The reason I think users don't mind Apple's control of their devices is that the reality is that users don't control devices, programmers do. Also, security requires constant updates and updates cost money, so it's not realistic to use a device for a decade, because you won't have security updates from any company at that point. Apple has better updates over time, which is reflected in it's higher resale values.
So on my iPhone, I feel that Apple protects us from bad programmers for the most part, because if you look at Android and the lower quality of many of their apps and the way large tech companies run over the users by installing spyware on their devices, but Apple to some extent is protecting us from Facebook and Google and keeping us more in control of our devices, by limiting which applications can be run on them.
> Also, security requires constant updates and updates cost money, so it's not realistic to use a device for a decade, because you won't have security updates from any company at that point. Apple has better updates over time, which is reflected in it's higher resale values.
I'm absolutely still using PCs from over a decade ago and I'm still getting security updates.
You're getting updates for PCs over 10 years old because thanks to the way IBM PC clones work, the OS kernel can be independently updated from the drivers of the peripherals, not tied to them as it is in the ARM ecosystem with obscure FW blobs that are tied to the interfaces of a particular Android/Linux version.
On Widows at least, drivers from the Windows Vista days still work just fine on Windows 11 as the ABI hasn't changed that much since then. Good luck with that on Android.
Sure, but since time immemoriam this has been left to the "free market" to sort itself out, and the "free market" has let us to this point.
Should some government regulatory body like the EU intervene to force their hand? Maybe.
But do remember that in the "old-days" of dumbphones and featurephones you were getting no SW updates at all ever and replacing your phone every 2-3 years was the norm back then.
It's only now that we're thinking about this as we start to think about phones more as general purpose computers in our pocket and less as phone dialing and messaging devices, like in the old days.
One thing's for sure, it's that the free market will never self regulate itself on this matter, same how it has not self regulated itself in the auto industry were it not for the EPA and EU, we'd still be buying ICE cars that turn our cities into smog if we were to leve emissions to the auto manufacturers.
>Also, security requires constant updates and updates cost money, so it's not realistic to use a device for a decade, because you won't have security updates from any company at that point
Why can't someone exchange money for a service they find valuable? As I understand it, that has long been a common practice.
>Why can't someone exchange money for a service they find valuable? As I understand it, that has long been a common practice.
[lifts hand up] Uh-uh, me, pick me: because most consumers have been trained and conditioned by corporations that they only pay for the HW, the thing that they can feel and resell, and that the SW running on it should come for free and always be free despite SW updates being a continuous effort that costs money.
Most consumers can't put a value on SW ownership, unless that SW is a video-game on a disc in their hand. Thanks to Google, Youtube, etc, we've grown to expect that everything digital of value should be free even though it's not. So ads it is.
Which is kinda weird. We used to have to pay for a new version of Windows or Mac OS (or however it was capitalized back then).
Then it became free.
When you got a computer with Windows 8 you would get 8.1 and 10 for free. 11 if you have the right TPM / chip (doubtful). Same with Windows 10 to Windows 11, provided you meet the specs. Same with Mac OS (not versed enough to list the versions).
I believe Apple started this yearly iOS update (and with that a more rapid deprecation).
I don't think people would want to spend $1,200 on a phone knowing they have to pay each year for a software upgrade. They also would not spend $1,200 on a phone knowing that next year you have to BUY a new one to get the latest software.
And in Apples mind all of this is fine. iOS has the highest adoption of the last iOS version. So in terms of non-security bugfixes they can focus on the last version. Only security fixes might warrant an update for an n-1 version of iOS.
The problem with this is that you need to make those updates something people want to buy. And at some point, you have a game of diminishing returns. Even the hardware is starting to feel that way.
Yet, security updates aren't "free". I'd guess that keeping an OS secure is probably more expensive than developing new features. That part gets tricky.
Also, supporting 5+ year old hardware gets harder since that hardware stops getting made and the new stuff gets more and more different.
Yup the software side has been built into the pricing of the hardware. They weren't the first to do this either since this business model has been around for quite awhile since we got away from buying software as a box.
It's also more convenient for the consumer to have a one and done payment.
The only thing I wish is if there was a monthly maintenance package when my devices get older so I can keep getting updates that keep my device running fast, secure, and can maintain some form compatibility with most apps.
If the market were there for it, it might happen, but the reality is that someone using a 10 year old phone is extremely cost conscious and not likely to shell out the engineering money required for updates.
Lol major distopian vibes. "The government keeps me safe by preventing me from doing anything against the law (that they decide at their own free will). I love my brain chip."
>Apple to some extent is protecting us from Facebook and Google and keeping us more in control of our devices, by limiting which applications can be run on them.
Right, Including protecting me from me unless I find extra pleasure in ‘calling big fruit boss every few days’ for running my own soft on my (supposedly) own phone.
To avoid this ‘pleasure’ I have to pay developer fee yearly. If someone is looking for definition of ‘idiocy’ one should look no further.
Yet there is always someone trying to justify even that. ‘It is more secure ‘ - they usually say forgetting to mention that security starts with control and ends without it.
The obvious question to ask usually would be:
So who would protect you from Apple itself?
More entertaining question could be: Who is going to protect you from you?
But then we recall about AI and we can guess the answer which spoils the whole entertaining aspect of the question.
So the only question left is: What people would not justify when some big company does it?
Right as long as you know what poison you choose. At least control someone who controls your machine, including the building process.
>Thus I pay to live inside the walled garden
At the moment it’s more like you pay for garden with imaginable walls while in reality there are no walls and frankly it doesn’t look like garden at all.
The only real wall you face is when you are trying avoid living in this fantasy. There is more precise definition for such ‘garden’ - starts with prison. Is it total freedom ? no, but it seems it’s reasonable for …. I barely see something reasonable about it. It’s more like a luck of wish to stand for own dignity thinking that such stand is possible to avoid.
When people (some people) thought sharing some data is not a big deal in current conditions. Did they think about another situation when current form of AI is around? Did you think about changes of the environment when you wrote ‘ it’s reasonable enough’? You didn’t even add ‘for now’ suggesting of course you know everything that ‘now’ is happening. And you even ready to expand this vision to whole family? I wish to be that sure about the future.
I am not trying to attack you personally, I think it is very common ‘logic’ these days except I cannot see it as logic at all.
I'm a SysAdmin. I get handed phones all the time to look at an issue.
A decade ago I started cycling between iPhones and Androids every 18 months or so, to stay current on both.
This is my take on the ecosystems. YMMV.
In simplest terms, Apple keeps users away from control. They make decisions for the user and often, it's reasonable. In some cases, Apples control makes useful features no-gos. Tasker is an example. It's either not present or crippled.
In summary, iPhones are great choices for people that just want a smartphone. They don't plan on getting fancy with it, they just need a daily driver.
Android is more of a swiss-army knife, imo. It has more flexibility, at the cost of ease-of-use, to get that. The UI overlays, for the most part, are tragedies. AOSP is the gold standard for me, but Pixel hardware has been a shitshow, so good luck with that. Android is a more developed (wide-reaching) OS, being used in numerous IOT and other devices. In summary, its also a daily driver, but mostly for those that like to tinker or have an all-in-one device. The overlays can be a PITA, but you get what you get and some folks like them.
I'm a career SysAdmin. I've done seem edits on flip phones, I've rooted and rommed Androids, I've jailbroke my iPhones in the past. Now? It's just a phone.
I use better tools for things I need to do, rather than try to bend 1 device to be everything.
> security requires constant updates and updates cost money
Security doesn't require constant updates if the software they shipped didn't have bugs in the first place. These updates are just fixing faults in software that I've already paid for. Similarly, if I buy a car that made have the airbags explode for no reason, the car is recalled and the airbags are replaced for free.
> > I feel that Apple protects us from bad programmers for the most part
Oh poor thing. They protect themselves and software houses from torrent-esque and crack-esque like solutions which can be easily found for everything that runs on Windows, including Office, not to mention the Windows OS itself and everything Android.
That's also the reason why Apple dominates the US market whereas Android has the majority of devices elsewhere in the world.
Americans will fight between each other with hordes of lawyers at the cost of thousands of dollars for the stupidest things, but won't spend 30 seconds torrenting in order fuck Hollywood,Amazon, Netflix and Microsoft in the ass.
When you ask the reason why, their reply is : 'convenience'
When you ask why they fight for the stupidest things against fellow citizens using hordes of lawyers at the cost of thousands of dollars the reply is: 'To prove a point'
> They protect themselves and software houses from torrent-esque and crack-esque like solutions which can be easily found for everything that runs on Windows, including Office, not to mention the Windows OS itself and everything Android.
It's extremely easy to find pirated software for macOS, too. Let's not pretend that Windows is Skid Row and macOS is a pristine gated community.
> I feel that Apple protects us from bad programmers for the most part, because if you look at Android and the lower quality of many of their apps
been using Android for over a decade now, not once did I feel a particular need to be extra-protected by the Big Brother. I'm all for competition, enjoy your devices, Android is far from perfect, but I will not let Jobs or anyone else living or dead dictate what I can or can't install on my expensive-ass phone. I know, data point of one, but so is this "i feel" comment.
Exactly. You're an Android user. You're okay with Google's business model of giving away their code so they can make it back with advertising revenue. It's totally fine. If you are happy with that then more power to you.
I'm just echoing how Apple users feel about the product that we buy in large numbers and are also very happy with.
The reality is that we are forced to install apps in modern life. Want to go to a concert then you have to install our app. Want to board a plane then you have to install our app. Want to talk to your friends on whatsapp, then you have to install our app. Why do we have to give all this private information to McDonald's to buy a hamburger? We like having someone put limits on the programs running on our phones, because we often have little choice but to install the programs.
> So on my iPhone, I feel that Apple protects us from bad programmers for the most part, because if you look at Android and the lower quality of many of their apps
NGO group would like a word with you. /s
I got an Iphone for work. Although i was excited to see how good it is, my excitement died when it said that it can connect to Wifi or data anytime, even when Wifi or data is turned off.
Also, the people mostly burnt by this are thieves who can only sell stolen iPhones for spare parts. To people who actually by their phones, this is a feature, not a bug.
Anecdotal, but back in those "good old days" when you could get a screen replaced in 5 mins like this article said, on the three occasions I did this I ended up with the worst cheap Chinese knock off screens I have ever seen, the last time I ended up spending even more to get a genuine one.
Hard to avoid this with small businesses when they need to make the enough of a margin at those cheaper retail prices.
I'm sure this is fine for a lot of people, but I'm much happier to pay for AppleCare+ and get components that keep the experience that I've paid a grand for.
I do not think this is a small business issue, but rather a dishonest small business owner working for disrespectful customers issue.
A few months ago, I had to get a screen replacement and straight upfront asked the repair guy how much it would really (emphasized) cost me to get the screen replaced after he gave me a quote indicating that either the screen would cost nothing, or the work hours cost almost nothing.
He smiled and admitted getting the original replacement unit would almost double the quote he had just given me, plus I'd have to wait a week until the unit arrives. I told him that's what I wanted.
Eventually, the repair cost me a bit more than double what he asked first. But I am satisfied, I noticed no defaults at all on my phone since the repair, it feels exactly like the original model. He cleaned it, and installed a screen protector on it (offered).
This is clearly a case of "theory built on one single personal experience", I agree. But honestly, I don't know anyone around me who would agree to pay a bit more just to get better service and I think that's the core issue.
When I called to ask for a quote when the screen on my phone cracked, the repair guy said upfront that it's going to cost more than a used phone of the same model.
To that I replied that this is fine, brought the phone, got a loaner free of charge (probably because the guy saw that I came in with a flip phone as replacement) and the next day it was ready for pickup.
Honest business, five stars.
I think they get rid of a lot of troublesome customers by persuading them to just get a new phone instead.
I'm having a hard time trying to find a country with a reputation of consistently underpricing their electronics parts.
Perhaps one would do that to get its name on the map as a newcomer, but soon enough investments need to be repaid and the prices would naturally raise up to match the increase in reputation and pad the margins.
Imagine if Apple sold OEM parts at a reasonable price. Imagine if they weren't pairing OEM parts to prevent repair shops from parting out broken devices. Imagine if they weren't making deals with manufacturers to prevent the sale of standard parts to third parties - even parts with no Apple IP like the ISL9240 [0]. Imagine if they weren't abusing Customs and Border Patrol powers to prevent distribution of legitimate parts via false acusations of counterfeiting [1]. Maybe then you could get a good screen from a small repair shop.
It's not about margin. It's about parts availability.
Apple stores are few and far between, but Apple products are ubiquitous. Official Apple repairs have them ship the device across the country to repair shops, which takes a lot of time. And they don't do things like component-level repair (i.e. specific chips, resistors, and other board components). They just replace the entire board and charge you for the new one.
An independent repair shop doesn't have to compete on price. They can compete with fast turnaround, minimal travel, and component-level repairs. Or at least they could if they could get the parts.
in your case you got screwed up bc you got a bad part, but you're saying your solution to that is to screw everyone by disallowing even genuine parts for repair not blessed by apple?
Wasn't this partly by Apple's own making? Apple shreds devices to prevent people from salvaging parts for repairs[1], even phones that were usable[2]. and hasn't sold genuine components until very recently.
Use of knockoff parts will occur no matter what Apple does because those parts are always going to be cheaper.
That said, I think maybe the solution may be closer to something like allowing fake parts to function when placed in iPhones, with a couple of caveats:
- A prominent top level section in Settings appears listing all non-genuine parts
- When the phone has been factory reset, an alert appears at the bottom of the “welcome” screen and can be tapped to view the same list as above, so any prospective buyers of the device know exactly what they’re buying (and hopefully, can negotiate a better price as a result)
This addresses the cases of both dishonest shops and dishonest sellers trying to pass off the used devices they’re selling as fully genuine.
As for parts in used phones, I think those should remain device-locked until the user has explicitly unlocked them with a process that requires a second confirmation from the user after a week with a code sent by snail mail so thieves can’t coerce victims into part unlocking.
The auto repair industry has been getting along just fine with aftermarket parts in the mix. As a customer you have a choice, and need to be aware that the choice exists to competently engage with the market. Being slightly informed about the high level aspects of an industry you're interacting with is just part of being an adult. If you don't want to have a frank conversation with a repair shop about which aftermarket parts are adequate and which are less than ideal, then you can always overpay for the whole job at a dealership to avoid breaking the illusion.
From what I understand, getting to this point has been a long fought battle of pushing manufacturers to open up parts availability and basic documentation (which continues to this day with Automotive Right to Repair and whatnot), Magnuson-Moss on the legal front, etc. Apple is at the early stages of its industry, and due to the power of digital restrictions technology has delusions of completely shutting out the third party ecosystem. But in a free society there's only one way for this topic to evolve, and so the authoritarian arguments about the guarantees of centralized control aren't particularly compelling.
The question is, how do we go about making sure that the general public as a whole is aware of the choice? For phones it seems like more of an uphill battle because people generally don’t think a whole lot about the quality of the parts going into their electronics repairs and the quality of the repair work itself until they’ve had some kind of disaster (phone catching on fire or something), whereas it’s more of a consideration for cars (perhaps due to the price difference or obvious mechanical nature of cars).
At the very least though, I do think that buyers of used phones deserve to know what kind of parts were used in repairs. On cars this can be verified by looking up the car’s service records and taking it to a trusted mechanic prior to purchase but it’s not so simple with phones, which is where I think it could be useful for the OS to indicate use of aftermarket parts.
The scale of operation you need to steal and sell cars for parts or sell stolen cars is in a different order of magnitude in difficulty than doing the same for phones.
We are at a stage where the only ones stealing Apple devices are the ones too stupid to know they’re next to impossible to resell and the ones that are really good and know exactly what they’re doing.
We have a different view of "individual ownership".
You probably see smartphones like computers, but I think they're more like game consoles.
I don't complain to Microsoft because I can't install Arch or sideload games on my Xbox.
I'm perfectly fine not being able to install random applications on my phone if in exchange it becomes a harder target for malware and unappealing to thieves.
One of the reasons I switched to iPhone was that Google only does their repairs here through third parties. Even though it was with official parts, the repair quality was never great and it often needed to be manually calibrated or go in for another repair to fix the things they broke in the first repair. My experience (YMMV!) with AppleCare has always been stellar.
YMMV indeed. How does it go for folks who buy a device second hand, beyond apple care, perhaps because they can't afford Apple's first hand prices. No one is saying Apple shouldn't provide Apple care or first rate service within coverage. This is about a broader picture. As noted in the article Apple knows how long Apple care extends for any given device, and if components have been replaced. It would be fairly easy for them (and their gobs of money) to perhaps do something equitable like disable the replaced parts warnings once a device leaves apple care. IMO they shouldn't display those at all but in the interest of equity and compromise I'd settle for removal after Apple has self selected not to "care" about the device anymore.
Not really defending it as such, just offering my experience.
That being said if I was trying to see it from Apple’s perspective, it does address a lot of problems pretty easily: thieves breaking devices down for parts or coercing users, customers having issues with their devices due to low quality repairs, users buying second hand phones with unofficial parts, various security concerns, etc. Apple do also sell old and refurbished devices also.
That being said, I do think Apple should be solving this in a way that allows unofficial repairs, even if that involves taking your ID and proof of purchase into an Apple Store to get your device “unlocked” for free so you can do whatever you want with it, knowing it may hurt the resale value and impact the device’s security. More than that, I think it should be legally required under right to repair legislation.
< My experience (YMMV!) with AppleCare has always been stellar.
In my experience AppleCare repairs are stellar because they're never actually repairs. I've never once had them repair a phone/laptop/etc. Every single time they're like here's a new/refurb instance of the same phone(not that I'm complaining!). I'm hoping they're eventually refurbing the old one and reselling it, but I suspect they're often just tossed(ahem "recycled").
In my experience, getting the insurance or whatever for google phones is worth it since they often just replace your phone. I busted a screen and the authorized repair shop broke the mobo trying to replace it. Google replaced my phone but it was an irritating process.
Do you assume that Apple would be forbidden from offering repairs, if they stopped locking their hardware from the consumer?
This is such a common comment in these kinds of threads: "I'm happy with the choice they've forced on me, therefore the force itself is desirable." Like being happy your prison cell has a nice view.
I've seen this happen so many times around these discussions on HN:
There is a valid argument in the source. There is discussion around the argument. There is some proof, there are political discussions. Etc. everything totally normal. But then there is this ONE comment. Usually just one:
Anecdotal evidence to spread FUD. And it's up above all that usually discussion.
Where is this coming from? Is this natural behavior of people who are also afraid of the freedom to be able to buy parts elsewhere? Is this advertising?
Nah, it’s the kind of experiences you expect in a low-regulation market. You either pay a premium—beyond what would be justified if “defector” manufacturers and vendors weren’t a factor, i.e. if effectively-enforced regulations were mandating a higher quality floor—to a vendor with a good reputation you expect them to want to maintain, or you pay in expertise and time-cost. If you don’t pay in one of those two ways, you probably get screwed. Folks who already possess relevant expertise and have a hobby that looks a lot like the time-cost it takes to achieve the best measured-in-currency outcome in the above, may regard the situation as entirely fine. Folks with enough money not to care that simply paying for a decent product is priced above where it “should” be, also may not care. Everyone else just has to live with a bad situation, and sometimes people who’ve run into that post on HN.
It’s a bit surprising to me how little regulation there is concerning the quality of replacement electronics parts, especially those that handle power (battery, power delivery) which can be very dangerous when the wrong corners are cut.
> Nah, it’s the kind of experiences you expect in a low-regulation market.
Nah, it's not. The market for Android devices has been there for years and it works.
Sure, you can be screwed over, like in everything in life, but it's not such a common thing that it would make it an equally relevant argument against liberalization.
I agree, though: people who can afford premium won't bother. Neither with alternative ways nor with people who can't afford premium. Maybe it's even intended to keep the brand somehow exclusive and special...sad world.
The rest is the usual price for parts and work. Like every normal service, too.
No reason to deliver crap, as you want to have the customer recommend you and come back again if they have another issue. Since there are enough alternatives, you have to deliver.
They don't care about safety they care about lock in to their ecosystem. I'm not into ANY of these ecosystems. I don't want MSFT installing Edge ever, or OneDrive, or having Phone sync software on my PC that links my contacts to Office/Outlook Online, or have Bing web search forced into my search bar or Google for that matter, ALL to track you and push ads on you from the people they get their money from.
And don't even get me started on cars tracking everything you do. In many cases you don't have a choice. I want a smartphone that doesn't lock me into all these ecosystems. I want a car that lets me turn off all tracking, bluetooth sensors to monitor my tire pressure, etc.
The reality is people are stupid. They couldn't manage using a computer safely so the industry gave them a phone and sold them on safety. The fact that something like 80% of people are getting their news on a phone and not a computer should tell people they are trapped in a bubble that controls what they see, know and think. What good is having a choice if you don't know you have a choice? They simply want consumers.
I recently encountered a similar situation for my Macbook Pro. Touch ID sensor is paired specifically to your logic board. You must replace both if either one has a defect.
I think this is an unavoidable side effect of Touch ID fully happening inside the module. The logic board has to have full trust of the module, because the module will simply inform the OS that fingerprint X was seen - the OS/logic board have no way to confirm the information
Which means, crudely simplified, that your biometrics can be extracted from an Android or a Windows. I’d prefer companies being extra paranoid about my biometrics, because they can’t be changed if they’re leaked
They suck at privacy, and they are indeed relatively new to hardware game, but I'd say they are better at security than you think, on par or even better than Apple. Like Apple SoC, it has a dedicated security chip. The new Pixel 8 even implements Memory Tagging Extension, which iPhone doesn't yet have. And they do all this while allowing you to install third party rom. It's how projects like GrapheneOS can exist.
Headline is wrong. Market paid $1K for the iPhone experience.
Look at ads: specs versus "life goals" enablement. This is not a hardware product or parts bin price.
If you pay $1,000 for a meal, you damn sure expect the restaurant to control the experience since the price isn't the cost of ingredients. And if you want to cook, that's great, but you're not getting to bring your own parsley, you hack together your own meal elsewhere.
. . .
Even if food became free, people would pay -- and pay well -- for the curated Michelin star experience.
So how to learn to think more about the diner's experience than the kitchen experience or the "right" to monkey with some other chef's prix fixe menu, to better build that kind of user appreciation for one's own product?
The article is less about Apple's grotesque restrictions on what you can do with your hardware via software (e.g., no emulators, etc.) and instead about Apple's grotesque restrictions regarding the parts you can use to fix your phone.
I don't think too many people want the restaurant to have a say on what side they make to go with their leftovers from the previous day.
But the reality is that no ones going to spend $100 to fix a 10 year old phone, when you can't get the security updates for it. Security updates cost money and programmers and the reality is that Apple is the best at security updates, but no one is really concerned about how to repair an iPhone in 10 years, because an iPhone is only realistically usable until the security updates run out.
it’s more appropriate than you’re allowing it to be. your extension of the metaphor loses sight of the topic. the duration of the controlled experience of a meal is definitely shorter than the duration of phone ownership and so if you want to attack the metaphor based on duration and utility of the experience then that would be far more congruent
This purchase has remote control software that obeys the company, and not me, the owner.
I cannot remove this remote control garbage.
This makes the device a rental on the approval of Apple, and not myself, the legal owner.
If I were to do this, I would be charged with felony hacking under CFAA and similar statutes.... But Apple sycophants defend these egregious behaviors.
why is this so absolutely normalized? every single android user seems to have this dripping hatred for half of the population, and only waits for the perceived “proper company” to let the mask drop. Why is that so utterly normalized for android users?
Obviously the fact that it’s normalized is self-reinforcing, people do it because they see other people doing it and it’s routinely allowed and tolerated. I will probably get my knuckles rapped more for saying this than you are for open bigotry.
Over, I remind you, a fucking cellphone. You’re a bigot because other people chose a different cellular telephone. What a silly thing.
Every single phone discussion has to have someone doing the “brainless apple sheep” or “people just buy for blue bubbles!” or “mindless apple sycophants!” routines. Every one. Even on hacker news of all places, where absolutely everyone has a very technical interest in this stuff, and good reasons for picking the things they do.
Damn, you really are lost in "it's all about a cellphone" strawman you devised, eh?
This is about companies permanently tying hardware they "sell" into a permanent-loan with undefined terms, or otherwise change the terms of a sale long after the sale completed.
Apple is only one such company. All IoT companies do this. Tesla does this. Most car companies are starting this. John Deere does this.
And it's all about adding in uncontrollable computers to make a sale into a permanent rental, all without proper rental agreements.
But hey, lets get off topic and turn it into a simple Apple vs Android debacle, like you did. Again, you're at best short sighted and feeding into the arbitrary binary trope.
At yet here we are with nobody having a better plan. The issue is still the same as it has been for the past 20 years: making a (PKI-based) security feature means you can never share the secret parts or make it optional, otherwise it is immediately defeated. You can't have selective security where it works sometimes but not all the times. And trading out that security system is not an option.
PKI specifically is an all-or-nothing scenario. This is all why Intel does the same with the ACM in all their CPUs. And AMD with their AGESA (which went closed a short while ago).
There is only a single scenario I can think of where there might be a 'have it both ways' situation, but it's just worse than we have now: you have to identify yourself as the owner, the company has to keep track of that, and you can only sign public keys for your own components. This, however, creates two problems:
1. A company keeping track of every user (no need to come up with a clever comment about "they are already nothing that")
2. Users can be coerced (has already been done with thefts and activation locks) and this weakens the ecosystem as a whole
At this point it doesn't even matter how intentional or not digitally signing components is, it is an effective security model and it works better than anything else.
Everyone loves complaining about everything they don't like, especially on the internet, but so far the amount of realistic and effective solutions are NONE.
> At yet here we are with nobody having a better plan. The issue is still the same as it has been for the past 20 years: making a (PKI-based) security feature means you can never share the secret parts or make it optional, otherwise it is immediately defeated. You can't have selective security where it works sometimes but not all the times. And trading out that security system is not an option.
This is BS. A security system where the user is not in control of the secret is not a security system but DRM almost by definition. And trading it out is not only an option, but likely the preferred outcome if you ask the majority of buyers.
It seems you have no clue what you are talking about. A PKI where the CA private key is not secret is not really a PKI now is it?
As for asking buyers: I doubt 0.001% of buyers in any market segments has a clue about PKI or public key cryptography at all. This is E2EE "lets have a government back-door" all over again: IT DOES NOT WORK. The Clipper chip was not that log ago, now was it?
> A PKI where the CA private key is not secret is not really a PKI now is it?
At the end of the day, _you_ are the one in control of the list of CAs that you trust. If you are, it is (maybe) security. If you aren't, it is DRM. This is a simple rule with surprisingly little grey areas. See eIDAS...
> I doubt 0.001% of buyers in any market segments has a clue about PKI
Does it really matter how is the DRM implemented? They don't want to hear about Apple DRMing iPhone repairs, end of story.
You are confusing browser TLS and the trusted CA list with general CA in terms of PKI. So no, you are not in control and there is no list.
> Does it really matter how is the DRM implemented?
If you want to argue semantics instead of facts and merit: yes.
> PKI is also not the only way to implement this.
Yes it is. Unless you have some novel method you are about to disclose to the world, in which case, please do, because you'd have the equivalent of a cryptographic holy grail.
> And trading out that security system is not an option.
Why not? iPhones are premium tech-fashion items that attract criminals due to their value. Apple is trying to negate the value of the stolen item through DRM, but it seems perfectly reasonable for someone to say "the solution is worse than the problem", and opt to buy devices that don't implement hardware DRM on e.g. their screens.
> so far the amount of realistic and effective solutions are NONE.
I'm not sure this is true...I've travelled a fair bit, and my approach to managing theft of my belongings is to limit the value of what I carry. This both limits the incentive for criminals (a $30 Tracphone is much less interesting than a $1000 iPhone) and limits the damage/cost-to-recover in the case of theft.
I don't think I've touched on on theft as much as everyone else here seems to do, but in either case I'd still put that under the 'trustworthy to a degree' umbrella. I want to trust that a device in a known state behaves in a known way. Or as some other people might perceive it: the thing should work and adversaries should not be able to make it un-work with great ease.
This is something you could split up into multiple fractions:
- Making theft less lucrative to the thief (by reducing the use to non-owners)
- Making theft less impactful to the owner (by making non-owners not have access to the data)
- Making interdiction and malware an expensive endeavour (by making it very expensive to modify the device without the owner knowing about it)
Considering people may not want a $30 trackphone, but they just want their iPhone, the option of changing their behaviour is much less likely to be something Apple will invest in, and thus they invest in other things instead, like platform security. So if you assume that a consumer buys an iPhone because they want to, and assuming they want Apple to take care of making them not an easy target, we get into the current situation.
You can also tack on the 'haha apple expensive repairs they hate everyone' but there are much cheaper ways (for apple) to achieve that as a stand alone proposition. I'm sure they don't mind the fat profits they get, even if it were just a side-effect, but I'm personally and professionally more concerned with the three points I listed earlier than anything else.
Every people talking about theft security and counterfeit prevention is simply getting the point wrong.
If "counterfeit prevention" system is complaining about a genuine part that literally came off of another genuine product, that's not its actual job.
If "anti-theft" system is trying to wrestle with the legitimate owner trying to fix their own product, that's not anti-theft, or rather, the owner is not you. The owner is Apple, and that's precisely what the article says.
The "security" here is protecting Apple's bottom line by ensuring you buy a new product for otherwise fixable damages.
Just because it's somehow more secure doesn't mean it's better for the consumer in any way.
Counterfeit prevention is not just some sort of 'this part is real but this other part is not', it is about system integrity. How do we in the world of technology prove integrity? With cryptography. It's the only thing we have.
Same with your anti-theft proposition: if anyone can do whatever they want with my device, then nobody is deterred from stealing it.
Same with security in the sense of interdiction, injection or extraction.
None of these items, not a single one, can work without public-key cryptography. And until you (or someone else) comes up with a system where that does work, none of this matters and the status-quo remains as-is.
And yes, all of this is better for the consumer, even if the 10 people who want to fiddle with their phone can't do that without losing features. If you want a hackable device, get something else.
I, for one, do not want just a device where practically anyone can manipulate it, even if that means I cannot manipulate myself it either.
If you cannot come up with an argument that preserves integrity you don't really have a point.
> if anyone can do whatever they want with my device, then nobody is deterred from stealing it.
did i say "anyone" should be able to change components? i didnt say anybody should be able to change components.
> If you want a hackable device, get something else.
iphone is a device made by human, iphone is already hackable (case in point, iphone usb-c mod or headphone jack mod). it's just that apple's lawyers would very much not have that.
you just throw words like public key cryptography like it's an axiom but the tool serves its purpose as much as it's useful to us. you not caring about repairability doesn't matter, you're not apple anyway. people who got told their iphone cannot be recovered by apple but did get their data back thru 3rd party, does. (spoiler: it's because this means apple lied about their product)
Not with so many words, but that is what your security model implies. You also haven't reported your other means with which you can ensure platform integrity so I think you don't actually know enough about this topic.
> iphone is a device made by human, iphone is already hackable
Let's assume your statement is valid, doesn't that mean you have nothing to complain about? If you already have what you want, then why are you here?
Automotive DRM has typically been cracked or bypassed by the time the car is a few years old. Dealers have the equipment in their shops and it eventually leaks. Mechanics are not hard to bribe. There are also crackers in Russia and China who work on this for their own profit.
They also said that about video games. Now some single player games have an 'always online' requirement and can not be cracked anymore since they rely on content not stored locally.
I can see that happening with cars.
Why? I can't imagine any kind of real trust relationship except with individual developers or small shops who can be responsive to individual customers. I certainly trust Apple more than Microsoft, but I can't imagine any situation in which I'd say I trusted them (or any other megacorp) in an unqualified sense.
Flipping the question around, what exactly are you worried they will do?
I'm on your "side" on this in that I dislike closed ecosystems, spyware and not having control over my own devices. But I am not in tech and the vast majority of people I know don't care about this and likely never will, and every year that goes by without Apple remotely bricking their phone with no recourse only strengthens their apathy.
Trust doesn't have to be unqualified. You can accept that Apple's incentives don't align perfectly with yours while being comfortable that they align enough that Apple will provide you with the service you're looking for.
"The user controls the program or the program controls the user" is a false dichotomy to people who spend most of their time in the real world.
>> "The user controls the program or the program controls the user" is a false dichotomy to people who spend most of their time in the real world.
It is not a false dichotomy: Apple controls who gets to use iPhones and what they get to do on iPhones.
Can someone use an iPhone without an Apple account? If Apple were to lock or ban a user's Apple account, what could the user do about it?
Can someone run arbitrary software of their choice on an iPhone?
>> You can accept that Apple's incentives don't align perfectly with yours while being comfortable that they align enough that Apple will provide you with the service you're looking for.
Yes, but for how long and under what conditions? How willing are people to change when they are locked-in to the Apple ecosystem?
> Can someone use an iPhone without an Apple account? If Apple were to lock or ban a user's Apple account, what could the user do about it?
> Can someone run arbitrary software of their choice on an iPhone?
These are not restrictions that are likely to be relevant to the people I am talking about.
You will ask me how I know. The statement is forward looking so obviously I can't prove it, but I know people who have happily been using iPhones for 15+ years without ever giving a thought to these questions. (I know that because I've had this same conversation with some of them.)
In the meantime, these people can go where they want, do what they want, say what they want, etc etc. They are not, in any real sense, being controlled by the software on their iPhone.
If you live in the first world, pay your bills, are not a criminal and your phone usage is mostly limited to Instagram and WhatsApp, the likelihood of your Apple account being shut down without warning or recourse is very small. So for such people, the risk is too remote to dedicate much thought to.
Companies earn trust by being honest and consistent for long enough. I trusted Apple until recently. They lied to me several times over the phone over several weeks (always in a very courteous and professional way). Such a small thing for them to throw away trust for. I had been slowly moving into their ecosystem and I'm now pulling out. Pixel 6 google edition can be found for ~$200 and can be loaded up with de-googled Android ROMs (Calyx, Graphene, others).
They told me that they had issued a refund for an order that UPS had failed to deliver when they had not. I called four times 7 days apart and was told each time that the refund was processing and would show up within 3-5 business days.
When they did finally issue a refund it was for only half the order. I requested a chargeback from my bank and at this point they are siding with Apple. Not really sure why I keep money in a bank or use credit cards.
> Why not? I’ve been using their products and services with essentially no issues for 20+ years.
That's exactly my problem—for a small company that is responsive to individual users, I could build on that trust and have some confidence that it might continue. For Apple, they don't care about my trust at all; so, if there is something that they want to do that will harm me personally, then they have no reason not to do it as long as it will not negatively affect their standing with most of their customer base. It doesn't matter how many years their interests have aligned with mine; if our interests diverge tomorrow, then, not only will they go with theirs, they won't even consider mine.
> It doesn't matter how many years their interests have aligned with mine; if our interests diverge tomorrow, then, not only will they go with theirs, they won't even consider mine.
If you think the small companies are any different, you’re delusional. Everybody’s in it for themselves.
But, that’s fine with me. I just think the odds of that are low based on Apple’s track record of 20+ years.
One of my “good enough for Grandma” criteria is that she can’t click on a link in a Facebook post promising nine million Candy Crush points for installing an exfiltrate-all-the-data app from some App Store alternative.
This control severely limits the utility of stolen iPhones, which is a good thing for me as an iPhone owner.
There are other phones that consumers can choose that don’t have this pairing. But this pairing of parts is one of the reasons people choose and iPhone.
if this was their only intention they would let third party repair shops access to genuine parts or software tools. the reality is that third party "apple certified" repair shops are contractually less capable than uncertified ones, so much so that calling their service repair feels too generous.
apple do this to sell you phones instead of phone parts. if any of what you're saying was true it's simply a happy accident.
That’s a perfect term for this. I would absolutely believe that Apple approached this from that exact anti-theft perspective but it sure is easy to see how such a feature might benefit their bottom line. It’s a matter of looking around and wondering where the inexpensive parts are.
Giving third party shops official parts would still preclude the ability to enforce anti-theft unless you also gave them the software to pair it, and then you’ve once again precluded any ability to enforce anti-theft.
Apple needs to know what hardware is going into a particular phone to implement the killswitches, which means it can’t be handled as bulk inventory. They will sell you hardware that has been paired to a specific phone, but they’re not going to not have pairing (which is legally mandated for anti theft, over the objections of hardware vendors at the time) and they’re not going to hand out the ability to bypass the anti theft by signing your own keys.
Could they come up with some license-based model where the cpu wants to see apple attestation that the part is not stolen etc, perhaps, but, it’s not a trivial problem either.
> apple do this to sell you phones instead of phone parts. if any of what you're saying was true it's simply a happy accident.
Apple literally will sell you the parts though. How does that fit into your supposed “plot to force you to buy whole phones instead of parts”?
People are silly. About apple and nvidia and a couple of other companies in particular - there is a real thing with negative parasocial attachment to these brands, people love to hate them.
You don't really own it in any meaningful way. (wish I could find out what my apps are doing - what network connections they make, how often they start up and under what conditions)
Somehow I doubt even a percent of owners would choose to unpair. And if they do for repair purposes, there's no reason they couldn't re pair/register. What am I missing?
> Comparing data in the six months before and after Apple released its anti-theft feature, police said iPhone robberies in San Francisco dropped 38 percent. In London, they fell 24 percent.
> In New York City, robberies (which typically involve a threat of violence) of Apple products dropped 19 percent and grand larcenies of Apple products dropped 29 percent in the first five months of 2014, compared with the same time period from 2013, according to a report from the New York attorney general’s office, which included data from the New York City Police Department. By comparison, thefts of Samsung products increased 51 percent in the first five months of 2014, compared with the same period a year ago, the report said.
2014 would be prior to most of the features mentioned in this article (parts pairing) and not the subject of your article (kill switches). The article does tell us that:
* iPhones are very commonly stolen
* Android devices introduced a similar kill switch in 2014
> Samsung introduced to kill switch for its Galaxy S5 in April, so it will be sometime until its effects can be evaluated
There have been reports of thieves threatening victims with weapons and demanding they disable icloud. Not saying that negates the benefit necessarily but it's a relevant data point.
These "locks" might reduce theft, but not only they still happen, but you can also make money with a stolen phone. You can sell it for parts. An iPhone will annoy you about the replaced display, but the phone still works. You can transfer the old battery's controller to the new one so the phone doesn't know about the change. You can sell the shell of the phone, speakers, cameras, etc.
Maybe now I benefit from these Apple restrictions and annoyances, but I've been using expensive phones since before Apple started doing this and yet my phone was never stolen. I've cracked a few displays and killed a few batteries though.
What seems to help me is having some awareness of my surroundings. I live in a big city and every day I see people standing by the road waiting for a bus. Phones out, noise cancelling headphones, bikes passing right in from of them... I mean, it's not that hard for a snatcher to take their phone.
How often does phone theft actually happen? I keep hearing this argument but in my ~15 years of owning non-apple phones and laptops, I've never had one stolen, or heard of anyone getting theirs stolen. Have I just been very lucky?
I’m in Dublin, Ireland. It is not common, but not uncommon. Kids and teenagers zip around high-footfall areas in the city centre (such as our financial district) on escooters and electric bikes, and literally grab the phones out of your hand as you’re using them. Minimal violence because they know they’d likely lose, but still pretty traumatic and the Gardaí (our police force) are two swamped in everything else to do a thing about it.
I know four people it’s happened to in two years, all four of them women.
> escooters and electric bikes, and literally grab the phones out of your hand
London has a non-zero problem with this too - someone tried to grab mine earlier this year but they missed (and apologised as they rode off!) (and I had it on a strap anyway.)
My gf at the time had her phone stolen 2 years ago. Thought she forgot it at a cafe but after watching cctv someone took it out of her jacket like in a movie. Some coffeeshop employees will have their phones charging behind the counter but within customer reach and sometimes people steal the phones (happened to a close friend).
The answer depends on the country or even the city you live in or visit. In some places walking around with a $1000 phone is extremely dangerous to your life.
That seems surprising to me, when surely there's no easy way to steal a phone (iPhone or Android) and not have it completely locked and unusable. I would imagine that cars are eminently more desirable a target to steal as they're often left unattended for hours/days at the side of the road and they're typically worth far more than $1k. It's also relatively easy to attack a car waiting at traffic lights, over-power the driver and have access to the car and the keys, if the actual vehicle is required rather than just selling the parts.
Pickpocketing is quick and easy, sometimes not even a crime, and even though phones are locked, you can sell the Android phone for pieces. That's not the case for the iphone.
In many places, it's a crime according to the law, but if nothing happens with thieves or reported theft, then in terms of consequences it's not a crime.
I think you're using a different defintion of "crime" than I am (unlawful activity is probably the simplest). "Unenforced" would be probably a better term. e.g. Speeding in a car is a crime in a lot of places, but is often unenforced.
You can definitely re-use or sell iPhone parts. Most of replacement parts shops have access to are not sold directly by Apple.
As mentioned in the article, some parts won't work and others will show warnings. And sometimes you can reprogram chips with small devices easily available from China, which essentially defeats Apple's hardware pairing.
> but in my ~15 years of owning non-apple phones and laptops
> I've never had one stolen
> Have I just been very lucky?
No you’re not lucky. Your items aren’t worth stealing. Rarely does anyone steal android devices, or windows laptops the resale value isn’t there. Which should be obvious to the most casual observer.
The value is there, but if they're too dumb to loot an Apple store to steal iPhones that will be blocked pretty quickly and don't even run regular software, then maybe we shouldn't expect them to understand the value of phones from other brands either.
I'd expect the HN crowd to be a bit smarter than Apple store looters though.
It limits the utility of all iphones, stolen or not. It's not like you have a switch to deactivate it for yourself.
And for the consumer choice, I don't see Apple making any advertising about how anti repair they are, strange. I doubt most phone owners know about the pairing issues.
This control severely limits the utility of non-stolen iPhones which is not a good thing for an iPhone owner.
There are other phones that consumers can choose that don’t have this pairing. But this pairing of parts is *not* one of the reasons people chose an iPhone because most buyers were oblivious to it since Apple never told them.
Theft is a boogeyman that allows Apple absolute control over their devices. Why is theft Apple's problem rather than law enforcement? Should cars require a password too? Why don't we make all consumer goods require a password so that theft can be a thing of the past!
Law enforcement (and prosecutors) are increasingly unconcerned with theft of “small” amounts, and theft by groups of people they’ve decided to stop prosecuting.
I’m happy that Apple isn’t just saying “meh, not our problem”, and it’s one reason I buy their stuff.
In theory that sounds great, in practice you can find Facebook groups for ~stolen~ ahem lost iPhones for sale. The value of a bricked phone is never zero, so theft prevention isn’t as good as Apple claims.
There isn't a specific survey I can find pointing either way, which similarly makes the argument that theft is significant enough to justify restrictive and wasteful locks also moot.
By competing devices of course I am referring to other flagships which are of a similar price and feature set, like flagship Samsung phones etc.
That’s just because the thieves don’t consider the android devices worth stealing.
London sadly has an ongoing problem with phone snatchers and pickpockets, so on two occasions I’ve seen them nick an Android. In the first case, they just chucked it on the floor a few metres further down the road. On the second, the guy loudly shouted “what the fuck is this shit?” as he cycled down the road and threw it into a canal.
(1) It gets shipped straight to Eastern Europe or China and broken down for parts which are resold back to unauthorised repair shops in the West as official Apple parts.
Or more commonly (2) they will try to socially engineer the owner into giving up their Apple credentials so that they can sign out the iPhone and wipe it. If that fails, go to (1).
When my brother’s partner had her iPhone nicked, they extracted her phone number off the SIM then started sending her messages linking to a phishing iCloud sign in page, saying something like “Your stolen device has been located, sign in here to recover it.”.
The proper comparison is not with Android phones, it’s with iPhones before Apple introduced this feature. The news reported a global drop in iPhone thefts at the time [1].
I disagree that the point of comparison should be iPhones from before this functionality, the point is that the negative effects of locking all parts are not worth the amount of theft, not that they don't reduce theft.
After all, you could massively reduce burglaries too by allowing home security systems to have automated lethal turrets to shoot burglars, but that's considered way too far in terms of social cost by pretty much every place.
The point of my reply was to illustrate the true effect on iPhone theft from this change. Do you have a more accurate way to measure that?
Whether you think the tradeoff is worth it or not is beside the point. I made no claim for or against the tradeoff, so you have nothing to disagree with there.
Really? You are seriously going to compare repairing your iPhone with a threat to people's lives in your neighborhood and beyond? Your analogy is a bust --- the only thing threatened by repairing your iPhone is Apple's profits.
How did you ever get to this point? Did Apple infect you with some sort of mind virus?
> It's not the house builder telling you what you can and can't do; these things are not the same.
The house builder is the app developer
The gov/municipality is Apple
The gov/municipality tells you what you can and can't do. The builder would do it, if you take all the risks and acknowledge that your new building in your garden is not allowed by the gov/municipality.
This "cloud controlled shit" is a rental with no terms and unlimited claw-back. These aren't sales.
If I had a computer, installed remote controlling malware on it, sold it, and then started exerting remote control over it, I'd be arrested and likely sentenced to fraud or hacking.
This is fraud for Apple etm to call this a "sale", and should be prosecuted as such.
Hmm, not sure if the data in the article is correct. I replaced the battery in my SE 2020, there is no persistent warning, but i can no longer check battery health
Yeah, I’ve been replacing parts on and repairing iPhones for 15 years now; more of a hobby and fixing stuff for friends.
The battery is simple to replace even on the newest phones. Sure there’s a warning about non apple part that will show up but eventually subside. And that is only if you don’t swap the BMS module from the original to the new one. Any reputable shop should know to do this and have the skills required to desolder and resolder 2 connections…
I wish someone could ask Apple about the middle ground. You want to protect consumers? Fine. Alert customers to the use of non official parts but don’t brick any functionality then.
I want Apple to tell me when that shop that promises original parts is actually giving me an original which I can track.
I don’t want them stopping me from using it unless it’s genuinely incompatible at a firmware level.
The ability to trivially override serialization would completely rule out the possibility of any sort of anti-theft provision. Phones would be stolen and stripped and sold as parts.
Lest anyone forget, these features were legally mandated over the objections of hardware vendors, and they do have a pretty strong effect on theft rates, theft rates dropped by as much as 38% almost immediately after passing.
I think what would happen is people would get their phone repaired by the sketchy corner store guy, ignore the warning (which would presumably only pop up after they'd gotten the non-approved part installed) and then some time later when their photos/emails/bank balance was accessed they'd go back to Apple to demand an explanation.
Yes. I am an adult. I paid for this exact experience and I don’t need an unrelated third party to get involved and “save” me from getting precisely what I sought and paid for!
This is a case for post-purchase rationalization.
Take an obviously negative trait and spin/distort it in such a way it sounds like an advantage, reinforcing your delusion that you made the right choice.
Same for a single, apple-controlled store, the inability to actually install apps without a store, even deciding what browser engine should everyone use.
I want my phone to be locked down and curated. This isn't post-purchase rationalization. I have actively chosen the iPhone over and over and over since its introduction, because the alternative is so obviously inferior from a security, privacy, and application selection POV.
Obviously, I am making different choices than you are, but it's a weak argument to dismiss them as "rationalization" in a transparent effort to crown your preferred platform king.
And this I think is called gaslighting? Telling somebody they are wrong about what they think or feel? Or maybe not gaslighting. What is the term for this? Attack via psychology undermining?
There is a form of explicit and implicit advertising.
Apple advertised implicitly by consistently fulfilling the promise that if anything bad happens to your iPhone, in most cases an Apple Store can fix it.
Control is a part of this implicit model. This is not a model I myself like (I prefer the more freewheeling Android ecosystem); but I can appreciate why people respond well to it. To your average person who doesn't give a shit about unlocked bootloaders and just wants a way to regularly be in touch with their family and friends, the Apple model probably works better.
Why did you pick bootloaders instead of the more obvious example of battery replacement that any average person can understand - it's cheaper if it's not locked/less controlled by Apple via various means? Also don't see the connection with Apple Store - their implied ability to fix it isn't impugned in this case
I’m not following as to what the Apple store being able to repair phones has to do with them restricting others from making repairs? They were certainly able to repair phones just fine prior to implementing parts pairing.
If this is your mindset, you're on the wrong website. The values of hackers are incompatible with the values of technological serfdom that you're espousing.
And you get to pay for iCloud storage every month forever or iMessage won’t work right. I’m so sick of their shit. If there were any option but Google I’d be all over it.
They control aspects that can adversely affect others in the community --- with disclosure and mutual consent.
Restricting repairs to your iPhone only affects you and Apple's profits --- and there was no disclosure or consent --- i.e. buyer's weren't told in advance.
If only there were phones made by other manufacturers where the experience, which you know in advance, is different from the iPhone experience which you also know in advance! Then this wouldn’t be a monopoly!
As if having just two options were meaningful. Also, the phrase "dominant market position" or "oligopoly" is a mouthful so people just (incorrectly) say "monopoly" for short.
Though since even "literally" nowadays often means "figuratively" instead, you might as well say this is what the word means now.
Meh, I use my iphone as a tool. Not saying I wouldn't like more right to repair/reuse/recycle laws but I'm not panicking yet. And it's not just iphones, my $50k car is not really mine either.
So on my iPhone, I feel that Apple protects us from bad programmers for the most part, because if you look at Android and the lower quality of many of their apps and the way large tech companies run over the users by installing spyware on their devices, but Apple to some extent is protecting us from Facebook and Google and keeping us more in control of our devices, by limiting which applications can be run on them.