of it occurring with other people. Replacement screens break easily and the cost of the first and second repairs is more than one repair by Apple.
Many independent repair shops use high-quality parts, and consumers can check reviews or rely on past experiences to determine the quality of the repair before choosing a shop that works for them. Risk-averse consumers who are able to afford the higher upcharge can still choose to go to Apple for repairs if they want to. Obstructing independent repair options does a disservice to the consumers who prefer them.
In my experience, even the "high quality parts" are junk.
And regardless how high the quality is, these are still basically counterfeit products. Nobody would think it's okay for a company to sell counterfeit iPhones. Why is it okay to sell counterfeit iPhone components?
1) The market has a wide range of solutions at various prices for consumers. You wouldn't prevent people from buying a cheap Kia or Ford because it'll cost them more in the long run, would you? Must they buy a BMW? And then only source their parts from the original manufacturer in licensed dealerships?
2) If Apple cared about quality so much, why do their cables fray so easily? I've had to replace all of my charging cables, even on my recent M1 Mac.
In any case, your anecdotes are not the whole marketplace. A world where we can buy only Apple is a nightmare hellscape. Pray that doesn't happen.
>Someone who purchases an iPhone does not automatically endorse every single aspect of the iPhone.
While this is true, it does point out that that's not an important enough factor for them to not buy the phone, though. All these claims that this is in the interest of consumers is meaningless when people aren't buying the other phones but are buying iPhones. It seems Apple is nailing the "interests of consumers" pretty well, if that's the case.
Until phones and other electronics become indestructible, iFixit and independent repair shops continue to serve a consumer need by offering more cost-effective repair options than Apple and other manufacturers do.
Sure - but of course ifixit profits from devices that break easily, whereas Apple benefits from making devices more and more indestructible, which is why they keep working on that.
"Sure, at the same time it prevents 3rd party repairs, but I don't think Apple's only motivation for doing this was to screw over 3rd party repair shops."
Is that why they don't let you replace the microphone jack on a macbook and prevent their suppliers from selling me a replacement battery, keyboard or display?
Yes. If you can replace the microphone jack, or any of the other hardware you mention without verifying its integrity, you can add surveillance hardware to the device. I could replace your microphone with one that records everything and sends it to me and you'd be none the wiser.
If Apple Stores have the ability to pair a new FaceID module after an "official" repair, then why wouldn't the NSA have that same ability? Only third-party repair shops don't have that ability.
Presumably it would be some sort of signing solution, which would be a level of cryptography that not even the NSA with their infinite resources can defeat. Their only hope is to find bugs in the system that can be exploited. In this case such a “bug” would be replacing a module that doesn’t have any hardware integrity checking.
What? Apple will just give them a signing key or, more likely, build a portal for law enforcement to use. If they can provide those tools to authorized repair centers they’ll have to give them to the government when compelled.
> they’ll have to give them to the government when compelled.
Says who? The whole bruhaha in the San Bernardino case was that Apple would not create a custom version of iOS that would bypass the passcode system. If what you say is true, the FBI could've just compelled them to hand over the root CA for signing iOS builds, built a custom iOS iPSW that's pre-jailbroken (as was a thing in the years before the bootrom became more locked down), and been done.
Or if an employee of a store can do this, just pay or get an employee hired. I haven't heard of this seems concerning to me. I use a long passcode only on both phone and laptop.
That's why this exists, though. You can't compromise the person if the hardware signing/check are done via software that's connected to a server. There's nothing a person can do to override that if the hardware doesn't send back the right key.
> When the NSA leaks came out, there was some sections that showed how shipments of electronics could be intercepted and backdoored. I would 100% believe there are groups out there that have or are working on chip level attacks for iPhones and other mobile products. Swap Apple's Face unlock chip with a custom one that includes other embedded profiles that can unlock the phone without the owner's knowledge does not seem far fetched.
Which class of attackers are those hardenings supposed to deter? For three letter agencies, or groups with the resources to produce chip level attacks, this is child's play.
It was fair when Apple banned 3rd party home button(TouchID) replacement because it's sensor itself so it's natural that they should make tamperproof. But this case is FaceID. I'll accept they ban to replace FaceID module, but why they integrate security chip onto display module (say, most fragile part) despite it wasn't? It looks they aren't legit for me.
Techniques like this; tying hardware together and not allowing legitimate owners pair them to work is purely anti-competitive garbage. We've seen this with coffee pods, automated cat litterbox cleaners, dish washers, inkjet printers, and more.
Apple finally wanted the market for themselves. And since they control the hardware, well, yeah.
You are wrong. With a state actor in the room, it is quite possible to place a complex die with static ram on a thin substrate inside a multilayer board, using the +5 and ground and a number of traces that lead to I/O ports etc,
https://hackaday.com/2019/01/18/oreo-construction-hiding-you...
Remember these are all from 15 down to 10 nanometer parts and at that size circuit complexity takes little space and since they live beneath other chips, they are hard to find with x-rays if there is a +5 and ground plane that hides them.
Remember are 16 billion gates in an Apple M1 CPU,
https://www.macrumors.com/guide/m1/#:~:text=M1%20Macs%20max%....
A million gate parts is as small as a poppy seed and would need to have a fan out - perhaps they could have an optical I/O and live within the corporate data stream, only waking up when special complex command sequences occur and they read their RAM and do their job - back to waiting...
What a straw man! Coffee pods, automated litterboxes, dish washers, and all the rest don't carry an individual's entire digital life on them. You're literally comparing devices that really don't need any kind of security (other than, at worst, network security) to devices that demand privacy and security.
This is either a disingenuous attempt to downplay the important of hardware security or an extremely ignorant analysis of the situation being described.
> This is either a disingenuous attempt to downplay the important of hardware security or an extremely ignorant analysis of the situation being described.
All of those examples have to do with one primary concept: DRM.
DRM doesn't serve the end user. Nor does the coffee pods with Keurig, all the stupid stuff around inkjet cartridges, cat litterbox cleaner, and more. They ALL do have to do with customer capture and profit enforcement.
The parent comment wasn't talking about simple DRM. They were making a specific point that Apple's motivation for hardening the hardware security of phones had nothing to do with actual security but was "anti-competitive garbage" and then compared it to devices that don't need security. It's not the same thing.
I agree that all those things have needless DRM but that doesn't support or prove the parent's point at all.
It is not my responsibility to disprove that replacing the screen is some sort of anti-nation-state thing. It's their job to prove that.
The obvious and most direct answer is this is being used to prevent repair by all the phone repair companies that have popped up. They now want a cut, and have enforced a serial-number-on-a-chip that kills a whole industry.
That's not how it works. You're the one making the claim, you have to show the evidence to support that claim. They have only claimed that their intention in doing this is to improve security on these devices and they've literally published white papers showing how this does that. There's an entire white paper dedicated to the Secure Enclave and another dedicated just to FaceID.
There's no obvious and direct answer here because you haven't challenged their claim or their evidence that doing this makes these devices more secure because it does. It may have the additional side-effect of making repairs more difficult but if you want to make the claim that their motivation is not what they say it is then you have to provide the evidence for that.
I'm not against blocking government level physical security attacks on personal devices but I am against the idea such a thing warrants or truly requires every user to be blocked from all but first party repairs.
If whatever infallible repair process and repair techs Apple is using internally can truly not be open to 3rd parties without compromising against such nation level attacks then at the very least protections against such attacks should be an option you enable which tells the security processor to never accept new hardware, not a forced default for all consumers which just happen to need repairs over time and are given only one place to get them.
Yeah. This should be what regulations enforce. I’m fine with parts serialization to help identify genuine, certified parts, but as the user I should be able to bypass it if I want to use compatible parts.
It shouldn't be a mere "bypass" as in "press OK to forgo cryptographic security", but rather should include the ability to replace or augment the root of trust with additional keys.
But how would you know someone hasn’t accepted the additional keys for you? You’re making the system weaker while making it appear stronger - that’s the worst possible outcome.
Adding additional keys should wipe the whole device, require a significant amount of time (a few days tethered in a debug mode), and the boot screen should display the trust root.
Would it be that bad if it were a persistent check that happened on boot? All you'd need to do to validate the hardware in your phone is reboot it and it would barely have any impact during normal operation.
I don't know. Maybe a few weeks ago. The point of doing it on boot is that if you're so important that your threat model includes avoiding non-certified parts, you have an on-demand check to validate the entire chain of hardware in your device.
So if you take your phone in for a repair, reboot it afterwards to make sure the parts are all certified. After that you don't need to do it again unless you leave your phone unattended or have a reason to suspect someone swapped parts on you. There could even be an option to toggle on super persistent warnings if needed.
The point is, you don't need persistent warnings to give a normal user the tools they need to check if they have all genuine parts. Reboot your phone after a repair to ensure you received genuine parts is a pretty simple concept to teach people.
We don’t really have to assume that Apple is intentionally harming 3rd party repair, but even if we believe they are operating in good faith they seem to be ignoring third party repair. Which means they don’t really care about saving their customers time and money or reducing waste.
Since you can bypass it with a microscope and soldering, moving a chip from the old screen to the new screen, this doesn't seem like much added difficulty for someone who is already implementing a hardware-based attack?
I'd guess the aim is to be secure on all components (most of these things have their own processor(s)). If you can compromise one component you can move from there to compromise another one, until you get to something worthwhile.
I don't think my main concern would be three letter agencies (they're going to find a way in to your average consumer one way or another). Probably more likely some organized crime gang backdooring cheap replacement screens and using that to perform an attack on financial data or similar. Attacker doesn't have physical access to the device, just manipulated the supply chain.
So they have all these restriction for security and privacy, but they’re all worthless if Apple decides they’re going to provide surveillance for the government, right?
IMO this is a win win for Apple. They get to pretend the anti-repair shenanigans are for your protection, but they also have the option of turning around and selling access to you and your device to whoever they want.
The NSA spying isn’t comparable either. That was mass surveillance. Swapping a piece of hardware, which requires hands on the device, doesn’t scale to the point of being a threat like that IMO.
For me, the negatives of non-repairability outweigh the pros of the security provided. I’m not worried about the government swapping my screen to gain access to my device.
Users who choose to repair the products they own with the parts they want at the price they're willing to pay are not being "manipulated" into anything.
This. Every iPhone owner gains some tangible value from every disappointed thief. And this will rise as more and more of the userbase converts to totally locked down phones.
Cumulatively over every user, that seems to be a huge value add.
So, we worry so much that the NSA will conduct a supply chain attack against an adversary (domestic surveillance does not fall under the NSA) that we further lock down our own devices?
Everything Apple does in the name of security or privacy is about enforcing Apple's control over what you do with their hardware after you buy it. They give not one thin damn about your privacy: They want to know everything you're doing with your Apple hardware. Put a sniffer on your Mac and count the daemons phoning home to Apple. Your jaw will drop.
As to the supply chain issue, microsoldering is trivially easy for serious adversaries, as TFA suggests. Apple just wants that sweet revenue stream from people who drop their phones. That's what they're protecting.
This is the most ridiculous thing I read this year - and I've read a lot of mad stuff. Let's assume your justification is true and Apple cares so much about the privacy that they implemented this feature just to protect them and that they don't care about the money from repairs.
So, in your scenario, someone would have to steal my phone, disassemble it, and replace the face unlock recognition chip with a custom version. Let's assume this is easy technically, i.e. you could actually do it in the iPhone 12 and the phone would happily accept the modified version (not a small feat if you ask me). Now, while I don't think it's absolutely impossible, the means to accomplish this are usually available to nation-state actors, and in cases like this one the xkcd 538 comes to mind.
This anti consumer approach by Apple is why I refuse to buy anything from them. My last Apple purchase was the iPad Gen 1 as I thought it was a truly remarkable device when it came out but the planned obsolescence was obvious after a few short years.
Recently I had my XPS15 power cord plug break and while I waited for the spare part (that I could repair myself) I had the pleasure of borrowing my partner's MacBook which was an amazing experience compared to Windows. However, that experience is nothing to the cost and pain if something with the hardware goes wrong. Even when I forgot my Apple ID (as it had been so long) it took over a week before Apple deemed it okay for me to recover my password.
I get the seduction of using a snappy beautiful machine and UX, but I just don't think it's worth it tying myself to Apple and being walled in the whole ecosystem upgrade treadmill.
> Even when I forgot my Apple ID (as it had been so long) it took over a week before Apple deemed it okay for me to recover my password.
I do not see what is wrong this added security. For something that unlocks basically everything about me, it seems reasonable to not let it be unlocked at a moment’s notice.
From my point of view I believe I can be trusted to reset my Apple ID quickly. I'm very security conscious which is why unlocking my Apple ID does not unlock 'everything about me'. As I mentioned in a previous reply, I get it now... if you did trust Apple with everything about yourself, you would see the delay as reasonable security.
However, I just don't trust Apple that much because they are at the end of the day a huge corporation that couldn't give a monkey's if my data was compromised. I'm a little guy and Apple isn't going to apologise or make it right if something catastrophic happened. The Fappening is case and point. These celebrities trusted Apple and completely outsourced their security only to find their privacy violated in shocking horror.
So, I understand where you're coming from, but it's a step too far for me.
> The Fappening is case and point. These celebrities trusted Apple and completely outsourced their security only to find their privacy violated in shocking horror.
The fappening happened because people got spearphished into sending others their account passwords. That jump started the 2FA push, but there is not much a company can do if you willingly give your authentication details to someone else. If anything, the fact that apple does not allow passwords to be reset haphazardly and makes you wait 7 days means they go out of their way to prevent regular people from being victims, possibly a result of the fappening.
> From my point of view I believe I can be trusted to reset my Apple ID quickly.
A different, devil’s advocate perspective, might be that if you forgot you Apple ID credentials, you should not be trusted to reset your Apple ID. I have passwords from 15+ years ago in my password safe. I have never needed to reset my Apple ID.
The other thing to consider, is whether you’d be happy for an attacker to reset your Apple ID quickly. Apple lose a lot of credibility when iCloud started raining celebrity nudes to 4chan. They care less about you specifically as a user than they do about whole classes of users who’re much more likely to be phished and social engineered than you believe yourself to be…
As mentioned previously, the last Apple product I purchased was the iPad Gen 1 (2010). However, my security consciousness changed post Snowden (2013) and I devoted time and effort to study and implement strong infosec.
This was about when I stopped using my Apple ID (so I'd estimate it's been about 8 years).
That said, bragging that you haven't changed your passwords from 15+ years ago, even if they are securely stored, makes me question how serious you take your security.
I change my passwords regularly, and it's accepted that this is best practice.
As to your comment about an attacker being able to reset my password quickly, I think I should be given the option to if I wanted, or be allowed to provide KYC like passport or driving licence to fast track it.
If I was a celebrity I might want to opt in to 'slow track' plus KYC verification.
My point is about not having the option because it's Apple's way or the highway.
It is absolutely not, and hasn't been for several years (source; I'm on the industry panel for many security standards). Every serious security standard (NIST, DoD, GCHQ, etc) say that choosing a strong password is important, but that periodically changing it brings at best no benefit.
The overwhelming consensus in security is that using strong cryptographic secrets is the only really secure way to authenticate. Buy some kind of the tamper evident secret store and get on with your life.
If you allow people to opt-out of security, they will do so and then scream when there's a breach that they made inevitable. Look at the discussion around HSTS for as many examples of this as you please; users cannot be trusted with their own security, they will at best leverage outdated and badly wrong guidance from years ago. More often, they will choose Summer2021 as a password and 000000 as a pin.
A few years ago when we started implementing the revision of NIST 800-63B we started checking user passwords against breach lists by hash.
In a company of just a few hundred people, two unrelated employees had chosen exactly the same compromised password. After forcing a change, we asked them what their old password was.
Summer2018! was chosen independently by two people in a smallish company who had never met.
I did an audit once where security confidently told us that there were no weak passwords given out by the helpdesk. When we actually tested hashes, we determined that there were a ton of the usual suspects. When we chatted up some helpdesk people over lunch, it turned out the problem was that they gave good passwords whenever someone from security asked because otherwise those jerks would scream at you. Everyone else in the company got easy passwords because it lowered call volumes.
They literally were checking group membership as part of their reset script and giving the user the type of password which was most likely to get them to go away.
Your case has a significant difference: trained IT staff choosing weak passwords for convenience is much worse than “normal” users independently choosing weak credentials despite yearly training.
That said, the root cause is the same: humans cannot remember computationally-secure credentials. We need something else. Pushing for “stronger passwords” is folly.
My experience with not regularly changing passwords is that the security of your login credentials decays over time. If you keep track of when you changed your passwords you will know what time period you were compromised if you check a website like https://haveibeenpwned.com.
If not, you'll might have to trust whatever PR says about when the breach occured.
I agree that strong passwords and cryptographic storage is the way to go, but I think you go too far when you say "users cannot be trusted with their own security" because some can. I think it really depends on who your users are.
Why does the time period matter when each credential should have a unique password anyways? Is knowing time of a breach important important when the only way you’ll know is through a website like the one you linked or when your credential is used unauthorized ?
Also I personally think users absolutely cannot be trusted. At all. There should be a minimum viable security model for all users regardless of what their threat models should be. (I.e not allowing easily guessable passwords, enforcing a password over X length , forcing capitalized characters and symbols).
One other thing to keep in mind, a lot of the time users (including me) couldn't give a fuck about the security of your website/webapp/mobileapp.
If you force me to register an account to do what I need to do, and I'm never planning on returning anyway - you'll get my "default shit site password" and if you demand a deliverable email with confirmation, you'll get a throwaway-able email. I have a "spare" gmail account which I'll use with the "plus addressing" thing, so you'll likely get random-looking-string+sitename@gmail.com and the equivalent of Password123! - and I don't use that email for anything else. I'll filter mail with that +sitename to spam if/when it starts getting spam, since spammers know that trick and remove it - eventually I just throw away that gmail account and start a new one.
Occasionally that bites me in the ass. Back when this stupid new "text messaging on the web" site started, you know, the one with the best and the fail whale, I was curious and set up an account (at least as much to squat my username as anything else). A few years later and I'm actually using and socialising there, late one night my account starts sending açai berry spam. Because my shit password was shit. (Luckly, they just send a half a dozen spam tweets, and didn't p0wn the account by changing the password/email on me...)
One nice thing about password managers, at least you can search and find all the services you used a shitpassword on, and do an audit of whether you care enough to upgrade the password or delete that service's account.
That infamous case was the result of poor password use followed by an unguarded login page with no retry limit. This isn’t meant to victim blame, but it’s to also point out Apple too was a victim on this, they have a far stronger commitment to privacy compared to other companies.
Sure, but these celebrities completely outsourced their security to Apple because they trusted Apple.
"Apple knows best"... but clearly not because Apple should have had rate limiting for password login attempts to stop password brute-forcing attacks.
As for the far stronger commitment to privacy, I'm not so sure. Apple seems reluctant at times to patch zero-days which has been covered on the front page of HN.
Good news then I suppose. They did, that's not what happened. People abused password reset, with the canonical example being Paris Hilton using her dog's name as a security question.
It's a magician trick. Distract you with one hand while performing the trick with the other. Watch the dazzling performance while they further lock down your device.
> However, that experience is nothing to the cost and pain if something with the hardware goes wrong.
I have never been able to understand that. I can appreciate conviction of not using any manufacturer's products as some kind of a political statement, but this?
How often does something with your hardware goes wrong? I assume it's single-ish number of events per year, but you choose to suffer every day for the experience you deem subpar in a windows device?
Fair point. It's not just this, it's the lack of being able to upgrade. I guess I'm just old and remember when I did my first upgrade from a 14.4k modem to a 33.6k modem and how much faster it was (lol). This is why my next laptop won't be another XPS, but will be a Framework laptop.
I would have bought the Framework laptop now if it wasn't for the fact that they don't ship to the UK (yet) and there's no 15" version.
Yeah, in my youth all my PCs were built by hand from the components (due to cost reasons more than anything else).
But now I feel that this is not such an easy task anymore as components have to be carefully selected to not introduce a bottleneck somewhere by accident and I feel I just don't have the time for this.
>This anti consumer approach by Apple is why I refuse to buy anything from them.
What is anti-consumer about this? I am a consumer and active user of these products and I want this posture when it comes to the security of my devices. I don't want just anyone to be able to tamper with the hardware of my phone nor do I want anyone to be able to access my Apple ID or other info without some kind of time delay for me to take action to secure it.
I couldn't really understand comments like yours until I read a comment by saagarjha above which summed it up nicely by saying, "The conflict occurs for the parts where people do feel like they can make better decisions than Apple, but they can't because Apple won't let them."
I understand now the difference is that you're willing to trust that Apple knows best for you, whereas I trust myself to know what's best for me. I accept that you see this as pro-consumer from your point of view, but from my point of view surely you can see it's not? We just want different things.
What helped me get it was your point about security and that you'll have a different attack surface and will have made different security trade offs to me. Thanks for sharing your point of view, I appreciate it.
While your general point is understandable, it's not really that my position is that I trust that Apple knows what's best for me and, if that's what you took away, then you've misunderstood my point. My point is that Apple has engineered their device in a way that guarantees the chain of trust for the hardware components. That is a position that I understand and agree with because there's no way to compromise that position. I also understand that this makes things harder for third-party repair shops but it doesn't invalidate their ability at all so long as they're willing to jump through the hoops necessary to be in that chain of trust. I know what's best for me and what's best for me is a phone that I can trust the components. It doesn't matter to me whether that's Apple or a third-party. I'm not sure how that translates to "Apple knows what's best for me" instead of "Apple has created a device that, in principle, allows for fewer attack vectors". It wouldn't matter to me who did this. It only matters to me that there's no way to bypass this.
It would be the same as me hiring a security company to protect any other assets I have. I can either hire freelancers or I can hire a company that promises to run background checks on all its employees. That doesn't mean they know what's best for me but it does mean that I trust them to not hire someone who's been in jail for burglary.
However, I'm not so certain Apple has engineered their devices in a way that guarantees the chain of trust for the hardware components.
I would wager major governments have the ability to carry out interdiction operations.
My threat model isn't the Five Eyes (FVEY), it's everything besides them because no one can protect themselves when the NSA flagrantly subverts the Constitution and get away with it. The FVEY work in concert to get around each other's laws so yeah, good luck stopping that.
>...in a way that guarantees the chain of trust for the hardware components
What is your evidence for, or specific concern about, this? Apple has provided a ton of documentation around their hardware security and operate a bug-bounty program as well as a security research device program. I'm struggling to find any real argument beyond "I just don't trust them" here.
Ah yes, the big Bloomberg lie that keeps on giving. If you dig a little farther into this, you'll discover that it's mostly just Bloomberg writers circularly citing each other. They're ignoring the mountain of actual security professionals who work at the companies in question and ask for any real evidence. There is no proof, other than people trying to scare you to sell subscriptions or build their brand.
Yeah the problem is the “anti-consumer” hyperbole. For some people it’s just not for them, doesn’t line up with what they want from a device. I’m not sure why that needs to be anything more than preference.
I agree it's a preference... but I wouldn't go so far as to describe anti-consumer as hyperbole.
Hyperbole is making something sound more impressive than it is, and anti-consumer is not being favorable to consumers.
Some people, like myself, will find Apple approaches not being favorable... the scales of control being tipped too far to Apple than to them. That's not making it sound more impressive than it is. Apple is a behemoth of a corporation and I am orders of magnitude less powerful.
Anyhow, you do you, and I'll do me, it's a free country and if Apple products are perfect for you, c'est la vie!
But with that measure every company on this earth is anti consumer because there will always be some people who won't find their practices acceptable. Maybe you should say "anti my interests"
It's very favorable for lots of consumers who have made a different decision than you. I would go so far as to say that you are in the significant minority, and that doing what you want would be damaging and anti-consumer in the main.
To use my new favorite analogy, one should not be required to fully disassemble and evaluate their cars running gear in order to drive safely.
I haven't noticed that as a user of Apple phones and laptops. The 4 year old iphone SE is working fine with the latest OS. I stopped using the 2013 macbook air because it was kind of falling apart a bit, not due to any weirdness from Apple. I'm not even sure what the "ecosystem upgrade treadmill" is.
I did have the issue of the screen of the SE being harder to replace than the 5 because it has a fingerprint scanner that can access your credit cards. I can understand Apple having security standards for that. The local repair shop still does it but it's £50 with an official part rather than £20 with some Chinese knock off.
Um, what upgrade treadmill? This argument is so tiresome.
Apple's products consistently last longer and hold their value much longer than the competition. That is the exact opposite of an "upgrade treadmill". I've used various Apple devices for as long as 8 years or so, then sold them to others who kept using them.
In addition, this entire thread just blew up today:
This has nothing to do with security. Real life security works like this: you leave your device unattended for an hour or two - it can get compromised. Period. If you are serious about opsec - just take this into account.
My personal devices were hacked in Russia a few years ago. 2 hours out of the hotel room to have dinner. They broke through - what I thought was - decent security of a linux os used properly. I only learned since the device had a 3g modem that would send a ping to my phone on every login. Since then, I assume any hardware is easily compromisable and dont mind the security theather vendors rely on to get sales.
You're literally responding to an article that shows that the situation you're describing would be impossible with this device. How does this have nothing to do with security?
The point I was trying to make was that this does not, in fact, prevent hacking. It merely presents an inconvenience - as evidenced by the amateur repair technicians being able to defeat it. Apple surely expected that to be possible.
Inconvenience to many means fewer repair shops. That, too, they have likely anticipated.
Relying on this "feature" to trust your device not having been physically tampered with would be poor judgement.
Except it does. The only thing the “amateur repair technicians” have succeeded in doing is reactivated an existing FaceID sensor. That doesn’t mean they’ve bypassed it so, yes, it does prevent hacking.
I think the idea was to prevent the attacker from being able to replace the screen without the owner noticing. Replacing the screen may allow the attacker to place own custom hw in the device without the owner noticing (screen is large, has good exposure to audio and video, etc.).
For the FaceID to be secure - which I believe it is, within reason - the chip needs to be able to establish trust with the other components of the chain. It's not achieved with thin solder and glue, but with cryptography. I don't think what gluing it to the screen achieves in terms of security, it's not like you can replace the faceid sensor with a different one anyway.
But that's the whole point. The display and the FaceID sensor are cryptographically signed. That's the entire complaint now. Before, it was the FaceID assembly that was part of the display assembly. Now they're separated but instead of just the FaceID sensor being serialized, they both are.
>One experienced repair shop told me they’ve been swapping screen chips since the iPhone X to avoid touch calibration issues and “genuine” part warnings; they’ve got the process down to about 15 minutes.
15 minutes is "impossible with this device"?
> How does this have nothing to do with security?
because FaceID hardware is NOT on the screen assembly, and the only part generating the warning is the hardware DRM ID chip.
> The most sophisticated repair shops have found a workaround, but it’s not a quick, clever hack—it’s physically moving a soldered chip from the original screen onto the replacement.
Sounds like that's not a problem for sophisticated adversaries, such as, say, the United States Government.
But presumably the attack wouldn't be replacing the screen -- which is what this workaround allows -- it'd be replacing the chip with one that you've compromised, because then you could have it let you bypass security.
Not to say that they won't find a way to get around that, just that the existing workaround doesn't create a security issue.
Physically moving the soldered chip from the original to the replacement doesn't disable FaceID, though. It just allows you to continue using FaceID. That means you still need the person whose phone it is to unlock it or the passcode used to bypass FaceID.
If it isn't capable of preventing screen replacements, what security benefits did Apple apple want to achieve with this misfeature?
Securing analogue components via serialization is mostly a pipe-dream and apple knows it. This is just another power grab disguised as a security feature.
It’s not meant to prevent screen replacements, that’s the whole point. It’s meant to verify the chain of trust of the hardware involved in the security function of the device. If you move that from one device to another, you haven’t broken the chain.
That was before. Imho that was just wholesale hacking, not specifically targetted at me - but at the "type of person" I was.
I then was a nobody working for a very large US company as an it architect. Stayed at an expensive hotel in Moscow, one of those few that visiting business used to frequent. That was it.
You can argue that the biometric sensor shouldn't be integrated into the screen, but you can't argue that the biometric sensor that is integrated into the screen has nothing to do with security.
This anti-Apple commentary is getting boring. We don’t have all the information and we definitely can’t guess Apple’s motivations. They definitely aren’t focused exclusively on maximising profits: they already have all the money, and they make plenty of things that don’t start life as a cash cow (Apple TV, AirTags, even iPads for a while).
If you don’t like Apple’s approach, use one of the other brands instead. The problem is no other mainstream manufacturers can be trusted to provide a device as secure and private as Apple’s.
I am a strong supporter of the right to repair, and it informs my decisions, but in many cases, I am willing to pay a premium for known, trusted and secure platform with hardened components from a trusted and secure supply chain. That includes the labour of installing those parts. There are cheaper options around if that isn’t important to me.
> I am a strong supporter of the right to repair, and it informs my decisions, but in many cases, I am willing to pay a premium for known, trusted and secure platform with hardened components from a trusted and secure supply chain. That includes the labour of installing those parts. There are cheaper options around if that isn’t important to me.
IMO, that's the same sentiment that comes up in the app store tax threads. Some Apple users say they're willing to pay more, but the reality is they're being subsidized by the users that don't need or want those features.
In the case of device repair, I don't see an issue with locking the phone as perfectly as possible from the factory, but once I buy it and own it I should have the option of putting it into some type of repair mode where I accept the risk of having it repaired with 3rd party parts.
If you want to pay 2x or 3x or whatever's needed to make up the difference that's fine by me. Just don't make me participate in that system because I don't need it.
> If you don’t like Apple’s approach, use one of the other brands instead.
There's not a manufacturer in the solar system that's going to forgo the use of parts serialization unless it gets prohibited with legislation. The money to be made by locking out competition is too appealing.
> IMO, that's the same sentiment that comes up in the app store tax threads. Some Apple users say they're willing to pay more, but the reality is they're being subsidized by the users that don't need or want those features.
Well, true, but I have no influence on other consumers decisions, but they obviously see value in the overall proposition. I don’t demand a price reduction from my ISP because I don’t use torrents or tor.
If you don’t see the total value in Apple’s offer, buy something else.
> If you want to pay 2x or 3x or whatever's needed to make up the difference that's fine by me. Just don't make me participate in that system because I don't need it.
Buy a different brand, then.
I do agree that it’s very desirable to be able to simply and cheaply replace broken components. It intensely annoys me too, but, for me, it’s ok (not great) given the overall proposition, to ensure end to end security.
I replaced a screen, parts and labour, on my phone this week for AUD$45 with Apple Care. Can anyone else do that for $15 or $25 as you suggest?
I don’t see the other manufacturers being significantly better in this regard.
The big opportunity for Apple, in my opinion, is to figure out a more compelling recycling program.
> There's not a manufacturer in the solar system that's going to forgo the use of parts serialization unless it gets prohibited with legislation. The money to be made by locking out competition is too appealing.
Our points are the same, but one never hears this level of criticism directed at Samsung or Google. Are they any better? Maybe in a few different ways, but not as a whole.
But pretending that Apple is somehow the worst, when they are categorically far from it, is just disingenuous and frankly boring.
> But pretending that Apple is somehow the worst, when they are categorically far from it, is just disingenuous and frankly boring.
Apple is pioneering an extremely anti-consumer system and once they prove it'll be tolerated (and extremely profitable), every other manufacturer will do the same, so I don't think it's completely unfair to paint them as being one of the worst participants in the idea.
I definitely don't think Samsung or Google are better. They're the same and they'll participate in the same type of schemes.
The problem that I have is that everyone is going to do this. We'll have artificially restricted supply on everything we buy and the total cost of ownership will increase accordingly. I don't want that system, but I'm going to be forced into it because not enough people can understand the long term, negative consequences for the average person.
> Buy a different brand, then.
I do. I've always bought LG phones after they've been on the market long enough to be discounted. I try to get them for $300 or less and my cost average on phones for the last 6-8 years has been about $100 per year. I also pay $<20 per month for a phone plan that only includes 1GB of rate limited data and I limit my usage to important things like tethering my laptop for RDP.
It's easy to use "vote with your wallet" as a response to criticism, but some of us actually do. I do it because I can see a terrible future where parts serialization, planned obsolescence, and subscription repair plans foster an era of non-ownership. If we let it happen it's going to be nasty and anyone who's not rich is going to suffer pretty badly IMO.
>They definitely aren’t focused exclusively on maximising profits: they already have all the money, and they make plenty of things that don’t start life as a cash cow (Apple TV, AirTags, even iPads for a while).
Which part of Apple TV, AirTags, or even iPad were not profitable from the start? Even assuming you mean AirPod instead of iPad.
While I dont disagree ( or agree ) whether Apple make these decisions on security or repair priority. Apple under Tim Cook have been very much a maximising profits company. Every single step, big or small he has been extremely cautious of revenue and profits compared to Steve Jobs. And the reason why Apple has managed to give precise forecast every quarter.
Absolutely seconded. While I understand the reaction that many people here have to these sorts of things, in the end it is Apple's product and nothing forces you to buy it.
People shill alternatives all the time here, why not do it in these sorts of discussions too.
>The problem is no other mainstream manufacturers can be trusted to provide a device as secure and private as Apple’s.
As much as I hate to admit it this is pretty much true, and extends beyond just security and privacy for me, having an actually reliable (and power user friendly) ecosystem to dump my tech needs into has been a godsend.
I'd venture to say most consumers won't know of this new limitation if previous to now they have used 3rd party repair shops. Does anyone know how much an "authorized" screen repair costs vs. an "unauthorized" one previous to this model?
out-of-warranty Apple Store (and AASP, presumably) screen repairs are pretty expensive[0], although I can't find anything that lists the hardware cost of getting a replacement screen for repair (probably because that requires an AASP to defect and leak it, risking their AASP status).
The problem is that we don't have much choice brand-wise. We get to pick Apple or Android. From a security/privacy perspective, the various Android brands are more or less the same (or, more accurately, the best of them are still likely much worse than Apple, and the worst of them are likely backdoored by the manufacturer or the government where it's manufactured).
Capitalism and the mythical free market have given us two choices, each with very big negatives. I don't want either. I want a phone that respects and fights for my privacy and security, and is relatively easy and cheap to repair, and allows me control over what I run on it.
(And I don't consider platforms like the PinePhone to be choices here. I want contactless payments on my phone, as well as Venmo/Cash App. I want my banking and airline/travel apps. I want Signal, Slack, Whatsapp. I want the app for my local gym. These things either don't run on other platforms, or provide a janky mobile web experience.)
> The problem is that we don't have much choice brand-wise. We get to pick Apple or Android. From a security/privacy perspective, the various Android brands are more or less the same (or, more accurately, the best of them are still likely much worse than Apple, and the worst of them are likely backdoored by the manufacturer or the government where it's manufactured).
Completely agree. But this is always argued as it being Apple’s fault and not a market failure. Why don’t the supposedly better options ever gain enough share to be important?
> Capitalism and the mythical free market have given us two choices, each with very big negatives. I don't want either. I want a phone that respects and fights for my privacy and security, and is relatively easy and cheap to repair, and allows me control over what I run on it.
I mostly agree, but this isn’t an option we have. Again, is this Apple’s fault?
> (And I don't consider platforms like the PinePhone to be choices here. I want contactless payments on my phone, as well as Venmo/Cash App. I want my banking and airline/travel apps. I want Signal, Slack, Whatsapp. I want the app for my local gym. These things either don't run on other platforms, or provide a janky mobile web experience.)
Exactly. One doesn’t usually buy a thing based purely on one feature. All design has compromises, and we pick the most suitable from a limited set.
On my 5 year old iPhone SE, I've had the battery replaced twice and the power button replaced by a third party. The Apple-partnered shop actually said they are unable to replace the power button and referred me to the third party, who were surprisingly great (fast + guaranteed that if they wouldn't be able to fix it, I'd only pay a small diagnostic fee). I'm sure by Apple's standards I should have already bought a new phone. I expect to get similar repairs done on my next phone.
For what it's worth, the face recognition unlock is probably the most insecure unlock there is on the phone (and unsettling to me when I've tried it). I'm sure they've fixed it by now, but I recall an early story of an asian woman giving her phone to a coworker and being startled by the phone unlocking. The fingerprint readers also creep me out (not as much as the facial recognition) and they're very efficient, you can use them without even looking or while picking up the device.
Different login mechanisms have different trade-offs. A big advantage of FaceID (or TouchId) is that it isn’t vulnerable to shoulder-surfers. This is especially important on a mobile device that you unlock in public all the time.
For example, if I’m riding in a train I feel a lot more comfortable unlocking my MacBook with TouchID than typing my password for all to see.
So it’s not true anymore and yet you seem to be claiming it is,
> but I recall an early story of an asian woman giving her phone to a coworker and being startled by the phone unlocking.
Do you? Is there any evidence or a link to a credible source? Seems like a weird racist trope. Given how popular iPhones are in China, we’d likely know if there was anything to this.
> So it’s not true anymore and yet you seem to be claiming it is,
I was just giving them the benefit of the doubt to be charitable since it seems like the kind of thing that is fixable with years of technical development. I have no evidence.
> Do you? Is there any evidence or a link to a credible source? Seems like a weird racist trope. Given how popular iPhones are in China, we’d likely know if there was anything to this.
That article doesn’t make the claims seem credible at all. And certainly doesn’t support your claim that the security is terrible.
As far as I can see you are in fact lending credibility to a racist meme to support your own assertion about the security of Face ID.
> For what it's worth, the face recognition unlock is probably the most insecure unlock there is on the phone (and unsettling to me when I've tried it).
It is possible that the article was not credible. I was able to find reports of only two instances from 2017 of this being reported.
The first did not come with verification. The second, below, did come with videos but it was extremely difficult to tell if the phone was the same model or even if FaceID was triggered due to the hard cuts and camera angles. A second video purported to show it switched off by a mask, but the action happens so quickly it's difficult to make out what exactly happened.
I'll allow that I possibly fell for clickbait hysteria. If so, it does seem convenient for news to prepend a headline like "iPhone X Racist?" and then proceed with a racist trope to allow you to feel like it's not racist. I'll try to be more careful in the future.
No. Its the code for Apple requiring you to sign agreement giving Apple ALL of your clients data (even non apple related ones) and access to shop books for up to 5 years after you exited IRP program. You also agree to being audited at any time, and to not being able to to component level repair at all.
My understanding is that the repair shop has to provide full customer details including address, phone number, and the like to Apple for any repairs done.
I love buying their flagship hardware because next year's flagship hardware won't be expensive after I trade mine in for 70-80% of the next device's cost.
This 3rd party repair fiasco just corrals people to AppleCare+ which I also enjoy.
In one experience, I did not consider upgrading my iphone as the yearly increments are not impressive, but my current iphone needed some repair. At the Apple Store in person, myself and the specialist noticed that due to needing repair it would not be eligible for trade-up, but was eligible for complete replacement capable of doing in person on the spot with full data transfer on the spot, and the complete replacement was eligible for trade-up on the spot, so I wound up with the new iphone. (note, I don't remember what I had to pay if anything, and it is possible that I upgraded to a phone with lowered storage space or something which made my trade-in of a more premium model cover the whole cost, that year)
to sum up: because I paid full price and for first party support, I got a free replacement device and a free next gen device. Maybe there was a downpayment somewhere in there I don't really know. In that circumstance I came out ahead.
Mathematically, I don't consider myself coming out ahead compared to the FIRE penny pinchers and frugal people, as obviously even if I pay $200-$300 a year then its more than what the people buying 3-4 year old phones are paying once every 5 years. But I'm not in a contest against the luddite compromises they make. I am glad that I have the convenience of never needing to consider the device "too expensive and fragile" and that complete upgrades never have a sticker shock because what I would have to pay is typically 80% lower in cost.
I don’t buy the security argument. Sure, pairing a security chip makes some sense, but putting the chip on the display module is bizarre.
I wonder if part of Apple’s motivation for getting rid of independent display repairs is to improve the brand, though. I’ve seen several aftermarket iPhone displays, and they are all massively inferior. Even a supposedly nice one from ifixit, with no mention on the website, emits linearly polarized light. It’s fine until you try to use it with polarized sunglasses on.
I'm sure plenty of people will say 'Just don't buy apple, then'.
But I think this is a case of 'First they came for the socialists, and I did not speak out'. Once companies see that this is acceptable practice, they will all do it, and then there will be no choice.
I do not want anyone the have the ability to break the cryptographic pairing of my devices without me knowing it.
I do want the ability to swap out parts.
I have no idea how to combine this... it's the same problem as with diffie-hellman key exchange but instead it's in a physical world where you don't have the double asymmetric encryption option since it's not how the physical world works.
Of course a lot of people will be all up in arms about independence and money and power etc. but nobody has had any solution for this yet. I have no idea how to solve those other practical problems without solving this cryptography problem first.
What about having the private key all components are signed with shipped on a USB drive (the SecureStick™) to you with the phone? It could be encrypted with your AppleID, so it's safe during transit. To re-sign new components, you plug the SecureStick™ into the phone, and it will try to connect to any other of your devices (that you of course also trust) to unlock the key.
In a repair shop, they could swap out the component and you then re-sign everything with your SecureStick™ when you come in to pick the device up. You have to trust the repair-shop, obviously.
Alternatively, you could re-sign all components with a private key you generate yourself? But then there's no guarantee that nobody else did just that in transit.
I doubt that it is as simple as that. Designing modern technology is incredibly hard, then running that design through a process that makes it viable for mass production is almost as hard. In both of those steps there might be tons of reasons to have it in one place or another.
Imagine the following scenarios:
- It has been found that during assembly units that do not pass QA often has this chip fail, and thus making it easily swappable increases the production yield during assembly instead of PCBA.
- To create a security boundary for biometric data, as a rule the assembly that captures the data and authenticates it has to be separate from the application processor assembly. Swapping either then cannot be done surreptitiously. That makes the chip's job part of the screen assembly and not something else.
- A cost reducing measure between the sensor and the data processing chip over a high-speed serial connection turned out to be removal of buffers or transceivers but this meant that the signal lines had to be shorter and sandwiched against a large ground plane to ensure signal integrity and prevent frequent retransmissions.
"Hostile" engineering (which is not a word I would choose) would be any kind of security screw that doesn't improve over other screws. Think of normal Torx (which is excellent) vs. "security" Torx, or Apple's Pentalobe. Those exist for one reason: to deter the average user from undoing those screws.
The reason for deterrence vary, in some cases it's just a reduction of liability ("we made it harder so that Joe Bloggs has to be really sure he wants to screw up his device, therefore we are not liable for his screwed up device"), sometimes theft ("we'll use security Torx screws on those coat hangers in the toilet stalls, that way the teens don't steal them to sell them on the black market"), sometimes it's some weird protection scheme that never works ("if we make the screws just a tiny bit harder to find a bit for, they will have to come to us and we'll have to deal with all of their problems instead").
In most mass-market cases it generally boils down to liability and scalability. And waiving liability as a middle ground often doesn't exist because it doesn't scale well.
What does help is making it part of a brand's identity or marketing, that way the budget doesn't have to come out of any of the general product lifecycle budgets which then makes it seem to have the same bottom line which is the whole reason for-profit companies exist.
> It has been found that during assembly units that do not pass QA often has this chip fail, and thus making it easily swappable increases the production yield during assembly instead of PCBA.
Yet its on the second most expensive part of the BOM, so nope.
> To create a security boundary for biometric data, as a rule the assembly that captures the data and authenticates it has to be separate from the application processor assembly. Swapping either then cannot be done surreptitiously. That makes the chip's job part of the screen assembly and not something else.
The chip can be unsoldered, so nope
> cost reducing measure between the sensor and the data processing chip over a high-speed serial connection turned out to be removal of buffers or transceivers but this meant that the signal lines had to be shorter and sandwiched against a large ground plane to ensure signal integrity and prevent frequent retransmissions.
Its on a mylar flex cable, so nope
Its just apple being pricks, much like requiring custom SCSI drive strings on generic hard disks back in the classic mac era, nothing has changed.
It seems you have missed the point so hard it's almost pointless to reply.
The cases are theoretical cases, not direct one-on-one practical reasons why this specific chip on this specific assembly was built in this specific way. We don't have the data and we never will. We can't read minds, and all there seems to be is speculation and anthropomorphisation of corporations which is pointless beyond reason.
Unless you have some design-for-manufacture experience, taking part in this discussion is moot anyway.
It doesn't matter if the specific part has a special BOM cost, what matters is that the production flow is not interrupted. Assemblies that do not pass QA aren't tossed, but the final product needs to come off the line anyway, so swapping out the assembly in that phase while returning it to some other process for inspection is the normal thing to do. You can't do that thing if the assembly is a flip-chip or BGA on a PCBA without swapping the entire board which while still possible to cover in a separate process is much more expensive in validation and repair than re-attaching a flat-flex with a new BGA or flip-chip part on it using what is essentially a glorified hotbar machine.
If Apple was a person and the person wanted to be a prick, there are far cheaper and easier ways to do that. Fill the entire phone with epoxy, problem solved. Would be instantly water-proof, shock-resistant, and if you cover it in a fine wire mesh and connect some SRAM with ephemeral keys to it you can make it super secure by never being able to extract any data from it. But Apple isn't a person, it's a company. It's not your friend or your enemy, it's just a machine designed to make money. Real-world requirements apply, and they trump pettiness for the sake of pettiness. Inducing friction to their own customers is just a liability factor, and if you think that is new you got a whole world of pain to explore.
> It seems you have missed the point so hard it's almost pointless to reply.
As are you - you are bringing up all these hypothetical production line theories, where in practise the screen is the most common repair, and Apple have now restricted it to their official repair centres or repair centres with very skilled technicians to remove, re-ball, and re-solder a tiny chip.
> If Apple was a person and the person wanted to be a prick, there are far cheaper and easier ways to do that. Fill the entire phone with epoxy, problem solved. Would be instantly water-proof, shock-resistant,
Except apple still need to repair phones under warranty, so filling with epoxy isn't viable, so here we are with pentalobe screws and device locked screens.
You assume 'repairing under warranty' isn't done with simply replacing the entire device. You are aware that this is standard practise anyway right? Right now you are most likely to get an identical refurbished version of your phone while your own hardware is queued for repair, mostly off-site.
As for the hypothetical cases: that is indeed what I wrote they were as well as why I was writing them. They are real world cases that apply to any consumer goods manufacturing pipeline. (albeit anecdotal as I'm not in the mood to dox myself) You do not know the details of Apple's pipeline and are speculating about it, as am I. Your speculation, however, is a plain anthropomorphisation of a for-profit company that really has no merit. There is no money in 'being bad to customers at scale'.
Every reply of yours has either been some irrelevant detail that doesn't match with what is happening in the real world, or it's some bigger picture that doesn't relate back to any multinational global consumer goods lifecycle.
Besides the fact that being able to repair consumer goods is a good thing, we're not getting anywhere.
> You assume 'repairing under warranty' isn't done with simply replacing the entire device. You are aware that this is standard practise anyway right?
No its not standard practise.
If my battery is degraded they replace it.
If my screen is broken they replace it.
If a camera is bad they replace the camera module.
If the charging port is bad they replace it as its on a seperate field replaceable unit.
Pretty much everything bar a failed mainboard is repaired.
> They are real world cases that apply to any consumer goods manufacturing pipeline.
Yep and in this case its bad engineering, and that's why Apple are being called out on it.
Its similar to some German cars with rear facing timing chains and turbos mounted in the V engine valley and other stupid ideas, they get called out for being the shit engineering that they are. This doesn't stop people buying them.
With that said, it looks like the bad pr has done it's job and suddenly Apple has find a solution, amazing huh...
Yes it is. There is no guarantee you get your 'own' device back instead of a replacement while your previous device enters the repair queue. Not at service ingress at an APR, not at an AASP or an APSP. An APSP is more likely to not need to queue, but again, no guarantee and in any high density areas the queue is more common than uncommon.
Now, maybe you read it out of context and you assumed 'repairs of consumer goods by anyone, anywhere' which is a different case and not the one we are discussing.
Sure they can, perhaps they have to use a solvent to get rid of it. But that is not the point. The point isn't the implementation detail, it's the fact that if someone wanted to make something that is purely bad for consumers they could.
This is what you present as being the incentive. You keep writing that there are bad design choices, things that are done just to introduce bad UX for repair personnel etc. all for the sake of being annoying. But there is no economical incentive for that and the company is a for-profit organisation. You disregard all the other reasons why someone might be done and when presented with a theoretical case that fits your narrative you dismiss it, against your own viewpoint.
> We reached out to Apple for comment, but they did not reply.
OK, they didn't reply to ifixit, but they can't keep silent about this forever. Some major media outlets will start asking this question and it would be interesting how they argue this time.
The same way they argued it every other time this sentiment comes out. These choices are made for security and privacy reasons. A third-party can't compromise the hardware and a thief has no reason to steal a phone that they can't access, can't re-sell, and can't strip for parts.
> A third-party can't compromise the hardware [..] a thief has no reason to steal a phone that they can't access, can't re-sell
This was already the case before component serialization.
> can't strip for parts.
Not true.
Shops can still harvest most of the phone's parts and use them for replacements. Apple will likely never be able to prevent the replacement of analogue components (like the screen) completely. The only thing Apple achieved by doing this is making third-party repair more difficult and expensive, which I suspect is their intention with this stuff.
Both of your statements are factually untrue for reasons already in the source article. You cannot just swap parts from one phone to another. The entire point here is that you cannot harvest the most profitable parts anymore because they need to be keyed to the device. If you can’t do that, they’re worthless.
All the apple stans on HN are really annoying. We get it, you love sucking off a monopolistic behemoth and respond to every criticism with "then just buy another brand".
I repaired a lot of iPhones (mostly screens) in the past. I would say that screen durability started getting significantly better around the iPhone 8. I was replacing screens for the various 5/6(s) phones constantly. These days, I’m hearing about fewer and fewer broken screens. I’m pretty confident in the 12’s screen at this point, after dropping it several times with no problem :p
But the reality is that if you impart a very strong force into the corner of even very strong glass, it’s going to shatter.
Apple has hardened their hardware against attackers replacing components of the phone with compromised versions. Sure, at the same time it prevents 3rd party repairs, but I don't think Apple's only motivation for doing this was to screw over 3rd party repair shops.
When the NSA leaks came out, there was some sections that showed how shipments of electronics could be intercepted and backdoored. I would 100% believe there are groups out there that have or are working on chip level attacks for iPhones and other mobile products. Swap Apple's Face unlock chip with a custom one that includes other embedded profiles that can unlock the phone without the owner's knowledge does not seem far fetched.
A lot of the changes to the MacBooks seem to also have been done with device hardening in mind.
I cannot tell you how much damage my iPhone 12 Pro has taken without the screen cracking, which makes me personally think the reasons these changes have been made are not just related to 3rd party repairs.