I think parts blacklisting (i.e. you report a phone as stolen, all of its OEM parts are blacklisted) is good as an anti-theft measure and achieves the same functionality.
I can also understand parts pairing for Face ID for security, and maybe even the battery. I've had aftermarket battery repairs swell up, which is a safety risk.
But what Apple is doing is using this as a pretense to lock down repairs.
A lot of it is brand protection to be honest. I’ve seen so many cheap “refurbished” iPhones in the past with absolutely terrible cheap parts put in them. For end users this is most immediately apparent when the screens are 3rd party (terrible color, irregular backlighting etc) but these days it is a lot harder to use 3rd party parts.
I think there is an argument to be made that these protections preserve the used Apple market because people can actually trust it for the most part (we certainly see that reflected in the prices). I imagine the lifespan of an iPhone is much longer than a comparable (by footprint) android device.
I’m my mind right to repair trumps all these upsides but it isn’t as clean as it always seems imo.
Providing the user with more information is fine and not anti repair imo. If the user boots the phone and sees a bunch of non-genuine warnings, they can know to steer clear of buying the device.
The larger issue seems to be where there is calibration info that needs to be set up but only Apple has the software and tools for it.
"Providing the user with more information is fine and not anti repair imo. If the user boots the phone and sees a bunch of non-genuine warnings, they can know to steer clear of buying the device."
You're assuming a technical, informed and assertive user here. There are lots of people who don't even try to turn off and on the phone when buying. Or fall for bullshit like 'it's normal, just ignore that message'. And what do you do when some repairman used a knockoff battery and is threatening with calling the police if you don't accept and pay for the 'repaired' phone?
Agreed - I actually think that would solve a lot of this.
Apple could put in as many oem checks as they want, hell, even throw a persistent warning in the settings menu or something to inform and even dissuade but they should absolutely allow it at the end of the day.
That's what they already do, but the genuine OLED ceramic screen can't compete in price with some crappy LCD screen with regular glass that shows ripples when you push it with your finger.
I bought a fake Nokia back in the day (18 years ago). The thing which gave away it was fake was the atrocious battery life (2ish run time hours), and otherwise clunky software. I can assure you faking a hologram was absolutely not problem.
> I've had aftermarket battery repairs swell up, which is a safety risk.
My friends at support had to deal with dozens of original Apple batteries that swelled up. And, contrary to what people may think, Apple doesn't consider a swollen battery a safety issue.[0] But, for certain models, they would replace it at no fee (although such support programs have ended IIRC).
They don't consider all swollen batteries to be safety issues. Clearly, what that page is referring to is that a specific product line was having batteries swell up for non-safety reasons. They still got replaced, but it makes sense if Apple knows the cause and it's not safety related.
Same applies to cameras, microphones, touchscreen, screen, buttons, or really any other sensor or chip etc that is powered and can therefore have a sneaky transmitter inserted. I don’t want someone (nsa cough) being able to sneak in their own module to follow my every whereabouts.
Yes please. Check every item for authenticity. That’s why I’m an Apple customer. I’d buy android if it weren’t the case.
I think the US made it very clear what will happen to you if you provide proof. Better prepare for a Snowden life in the best case. If you are less lucky you might end up Assange.
We're living in age where military base layouts are leaked by fitness trackers. Top secret battle maps leak onto Discord video game channels. Not even as an act of spying, just by accident or carelessness. I just cannot accept that any truly massive secrets could be kept sealed for long. It's the same reason the Area 51 conspiracies are bunk.
How do you expect evidence to be presented when even acknowledging existence of such possibility is highly illegal? Garry Webb suicided with two gunshot wounds to the head.
> "If we had met five years ago, you wouldn't have found a more staunch defender of the newspaper industry than me ... And then I wrote some stories that made me realize how sadly misplaced my bliss had been. The reason I'd enjoyed such smooth sailing for so long hadn't been, as I'd assumed, because I was careful and diligent and good at my job ... The truth was that, in all those years, I hadn't written anything important enough to suppress."
[..]
> Webb's ex-wife, Susan Bell, told reporters that she believed Webb had died by suicide. "The way he was acting it would be hard for me to believe it was anything but suicide," she said. According to Bell, Webb had been unhappy for some time over his inability to get a job at another major newspaper. He had sold his house the week before his death because he was unable to afford the mortgage.
So he was killed indirectly; not a distinction I personally care about. Unless you are investigating state crimes yourself, I wouldn't throw popcorn from the cheap seats.
It’s difficult to provide proof when the act of doing so is either illegal, or gets you targeted by a major nation state. We may never get proof. We may only get proof decades after the fact when it becomes irrelevant.
In cases like this we have to weigh the likelihood and risk regardless, and proactively protect ourselves.
They don't need to ask for any backdoor, there are existing solutions already like Pegasus. It was recently used by Polish government ruling party to spy on opposition under the pretense of looking for 'Russian spies'. Considering our not-very-smart government managed to get it, I can bet people who are actually qualified can do much more already.
Well those are the ones we hear about. I think there's a lot of state-level spying in many software and hardware devices, but of course we don't hear about it
NSA will order Apple to pair that part if they decide to swap it and you wouldn't be able to do anything about it.
If instead of VIN-locking they just notified you a differenr part was swapped out, you could go get some part from a trustworthy third party and replace that potentially back-doored part yourself.
As an electronic engineer I can't even begin to explain how difficult it would be electronically to include a "sneaky transmitter" in a single component
It's way more likely that the NSA would say "hey apple, install this backdoor in your software but don't tell anyone about it"
Imagining that a company that relies of US government for protection of it's IP and profits will protect you from US gobernment has to be the peak of naivite
I suppose the awkward part of blacklisting is that if a phone isn't immediately reported, someone may sell a stolen part to a repair business, which installs it, and then a week later the customers phone is locked down, through no fault of either the person who had their phone repaired or the repair shop
A repair business doing that wouldn't be in business for long though.
There are APIs available for verifying whether FindMy is disabled for the device in question, that might be a better proof that the device is honestly sold to a repair shop for parts.
For devices broken enough that they don't turn on there needs to be a way to remove them from FindMy without using the device though... is removing them from the list available at https://appleid.apple.com enough?
That's a situation where some kind of delay could handle it. They don't need to reuse those parts instantly. I doubt the fraction of people that report a theft after months have gone by is very big.
The customer then kicks up a fuss, the repairman realises that the part came from a stolen phone and the supplier of these parts is either reported or blacklisted by the repairman and every other repairman they know.
> I can also understand parts pairing for Face ID for security
Can someone elaborate on why parts pairing is needed for biometrics?
In my understanding the biometrics module can simply send raw "image" data to the CPU which then performs validation/authentication. Hardware authentication seems to be only necessary if one plans to send some precomputed data.
But I don't understand the very reason behind that. To save power you don't want to run biometrics recognition all the time anyway. If the recognition task is so computationally taxing that even the very powerful CPU present in smartphone cannot provide required hard real time guarantees and therefore an ASIC/FPGA/DSP is needed, well... Apple makes custom hardware anyway, so there is no apparent penalty in embedding biometrics accelerator right into the CPU anyway.
Biometrics need to be evaluated on a separate computer for security reasons. Sending them to the main CPU is a non-starter.
When you do this, the parts must be securely linked otherwise you can swap the biometric system with one that is already unlocked.
And, they want to ensure the Face ID dot projection and image captures come from a real camera and projector system, not some device that spoofs them. And in reverse, to prevent intercepting and capturing biometric data.
> Biometrics need to be evaluated on a separate computer for security reasons.
But why? What's the algorithm/architecture here? I am genuinely curios here.
I guess we can generalize finger/face readers as multichannel cameras. What do you gain by computing a "hash" of the data (and the associated machinery to send that hash securely) versus simply sending raw data for evaluation at CPU level? In the end the CPU has to trust the data sent by peripheral anyway.
I understand the use of separate compute unit when extraction of secrets must be protected, but in this case it is the CPU that protects those secrets anyway.
The validation is done outside the CPU I believe too, that’s certainly what happens with the fingerprint reader. I think the process is documented in the secure enclave white paper
> I've had aftermarket battery repairs swell up, which is a safety risk.
I've had the original, built-in-from-factory battery of a Google Pixel phone swell up. Assuming that this only happens with third-party batteries is something laptop and smartphone manufacturers try to brainwash us into thinking. Buy your third-party battery from a reputable company (not a random seller on Alibaba) and the risk will be the same as buying one from the original device manufacturer.
"That dystopian future that science fiction authors warned us was coming, where DRM infected every part of our lives? We’re living in it. The result of these extensive limitations is a major infringement of ownership rights and amplification of the e-waste crisis."
"Unfortunately, software is the anchor around an otherwise exceptionally designed phone. But without the ability to swap components, repairability suffers dramatically. We don’t purchase products for our team that score below a five, so iFixit will not be purchasing the iPhone 15 for internal use."
Surely if the FaceID module provides a key to decrypt the encrypted contents of the phone, if you swap a module then another module might be able to verify a face but not provide the correct key, and the phone remains locked? If, before you remove the module, you wiped the phone then of course no key is required..
Having a module which could be removed and replaced just say Yes or No would seem to be a very poor design. Also in that case, Apple could presumably authorise a new module, meaning they would retain the capability to break into any phone (which I understood they did not want)
That wouldn’t prevent the case of “the module is swapped for one that unlocks no matter what, and upon noticing the phone isn’t unlocking, the owner resets and sets up Face ID again” right?
Upon noticing the phone isn't unlocking and reading the big warning message that the Face ID module was replaced, which doesn't seem like a big threat vector to me.
I think it is because it’s not “the module is swapped for one that unlocks no matter what, and upon noticing the phone isn’t unlocking, the OWNER resets and sets up Face ID again”, but “the module is swapped for one that unlocks no matter what, and upon noticing the phone isn’t unlocking, the THIEF resets and lets the owner set up Face ID again”.
They’re also is the case of “Steal two phones, swap a few parts, reset the phones, and sell them second-hand”. Both phones will have 100% genuine parts.
> “the module is swapped for one that unlocks no matter what, and upon noticing the phone isn’t unlocking, the THIEF resets and lets the owner set up Face ID again”
The thief wouldn't have been able to reset Face ID, would they? Also it would make sense to warn a second time when you go to set up Face ID again.
If they reset the entire phone, uh, they could have handed you a different phone entirely. I don't see how part swapping is the problem here.
> They’re also is the case of “Steal two phones, swap a few parts, reset the phones, and sell them second-hand”. Both phones will have 100% genuine parts.
What role does the part swap have in this scenario? What stops me from simplifying it to "Steal two phones, reset the phones, and sell them second-hand."? Because if that simplification is valid, then this scenario has nothing to do with repairability.
Apple could still use keys to validate the module is genuine. Then you just need to trust Apple to not release compromised modules. They need to just stop pairing the individual modules to the phone.
I was under the impression that it was all stored in the iPhone's secure element, which is part of the main processor? But they're paired cryptographically - to ensure the data isn't faked. And I would think there is some calibration data. Maybe that's wrong though - are there any docs you can link?
>Can’t swap it else anyone can unlock your phone with a swapped FaceID module.
I think some very highly paid engineer at Apple could figure out this simple solution. "If the FaceId, Fingerprint Reader is compromised you fallback to the password, there should always be a password/PIN for special cases".
Just in case those engineers could not coem up with such ideas , Apple(and others) you can use my idea for free, I will donate it to you for the environment sake.
There is: Take it to Apple and pay to have it fixed by them ;) I dunno if Touch ID is on the list of things they let you do yourself these days, but if so you "only" have to use their kit, which also lets you verify the parts IIUC
Apple tends to overcharge for repairs and even if not it’s better to have competition. The kit isn’t really practical for most people or repair shops, it’s probably mostly a PR stunt
OK, some people downvoted this, so let me explain:
Overcharging: Apple tends to replace whole assemblies rather than individual parts, and don't do board-level repairs or anything. Apple staff are generally just following a procedure and aren't allowed to/aren't trained to solve problems in the best way. Here's an example of them charging for a whole motherboard replacement when the issue was a bent pin: https://www.youtube.com/watch?v=o2_SZ4tfLns
Some people might be OK with this, but not everyone; competition is important!
About the self/independent repair program: The self repair program allows you to order one part at a time and you have to have the device to do it. Realistically, almost no one will do it themselves, and will use a repair shop. The program is impractical for repair shops, because they can't stock parts in advance. The other option is the independent repair program, which effectively turns you into a shipping centre for Apple; it bars you from doing anything but the most basic repairs without sending it to sending things off to Apple and they will do random inspections on your store and fine you if you're actually offering good service like board level repair or using cheaper aftermarket parts. So it's likely that both are mostly just PR stunts to get ahead of regulation while also not making a significant change to their business
I was sarcastic dude, it is clear that Apple is anti independent repair, I should be able to sell my old broken phone for parts, those highly paid engineers should be able to figure it out if management gives them the task to do it.
even a simple charging cable (apple lightning) used to charge iphones etc have a chip, so your device can read cable capabilities when connected and configure it for: power, audio, video, data. there's a great DEF CON 30 presenhacktion on this [1].
as parts/ports are ever-increasingly multi-functional (and more advanced), there needs to be regulations in place to ensure no lockdowns, or preferential treatment. Of course we need hardened security and privacy, but I think Software should be used to detect & notify of atypical/dubious device parts so the User can chose/decide - akin to an AntiVirus.
If certain level of security/safety is required (say gov device, Chief Execs, VIPs etc) then create an Industry Standard and let the OS report on device's Compliance. This way, the market (users) brock low-quality/nefarious tech, not a corporate.
This is fine because anyone wanting a phone to call their mum, text their mates, take selfies, wake up with an alarm and get the football scores can buy a generic Android phone. It all works and the generic android phone can be replaced rather than repaired.
Nobody is forced to be in the Apple ecosystem, and, since when did we all need a supercomputer in our pocket?
Next we will be complaining about tyre prices on Bugattis. People can just buy a Ford.
Wont buy a new iPhone until this is fixed. I usually keep a backup unit for parts, never have I needed to have a 3rd party "help me" keep my production equipment running.
I don't know, I kind of get the security and theft deterrent angle. It's even something I'm willing to pay extra for — I mean, a phone is not a toaster, there's lots of important personal and work stuff on the phone, passwords, documents. None of my Apple devices has ever had to be repaired, but if something happens to my iPhone's Face ID camera tomorrow, I'm heading straight to an authorized shop, no way I'm letting some shopping mall booth tech take chances with something this important.
Actually there are plenty. Look at second hand car parts market and ask yourself how many of them come from stolen carts which are dismembered and packed in boxes the night they're stolen.
iPhones are the same. There's a whole phishing industry to get people to unlock stolen iphones just so they can be wiped and resold.
God, I am so tired of this nonsense. Making stolen phones hard to part out is good! Check eBay for price of iCloud locked phones. Thank Apple for making stealing your phone so unprofitable.
Why is my right to drap eith my phone violated in order to protect me from theft? Freedom for securiry and all that?
This isnt even than usefull, a friend of mine had an iPhone stolen, and then he was contacted by the guy who 'found it' and wanted a reward. Basically extortion.
I pay to use a product and that makes me a slave? That’s intense.
Back in the day I learned to replace the headphone jack on my iPod because it kept breaking. I’ve never encountered any need to do something similar with an iPhone. I guess it’s some sort of loss that I don’t have the option, but it just can’t bring myself to care. The freedom from fear of phone-jacking is worth so much more to me.
And Apple has services for replacing that. Although I used to repair my devices myself, it makes sense from Apple’s POV. There’s far more people who don’t know how to do this (or couldn’t be bothered to learn and when they fuck up, they blame Apple) than people in HN’s demographics that are willing and knowledgeable enough.
The vetting isn't anywhere near the biggest issue. Did you think that's the main thing people were complaining about?
The inability to take parts out of broken phones is one of the big ones. The inability to stock up on parts so they can do a same-day replacement is also one of the big ones.
People are complaining about a lot of things. I don’t know. If there’s a secure way to stock up on parts and use parts from broken phones that also works with anti-theft goals then yes they should do that.
> But even we couldn’t convince them to switch to a standard port—it took the European Parliament to force that particular change.
Anyone with a half-functioning brain knew USB-C was coming to the iPhone well before the EU decision. It's so annoying to see so many people parrot this line. Apple was one of the first to go all-in on USB-C and has been slowly expanding it to whole line. It only makes sense that the iPhone was the last to get the change.
And they said the lightning connector would be the iPhone connector for the next ten years when it launched in 2012.
IMO USB-C is just now in the last year or so truly ubiquitous and has the ecosystem to back it.
That said, it probably would’ve been accelerated if Apple made the move on the iPhone shortly after the Mac. Of course, it would’ve pissed people like my best friend off, who complained for like two years about the last iPhone connector change.
In my eyes, iFixit is doing the customers and the environment a disservice with mixing the actual repairability with the question of "DRM" in parts.
Yes, limitations of self-repair should be clearly pointed out and discussed critically. But on the other side, if the phone becomes easier to repair for Apple-certified shops and Apple shops themselves, this is very important. Because repairs do get cheaper for the customer and repairing phones is good for the environment. Progress there should not be conflated with the DRM issue. They should rather introduce a second score, if they want to score on that.
iFixIt repairability was always about end-consumer repairability. Why would they care if some shops can do it easier? Once it's off the consumer's hand it's their problem how they deal with it. The environmental impact of Apple's own internal practices is their problem not yours (and so far it's been just PR move after PR move to mess with consumers)
If the shop can do it easier, prices tend to be lower. Exchanging a broken back is vastly cheaper on the iPhone 15 compared to the 14. And of course, it makes a difference for the environment, whether a device can be repaired for a reasonable cost. First of all, because it can be repaired and isn't thrown away, and it is more likely that people are willing to pay for repairs, if they are cheaper.
I can also understand parts pairing for Face ID for security, and maybe even the battery. I've had aftermarket battery repairs swell up, which is a safety risk.
But what Apple is doing is using this as a pretense to lock down repairs.