Louis Rossman on soldered SSD

[Analog Kid]

Apple themselves states that it was a factory test unintentionally left in with the iOS update. My source for this claim is is Apple's own statements:

I'll come back to this, but before I do, I feel like we're talking in circles. Can you take a minute to answer the questions I've already asked so I understand the context of the points you're making?

So is it related to increased component serialization or isn't it? Was it a notorious move by Apple to restrict repair or an inadvertent bug that Apple fixed, no harm no foul? And what source do you have saying it wasn't part of an effort to ensure end to end security of TouchID and the secure enclave despite Apple's public statements that it was?

I feel like you've said it isn't for security and then questioned why I quoted you saying it isn't for security. I don't care if it aligns with your previous statements or not, we all get sloppy with words and shift our views as we think about things more, I just want to know what we're arguing about at the moment...

 

[ArkSingularity]

I'll come back to this, but before I do, I feel like we're talking in circles. Can you take a minute to answer the questions I've already asked so I understand the context of the points you're making?



I feel like you've said it isn't for security and then questioned why I quoted you saying it isn't for security. I don't care if it aligns with your previous statements or not, we all get sloppy with words and shift our views as we think about things more, I just want to know what we're arguing about at the moment...

You know, I don't disagree, I think this thread has gone in circles a bit. Apple's own communications have been a bit contradictory about this at times, so I don't think anyone could really be blamed for the confusion. I'd be lying if I said I didn't have to go digging to find consistent information about this myself.

I think this was one of those situations where Apple was acting too quickly after the whole thing happened, and it took a while for the full story to get out. People freaked out because their phones were being bricked and repair shops were getting blamed, so sparks started flying. You're not wrong, the news did jump on this very quickly.

 

[Analog Kid]

You know, I don't disagree, I think this thread has gone in circles a bit. Apple's own communications have been a bit contradictory about this at times, so I don't think anyone could really be blamed for the confusion. I'd be lying if I said I didn't have to go digging to find consistent information about this myself.

I think this was one of those situations where Apple was acting too quickly after the whole thing happened, and it took a while for the full story to get out. People freaked out because their phones were being bricked and repair shops were getting blamed, so sparks started flying. You're not wrong, the news did jump on this very quickly.

But what was the full story, in your view? Was it a notorious serialization effort aimed at restricting repairs or was it an effort to maintain end to end security of the TouchID infrastructure?

 

[ArkSingularity]

But what was the full story, in your view? Was it a notorious serialization effort aimed at restricting repairs or was it an effort to maintain end to end security of the TouchID infrastructure?

Personally? I think it was a mistake made in the iOS update (and that sparks started flying because people's devices were bricked until the fix was announced). I do think people jumped to conclusions a bit too fast (I admittedly did myself at one point), but Apple has cleared it up in an official statement and stated it was a factory test that was accidentally released in the iOS update.

It's possible that they are just trying to save face with this explanation, but to Apple's credit, they generally do have pretty good reputation for holding their ground when security issues are at stake. I think it was just a case of miscommunication that became notorious because a lot of people didn't know why their phones were being bricked, and repair shops were unsure of why they were being accused of breaking them when there was no official process they failed to follow when replacing the sensors (at least, not to my knowledge).

 

[Analog Kid]

Personally? I think it was a mistake made in the iOS update (and that sparks started flying because people's devices were bricked, at least temporarily until the fix was announced). I do think people jumped to conclusions a bit too fast (I admittedly did myself at one point), but Apple has cleared it up in an official statement and stated it was a factory test that was accidentally released in the iOS update.

It's possible that they are just trying to save face with this explanation, but to Apple's credit, they generally do have pretty good reputation for holding their ground when security issues are at stake. I think it was just a case of miscommunication that became notorious because a lot of people didn't know why their phones were being bricked, and repair shops were unsure of why they were being accused of breaking them when there was no official process they failed to follow when replacing the sensors (at least, not to my knowledge).

Ok, that helps. Thanks.

So back to what you were saying:

Apple themselves states that it was a factory test unintentionally left in with the iOS update.

And what Apple said:

Some customers’ devices are showing ‘Connect to iTunes’ after attempting an iOS update or a restore from iTunes on a Mac or PC. This reports as an Error 53 in iTunes and appears when a device fails a security test. This test was designed to check whether Touch ID works properly before the device leaves the factory.

Today, Apple released a software update that allows customers who have encountered this error message to successfully restore their device using iTunes on a Mac or PC.

We apologize for any inconvenience, this was designed to be a factory test and was not intended to affect customers. Customers who paid for an out-of-warranty replacement of their device based on this issue should contact AppleCare about a reimbursement.

(emphasis mine, you may need to expand the full quote)

They didn't say it was unintentionally left in iOS. They said it wasn't intended to affect customers. Those aren't the same thing.

Apple wrote that check expecting that it was part of the final check after Apple or one of their authorized repair centers opened the device and buttoned it back up. iOS isn't the factory diagnostic firmware they load into devices to diagnose subsystems, it's too big for that. iOS is the customer facing OS.

It was meant to detect and flag exactly the things that it did-- unauthorized tampering with core security functions.

repair shops were unsure of why they were being accused of breaking them when there was no official process they failed to follow

That's being a bit disingenuous. They weren't authorized to make this class of repairs and weren't sourced with legitimate parts to do it with. They made the uneducated assumption that because Part A worked in Phone A and Part B worked in Phone B, they should be able to exchange those parts and have it all still work. They didn't account for the fact that Apple was quite serious about maintaining true security, not just superficial security.

a lot of people didn't know why their phones were being bricked

That was the problem. Customers were being hurt and that's what Apple wanted to avoid. The didn't do this to block third party repairs they did it to protect security and uncontrolled access to core security systems is a vulnerability. I don't think they'd care much of unauthorized repair shops had to stop doing TouchID repairs. Apple's focus was on closing a potential (or perhaps active) TouchID vulnerability.

The problem was the customers who already had the repairs done and had gone home. It's a bit late to say "you shouldn't have gotten it repaired where you did". I'm guessing they weren't thinking much about that when they added the check-- TouchID had only been in the market a couple years and I don't think it occurred to them that so many customers may have been given back alley parts.



So, Apple clearly said it occurs when the product fails a security test.

It wasn't meant to make it harder to repair, the intention was to close down a potential vulnerability in their security. That may have the side effect of limiting who can make repairs to authorized shops, but that's what security means: maintaining a chain of trust.

I don't believe it was accidentally left in, it was intentionally put in. Apple's statements don't contradict that. It wasn't meant to affect customers. When that happened they took a different approach.

 

[ArkSingularity]

That's being a bit disingenuous. They weren't authorized to make this class of repairs and weren't sourced with legitimate parts to do it with. They made the uneducated assumption that because Part A worked in Phone A and Part B worked in Phone B, they should be able to exchange those parts and have it all still work. They didn't account for the fact that Apple was quite serious about maintaining true security, not just superficial security.

This is where I think you and I fundamentally disagree on this particular point, and this is for a few reasons. (I respect where you are coming from, I think you have a very well put together argument. But I'll explain exactly where I'm coming from below as well.)

1) Just because some people somewhere (often folks in places overseas who create "frankenstein iPhones" for markets in cities like Shenzhen, where the worldwide electronics enthusiast community is popular for this stuff) swap out parts with non-authentic parts doesn't mean that the majority of independent repair shops are doing this. I think it's unfair to say that they were performing illegitimate repairs because up until this point, there was no documentation that was preventing them from performing this repair, no tool that was required to pair them that they did not have, and no reasonable reason to assume that they would not be able to perform it. Repair shops were swapping genuine touch ID buttons from other donor devices (not counterfeit illegitimate devices). Should there be some level of verification to prevent counterfeits? Of course, but why does that necessarily mean that Apple should intentionally brick devices months after the repair was done on an iOS update? Does Apple have to do this to prevent it? I don't think so at all. If there are tools that Apple uses, or a process that Apple has for preventing it, then that should be much better communicated to the people who have to work on these things, and the concerns that the repair industry might have about ways in which this is or isn't viable should be heard (rather than their voices simply being dismissed because they "aren't Apple")

(To be fair, I'm not arguing error 53 was intentional. I think it was a miscommunication, in light of what we've all learned from the discussions above. However, if it were intentional, I think that makes it worse and not better IMO.)

2) Apple themselves didn't replace home buttons independently. They replaced entire front assemblies, which was much more expensive than it would cost many independent repair shops just to replace a home button. There are actually a lot of situations like this where Apple didn't offer a very cost effective solution, but someone else somewhere with the tools was able to get it done. Of course, is it better to take it to Apple? I'd agree, yes it is. But I don't think it's too much to ask for repair businesses to want an honest effort to avoid making these things intentionally difficult for those who are just trying to help their customers.

Apple has actually done the right thing on this front in more recent times, and has started making some schematics (among other things) more readily available for folks who need to work on these things. I also am very pleased with the direction of the self repair program, and while it still needs some work to make it more practically viable, it's a huge step in the right direction. So I'm definitely not an Apple hater here just trying to bash Apple, I absolutely want to give Apple credit where credit is due. On this, I think it's well deserved.

3) Many people can't afford to pay Apple's price for a particular repair, or very often simply don't live in a city with an authorized repair shop. I have been in both of these situations (went to college in town where there were literally no authorized apple repair stores within three hours of driving distance, and I did not have a schedule that permitted me to travel to an entirely different city before I got my phone fixed, or to be days without my computer or phone while shipping it). The folks who offered to repair my devices were not doing anything nefarious, they were simply offering to repair my device for a price that I could afford. Had it not been for them, I wouldn't have been able to take my devices to Apple. I would have been forced to buy non Apple alternatives at the time because I literally would have been unable to take these devices to Apple (and frankly, that's exactly what I would have done. I would have replaced my devices with non-Apple devices if there was literally no way I could get my Apple devices fixed, but because of a friend who had a side business repairing Apple devices, I was able to get my phone and my computer fixed with genuine Apple parts that had been swapped from donor devices.)

So all in all, I think this is probably the crux of where you and I have fundamentally different views of these things (and that's fine, I think this is a great debate to have and these are discussions that we should have here, both sides of the argument do have valid points to bring to the table).

And of course, I do agree that some folks do nefarious things, but my argument is that there are MANY ways to prevent these folks from doing nefarious things without painting the entire independent repair industry with the same brush. I strongly believe that this is where it hits home for a lot of people in the independent repair industry, because frequently they are misunderstood, blamed, or have their intentions questioned, when in reality most of them are doing perfectly legitimate business (often just helping customers who don't even live in cities where authorized repair shops exist), and are probably just trying to make an honest living like the rest of us. And third party repair shops have been around for all kinds of devices, across all kinds of industries, for... everything. Vehicles, PCs, all sorts of phones, air conditioners, appliances, and all sorts of other devices have repair industries for them. This isn't a "these shops are trying to do something morally wrong by sidelining the official channels" type of a situation, in fact if banning independent mechanics became the norm for the auto industry or for other ubiquitous industries, a lot of us would have to get used to being stranded a lot more often.

The reality is that independent repair folks aren't the enemy. Nefarious actors are, but most independent repair folks aren't nefarious actors. They're just fulfilling a need for customers who often slip through the cracks otherwise, and if we need to do something about nefarious actors (and frankly, I'm not arguing we shouldn't, of course Apple should and we all should), there are always ways to go about this that can listen to the concerns of experienced independent repair folks while still addressing concerns about malicious actors at the same time. Better communication (and more understanding to go around) would go a long ways towards addressing everyone's concerns in my opinion, and would be a win win for everyone.

 

[l.a.rossmann]

I find it sad that you refer to people in this thread without quoting them directly so they're aware they're being spoken of. I know it's uncomfortable after a career speaking from your couch without having to hear a response that doesn't improve your engagement score, but different place, different rules. I'm not a celebrity and everything I say worth commenting on (or not!) is within this forum, I don't expect I'm being talked about without being part of the conversation.

Since all I can do is guess and search what you mean, I'm not finding anything I didn't know. TouchID is a critical piece of the Apple security strategy. Tampering with sensors and the connections to the secure enclave are a potential attack vector. For this reason, Apple restricts unauthorized repair shops, such as yours, from tampering with or attempting to replace the TouchID sensor. Some unauthorized repair shops tried to do it anyway. System tests meant to flag a misconfiguration in an authorized repair began to notice the bad buttons by unauthorized repairs and flagged an error. Apple eventually released a patch that disabled the TouchID functionality but let the phone continue to boot without that feature.

I'm guessing you didn't link to Apple's statement because it doesn't support your argument.

Here was Apple's statement:

We protect fingerprint data using a secure enclave, which is uniquely paired to the touch ID sensor. When iPhone is serviced by an authorised Apple service provider or Apple retail store for changes that affect the touch ID sensor, the pairing is re-validated. This check ensures the device and the iOS features related to touch ID remain secure. Without this unique pairing, a malicious touch ID sensor could be substituted, thereby gaining access to the secure enclave. When iOS detects that the pairing fails, touch ID, including Apple Pay, is disabled so the device remains secure.​

If repair shops sought proper authorization from Apple, or referred security critical repairs to a repair shop suited to handling them, this wouldn't have been a problem, but since some were scavenging buttons from iPhone corpses and installing them it became one. Apple later updated their firmware to support the customers who prefer shops such as yours:

Some customers’ devices are showing ‘Connect to iTunes’ after attempting an iOS update or a restore from iTunes on a Mac or PC. This reports as an Error 53 in iTunes and appears when a device fails a security test. This test was designed to check whether Touch ID works properly before the device leaves the factory.​

​

Today, Apple released a software update that allows customers who have encountered this error message to successfully restore their device using iTunes on a Mac or PC.​

​

We apologize for any inconvenience, this was designed to be a factory test and was not intended to affect customers. Customers who paid for an out-of-warranty replacement of their device based on this issue should contact AppleCare about a reimbursement.​

It is clearly referred to as a security test meant to test the proper functioning of an authorized button when installed by Apple.

So, everything I've said is accurate:



Which you seem to know, or you would have quoted me directly.



Except you're not, or you'd have replied to the people you're addressing rather than making oblique references to them. I won't watch the video and pay you for my time, but if there's something you said in that video that you're willing to repeat here for free and it's interesting enough to engage in, I'm game.

It appears someone else has linked you to a statement that goes over what I said from apple's own announcement. it seems like you are open to the idea that that statement which conflicts with apple's initial PR regurgitation might be valid - which is progress! See, we damn near might agree on something! 😁 I do get off my couch to speak with politicians across the country, so I'm familiar with speaking to those I have disagreements with when they're not spending 10 pages trashing me. 😘

Id ask that you understand, the error 53 argument I've been through many times and since this was mostly put to rest in 2016, it's just not fun anymore in 2023 going over the statements he linked you to. Particularly when arguments that are 7 years out of date are attached to a pile of personal attacks and insults. This is settled to most of us by now, but let's say that statement he linked you to didn't exist, or is untrustworthy. Do me a favor and consider this one for me!

How is a security feature that allows your phone to boot and work with an insecure button for six months prior to an iOS update a security feature? Aside from apple's own mea culpa after the fact, it just doesn't make sense. Secure enclave is designed with the touchid button so the button isn't hot swappable. The phone has to be rebooted for it to work, and upon reboot touch id does not work until a passcode is entered. There are people who actually hack these for law enforcement data recovery professionally like the engineers at cellebrite. Hacked home butons isn't the vector they're using to get in.

I also see a comment on how this was intended to benefit the customer, not hurt them. Do keep in mind everyone who went to apple with this error were greeted with the same option; $299 to swap out a previously working phone that has nothing but a software bug on it... for $299. Many customers did not find this beneficial!

If this were for security rather than QC, it wouldn't boot with that sensor at all. It wouldn't allow the phone to boot for six months and then only brick the device after an iOS update. Go visit the data recovery/law enforcement conference they do in Myrtle Beach every year. It's awesome. People from all over the world, and all walks of life visit whose job it is to crack these devices for law enforcement purposes that are way smarter than me. This isn't how they're breaking into the phone!

In terms of why it happened, I don't think it was nefarious. Just a mistake. Occam's razor. We all make mistakes sometimes. The pain point was when PR jumped the gun saying it was the stupid repair people who broke the devices and that the error was there to preserve security. Error 53 makes sense while it's on the assembly line. It doesn't make sense in the wild. If a phone missed calibration during manufacturing, it absolutely makes sense for it to be bricked Incase it missed getting flagged during QC. Bricking a customer's phone months after a hostile part failed only after an update gets installed isn't security.


My point in bringing this up? A lot of people in this thread are asking me to be able to accurately and honestly assess apple's intentions for how or why they design and respond the way they do. Which is difficult, given that employees of the company with access to company resources and engineers can't! If they can't get a straight answer, how am I supposed to? Their first response, even when they have access to accurate information, is to say "something something security independent repairers messed it up" even when they know better.

Personally I think it'd be great fun if we could all get along.... Way more people would be happy all around with their devices regardless of what they chose to do with them. So many customers would be less confused. And so many people would have better repair experiences, regardless of whether they had the job done with apple directly or a guy like me. I'm personally going to be doing this until I'm dead, regardless of whether we're "authorized" or not. And it'll be to a standard that keeps us top rated on Google maps or wherever else when it comes to customer satisfaction. In terms of unauthorized people doing repairs they're not supposed to.. we're going to do that. Nobody has to be "authorized" to fix a consumer grade laptop or cellphone! it would be nice to be able to pay to get access to the tools and diagrams authorized places do, so we'd know how to give them back to customers in tip top condition! I think there's a name for what we're asking for... It's on the tip of my tongue 😉

Join the dark side! You can use and love apple products, enjoy how they're made and what they do for you, while simultaneously seeing our side of it! It's not mutually exclusive. Hell, it could even be fun.

My workshop has three benches fitted with all of the equipment myself and my staff use for repairs, and they're open to the public during open hours for anyone to come by and use. That's their purpose, 1130 to 630 pm Monday to Friday. The most fun way to expand the tent of repair is getting people to join in on our fun. Come by and try - you might have some fun! 😊 I extend you, or anyone else here an invitation.

 

[Analog Kid]

And of course, I do agree that some folks do nefarious things, but my argument is that there are MANY ways to prevent these folks from doing nefarious things without painting the entire independent repair industry with the same brush.

Nobody was painting anyone with a brush. I wasn't. Apple didn't appear to be.

My point, quite plainly, was that the repair shops affected have no relationship with Apple. Whether they were doing anything wrong or not, what they were doing wasn't sanctioned and they had no reason to expect to continue operating as they had.

The software equivalent would be if the fingerprint data were stored in plain text a company realized they could just copy it from one phone to another when a customer changes devices-- it should be a clue that while it might be a convenience now it's a gap in security that will probably be closed someday.

That said, I'm not sure of the many ways you have in mind to ensure secure repair. I keep hearing people say "there's other ways of doing such and such", without providing other ways and with full confidence that they know all the intricacies of a product that I suspect few if any even within Apple understand all the intricacies of. Maintaining a chain of trust in hardware is exceedingly hard. That doesn't mean there's one way to do it, but it does mean that it requires thought and care and isn't easily solved.

Apple's way isn't perfect but is pretty good, frankly: serialize the parts, work through authorized agents, confirm nothing is tampered with and the connections are clean. It's not perfect but, like the code signing in the AppStore, if someone violates the trust given to them you can identify the source of the problem and isolate the damage.

Most of the people on the street aren't nefarious, but I still control who has keys to my home. That doesn't mean I think everyone is bad, it means I can't always tell who is and who isn't and don't want to take the risk. Apple provides a path to become a trusted partner. Maybe some people don't want to go down that path, but then they shouldn't be expected to be trusted.

It's nice to have repair options, but I won't sacrifice the integrity of a product for it.

I zeroed in on what I think was the heart of your argument rather than what would have been a much longer point by point over what I think was mostly build up to the part I quoted. I'm not trying to dismiss the effort you put into the long explanation, so if you think I missed something let me know.

 

[ArkSingularity]

That said, I'm not sure of the many ways you have in mind to ensure secure repair. I keep hearing people say "there's other ways of doing such and such", without providing other ways and with full confidence that they know all the intricacies of a product that I suspect few if any even within Apple understand all the intricacies of. Maintaining a chain of trust in hardware is exceedingly hard. That doesn't mean there's one way to do it, but it does mean that it requires thought and care and isn't easily solved.

Apple's way isn't perfect but is pretty good, frankly: serialize the parts, work through authorized agents, confirm nothing is tampered with and the connections are clean. It's not perfect but, like the code signing in the AppStore, if someone violates the trust given to them you can identify the source of the problem and isolate the damage.

Most of the people on the street aren't nefarious, but I still control who has keys to my home. That doesn't mean I think everyone is bad, it means I can't always tell who is and who isn't and don't want to take the risk. Apple provides a path to become a trusted partner. Maybe some people don't want to go down that path, but then they shouldn't be expected to be trusted.

It's nice to have repair options, but I won't sacrifice the integrity of a product for it.

Here's the problem i have with this argument: If locking down maintenance and repair to the manufacturer is the ONLY way to ensure security, reliability, and the whole nine yards, why don't we do this in the auto industry?

Let's face it: Cars kill people when they break down in really bad ways. If the gas pedal decides to keep itself glued to the floor or a tire just falls off the car at the wrong time, that car is going to ram into something and destroy things, possibly at the cost of lives.

And yet... we don't force cars to be maintained only by the manufacturer. We will generally agree that it's BETTER to go to the dealer when you can, but there are plenty of perfectly valid reasons that people's tires, or their brakes, or plenty of other maintenance and/or repair items might be done by someone else.

If your car breaks down and you're two or three hours away from the nearest dealer, why would you get it towed there when a reputable, well rated shop with an excellent reputation (a verifiably excellent reputation) might exist a lot closer? Would the car manufacturer be the good guy if they forced the customer to pay someone to tow the car hours away just to be inspected by them and not by any number of qualified people who might be nearby? Can you not think of cases where it might be reasonable for someone to take it to someone they trust, whether or not that's the manufacturer itself?

There are plenty of reasons we don't do this in the auto industry, where the stakes are honestly much higher than they are in the tech industry. It's unrealistic to expect nobody else to ever touch the insides of an important technology device (one that people depend on for their day to day lives) when the company that makes this device doesn't even have authorized service/repair centers in every geographical area.

 

[120FPS]

I find it sad that you refer to people in this thread without quoting them directly so they're aware they're being spoken of. I know it's uncomfortable after a career speaking from your couch without having to hear a response that doesn't improve your engagement score, but different place, different rules. I'm not a celebrity and everything I say worth commenting on (or not!) is within this forum, I don't expect I'm being talked about without being part of the conversation.

Since all I can do is guess and search what you mean, I'm not finding anything I didn't know. TouchID is a critical piece of the Apple security strategy. Tampering with sensors and the connections to the secure enclave are a potential attack vector. For this reason, Apple restricts unauthorized repair shops, such as yours, from tampering with or attempting to replace the TouchID sensor. Some unauthorized repair shops tried to do it anyway. System tests meant to flag a misconfiguration in an authorized repair began to notice the bad buttons by unauthorized repairs and flagged an error. Apple eventually released a patch that disabled the TouchID functionality but let the phone continue to boot without that feature.

I'm guessing you didn't link to Apple's statement because it doesn't support your argument.

Here was Apple's statement:

We protect fingerprint data using a secure enclave, which is uniquely paired to the touch ID sensor. When iPhone is serviced by an authorised Apple service provider or Apple retail store for changes that affect the touch ID sensor, the pairing is re-validated. This check ensures the device and the iOS features related to touch ID remain secure. Without this unique pairing, a malicious touch ID sensor could be substituted, thereby gaining access to the secure enclave. When iOS detects that the pairing fails, touch ID, including Apple Pay, is disabled so the device remains secure.​

If repair shops sought proper authorization from Apple, or referred security critical repairs to a repair shop suited to handling them, this wouldn't have been a problem, but since some were scavenging buttons from iPhone corpses and installing them it became one. Apple later updated their firmware to support the customers who prefer shops such as yours:

Some customers’ devices are showing ‘Connect to iTunes’ after attempting an iOS update or a restore from iTunes on a Mac or PC. This reports as an Error 53 in iTunes and appears when a device fails a security test. This test was designed to check whether Touch ID works properly before the device leaves the factory.​

​

Today, Apple released a software update that allows customers who have encountered this error message to successfully restore their device using iTunes on a Mac or PC.​

​

We apologize for any inconvenience, this was designed to be a factory test and was not intended to affect customers. Customers who paid for an out-of-warranty replacement of their device based on this issue should contact AppleCare about a reimbursement.​

It is clearly referred to as a security test meant to test the proper functioning of an authorized button when installed by Apple.

So, everything I've said is accurate:



Which you seem to know, or you would have quoted me directly.



Except you're not, or you'd have replied to the people you're addressing rather than making oblique references to them. I won't watch the video and pay you for my time, but if there's something you said in that video that you're willing to repeat here for free and it's interesting enough to engage in, I'm game.

You’re trying to have a discussion by ignoring what he has said on the topic? I don’t think you know how much people make on YouTube through views so being difficult isn't working in your favour and is keeping you from engaging in the topic with some civility. To be honest I struggle with the quoting system on here, I just tend to just use reply if I can.

 

[NT1440]

Is this part true? My understanding is that TouchID won’t work unless the part is sourced and installed through an authorized provider. The button clicks, but TouchID doesn’t.

Admittedly it’s been a long while since I’ve read up on it, it might just be the removal of the error.

 

[Analog Kid]

After-note: Damn, this got long... To quote John Locke, "But to confess the Truth, I am now too lazy, or too busy to make it shorter."

Id ask that you understand, the error 53 argument I've been through many times and since this was mostly put to rest in 2016, it's just not fun anymore in 2023

You raised it not me. Error 53 was what you chose to address in my comments, or what I assume were my comments... And I wasn't the one to raise it in the thread either.

it seems like you are open to the idea that that statement which conflicts with apple's initial PR regurgitation might be valid

You're going to have to clarify what you mean here... Which statement contradicts which regurgitation?

I do get off my couch to speak with politicians across the country, so I'm familiar with speaking to those I have disagreements with when they're not spending 10 pages trashing me.

If politicians are your idea of strenuous debate, I can see why you've fallen out of practice... Spend more time around here looking for something other than "Apple fans say bad things about me" fodder for your channel and you might both have an opportunity to both teach and learn.

You view that people have it in for independent repairers might be a symptom that you've spent too much time behind the battlements. And the view that people are spending time trashing you might be the fact that nobody knows you, they just know the person you play on YouTube.

How is a security feature that allows your phone to boot and work with an insecure button for six months prior to an iOS update a security feature?

So if an attack vector is left open on release, it should never be patched?

I don't know the inside story on why Apple made the change, and I don't think it's a big enough deal that anyone is going to write a tell-all about it, but I can think of at least three possible reasons: they observed this vector being exploited in the field, a large bulk customer identified it as a security gap and predicated an order on correcting it, an engineer had an "oh ****" moment and raised it in a security review.

It's not uncommon for a basic implementation of a technology to be released to start and have it improved over time.

Secure enclave is designed with the touchid button so the button isn't hot swappable. The phone has to be rebooted for it to work, and upon reboot touch id does not work until a passcode is entered. There are people who actually hack these for law enforcement data recovery professionally like the engineers at cellebrite. Hacked home butons isn't the vector they're using to get in.

Any vector will eventually be attacked if left open. I'm not sure how you know nobody was exploiting it-- that sounds unknowable. If it wasn't being exploited yet, it would be eventually. Surely you've seen how the NSA and other organizations attack these things. I raised Huawei as another example.

The pain point was when PR jumped the gun saying it was the stupid repair people who broke the devices and that the error was there to preserve security.

I haven't seen the quote about stupid repair people... If Apple actually said that, it might change my view on their PR approach.

Still, the check existed to preserve security. I really, honestly, and with all my heart can't understand how someone wouldn't see that.

My point in bringing this up? A lot of people in this thread are asking me to be able to accurately and honestly assess apple's intentions for how or why they design and respond the way they do. Which is difficult, given that employees of the company with access to company resources and engineers can't! If they can't get a straight answer, how am I supposed to? Their first response, even when they have access to accurate information, is to say "something something security independent repairers messed it up" even when they know better.

I don't think anyone is asking you to assess Apple's intent, I think they're trying to say the assessment you're volunteering isn't fully supported by the facts and to open your mind to the possibility that not everyone shares your goals or wants the products you're pushing to have made.

I still haven't seen anything where someone said "independent repairers messed it up". What I've seen is "to maintain a secure chain of trust, we can't allow the kinds of modifications that independent repairers have been trying to make".

You've build a mindset around the idea that Apple has it in for you-- they don't. They're focused on their vision of their customer experience. You aren't the customer and your approach to handling TouchID broke the security model they were trying to build.

Error 53 makes sense while it's on the assembly line. It doesn't make sense in the wild.
If a phone missed calibration during manufacturing, it absolutely makes sense for it to be bricked Incase it missed getting flagged during QC.

If you expand the definition of "assembly line" to include the repair bench, then I think you've got agreement from me (and apparently Apple). This should detect a mismatch in parts and if the mismatch happens during repair it should be caught before it gets to the customers hands.

As I said to @ArkSingularity, I think Apple was surprised to learn how many phones in the field had had organ transplants. They turned it on and found all the hardware that had been modified since the dawn of time, but flagged it too late to be useful to the customer. Thus the carved out an exception.

In terms of unauthorized people doing repairs they're not supposed to.. we're going to do that. Nobody has to be "authorized" to fix a consumer grade laptop or cellphone! it would be nice to be able to pay to get access to the tools and diagrams authorized places do, so we'd know how to give them back to customers in tip top condition! I think there's a name for what we're asking for... It's on the tip of my tongue 😉

The name you're looking for is "authorized service center".

You're welcome to keep trying to do things the hard way and playing the martyr when it turns out to be hard. Any revenue you lose in your repair business will likely be repaid 10 fold in your YouTube channel.

I say that as a dig with some respect-- I was going to comment on how building a business without contractually guaranteeing your ability to operate isn't wise, but you've managed to establish an effective hedge.

Join the dark side! You can use and love apple products, enjoy how they're made and what they do for you, while simultaneously seeing our side of it! It's not mutually exclusive. Hell it could even be fun.

I totally understand the joy of tearing things apart and hacking them back together. My parents were quite patient with the fact that not a single piece of electronics or anything mechanically interesting in my house survived its warranty period.

I'm glad we have a maker community, I'm glad we have Android and Linux and Raspberry Pis and a million ways to explore. I lament how hard it is for kids to really understand hardware now that things are so integrated that you can't fully get any real insight with just a scope and terminal.

But I have a life and a job and want dependable tools tailored to those purposes. Apple makes the right tradeoffs for me in and it doesn't serve my personal needs to see their focus shift away from that.

I also think it's doing people in general a disservice to frame everything as us vs them, and make every Apple decision appear as though it's hypocritical, untrustworthy, or seeking profits by scam rather than value. That's a lot of the push back you see in this thread, and it's not all directed at you, its directed at other commenters in the thread some of whom invoke your name.

 

[Analog Kid]

Here's the problem i have with this argument: If locking down maintenance and repair to the manufacturer is the ONLY way to ensure security, reliability, and the whole nine yards, why don't we do this in the auto industry?

Let's face it: Cars kill people when they break down in really bad ways. If the gas pedal decides to keep itself glued to the floor or a tire just falls off the car at the wrong time, that car is going to ram into something and destroy things, possibly at the cost of lives.

And yet... we don't force cars to be maintained only by the manufacturer. We will generally agree that it's BETTER to go to the dealer when you can, but there are plenty of perfectly valid reasons that people's tires, or their brakes, or plenty of other maintenance and/or repair items might be done by someone else.

If your car breaks down and you're two or three hours away from the nearest dealer, why would you get it towed there when a reputable, well rated shop with an excellent reputation (a verifiably excellent reputation) might exist a lot closer? Would the car manufacturer be the good guy if they forced the customer to pay someone to tow the car hours away just to be inspected by them and not by any number of qualified people who might be nearby? Can you not think of cases where it might be reasonable for someone to take it to someone they trust, whether or not that's the manufacturer itself?

There are plenty of reasons we don't do this in the auto industry, where the stakes are honestly much higher than they are in the tech industry. It's unrealistic to expect nobody else to ever touch the insides of an important technology device (one that people depend on for their day to day lives) when the company that makes this device doesn't even have authorized service/repair centers in every geographical area.

Sorry, I am decidedly not a car guy and have no idea how this plays out in the automotive world...

I pretty sure though that the only industry that has more "but that's how it's always been done" safety exceptions carved out than the automotive industry is the agriculture industry. So it's not a very good comparison for modern safety or security standards.

That said, there are very stringent regulations on software development and safety testing for automobiles and parts suppliers. I would expect that when sensors and computers start making actual driving decisions that we'll see much tighter control over repair than we do now.

And even today, don't mechanics and repair shops need to be trained, licensed and certified to do work for the public in a way that computer repair shops do not? I don't know for sure, I just have a vague memory of certificates on the wall.

 

[ArkSingularity]

I also think it's doing people in general a disservice to frame everything as us vs them, and make every Apple decision appear as though it's hypocritical, untrustworthy, or seeking profits by scam rather than value. That's a lot of the push back you see in this thread, and it's not all directed at you, its directed at other commenters in the thread some of whom invoke your name.

Earlier in this thread, you said that Rossmann was "pretty much" selling soy pills and snake oil in reference to comparisons being made between him and Alex Jones. I don't really know how this whole thread doesn't come across as though it's directed towards Rossmann. The entire thread is filled with attacks (many of them personal) against Rossmann, so to say that it's not directed towards him honestly comes across as blatant gaslighting at this point.

I can talk to people I disagree with. I often learn things in the process (and I'd be lying if I said I wasn't learning some things even in this thread). But to claim that much of this thread isn't directed at Rossman is just objectively false and frankly manipulative.

I think I've made my point and feel pretty comfortable resting my case. Not a personal attack against you, just isn't productive use of my time. Have a good night.

 

[Analog Kid]

Earlier in this thread, you said that Rossmann was "pretty much" selling soy pills and snake oil in reference to comparisons being made between him and Alex Jones. I don't really know how this whole thread doesn't come across as though it's directed towards Rossmann. The entire thread is filled with attacks (many of them personal) against Rossmann, so to say that it's not directed towards him honestly comes across as blatant gaslighting at this point.

I can talk to people I disagree with. I often learn things in the process (and I'd be lying if I said I wasn't learning some things even in this thread). But to claim that much of this thread isn't directed at Rossman is just objectively false and frankly manipulative.

I think I've made my point and feel pretty comfortable resting my case. Not a personal attack against you, just isn't productive use of my time. Have a good night.

There is Rossmann the person that we are talking to in this thread and there is Rossmann the hero-influencer that people base their world view on.

Rossmann the YouTube channel is a business no different than Apple is a business. Saying Rossmann the YouTube channel is trying to drum up views is no more personal than saying Apple is making decisions for business reasons.

I have nothing against Rossmann the person and I am willing to talk to that person in this thread and perhaps learn (and perhaps teach). But if people are going to point to the voice on YouTube that is telling them what to believe, I'm going to make the point that I don't consider it to be a credible source. The more people lionize a source I find non-credible, the more I'm willing to poke at that illusion.

YouTube channels make their money from controversy and engagement. Just looking at the titles and thumbnails on the channel it's clear that rabble rousing is part of the strategy. Heck, he even took this thread and used it as fodder for his channel to drum up engagement and rally the troops. That needs to be taken into account when considering the information that is being shared. Rossmann's channel, and MaxTech in particular have a demographic they're tilted towards and I've seen enough to discredit them in my eyes. The story he's trying to sell on the channel smells of snake oil to me.

As I said, a lot of the push back isn't against Rossmann the person, but Rossmann the message. That message was structured to have an emotional impact and it does, for better and for worse.

 

[l.a.rossmann]

After-note: Damn, this got long... To quote John Locke, "But to confess the Truth, I am now too lazy, or too busy to make it shorter."


You raised it not me. Error 53 was what you chose to address in my comments, or what I assume were my comments... And I wasn't the one to raise it in the thread either.


You're going to have to clarify what you mean here... Which statement contradicts which regurgitation?


If politicians are your idea of strenuous debate, I can see why you've fallen out of practice... Spend more time around here looking for something other than "Apple fans say bad things about me" fodder for your channel and you might both have an opportunity to both teach and learn.

You view that people have it in for independent repairers might be a symptom that you've spent too much time behind the battlements. And the view that people are spending time trashing you might be the fact that nobody knows you, they just know the person you play on YouTube.


So if an attack vector is left open on release, it should never be patched?

I don't know the inside story on why Apple made the change, and I don't think it's a big enough deal that anyone is going to write a tell-all about it, but I can think of at least three possible reasons: they observed this vector being exploited in the field, a large bulk customer identified it as a security gap and predicated an order on correcting it, an engineer had an "oh ****" moment and raised it in a security review.

It's not uncommon for a basic implementation of a technology to be released to start and have it improved over time.



Any vector will eventually be attacked if left open. I'm not sure how you know nobody was exploiting it-- that sounds unknowable. If it wasn't being exploited yet, it would be eventually. Surely you've seen how the NSA and other organizations attack these things. I raised Huawei as another example.



I haven't seen the quote about stupid repair people... If Apple actually said that, it might change my view on their PR approach.

Still, the check existed to preserve security. I really, honestly, and with all my heart can't understand how someone wouldn't see that.


I don't think anyone is asking you to assess Apple's intent, I think they're trying to say the assessment you're volunteering isn't fully supported by the facts and to open your mind to the possibility that not everyone shares your goals or wants the products you're pushing to have made.

I still haven't seen anything where someone said "independent repairers messed it up". What I've seen is "to maintain a secure chain of trust, we can't allow the kinds of modifications that independent repairers have been trying to make".

You've build a mindset around the idea that Apple has it in for you-- they don't. They're focused on their vision of their customer experience. You aren't the customer and your approach to handling TouchID broke the security model they were trying to build.



If you expand the definition of "assembly line" to include the repair bench, then I think you've got agreement from me (and apparently Apple). This should detect a mismatch in parts and if the mismatch happens during repair it should be caught before it gets to the customers hands.

As I said to @ArkSingularity, I think Apple was surprised to learn how many phones in the field had had organ transplants. They turned it on and found all the hardware that had been modified since the dawn of time, but flagged it too late to be useful to the customer. Thus the carved out an exception.



The name you're looking for is "authorized service center".

You're welcome to keep trying to do things the hard way and playing the martyr when it turns out to be hard. Any revenue you lose in your repair business will likely be repaid 10 fold in your YouTube channel.

I say that as a dig with some respect-- I was going to comment on how building a business without contractually guaranteeing your ability to operate isn't wise, but you've managed to establish an effective hedge.



I totally understand the joy of tearing things apart and hacking them back together. My parents were quite patient with the fact that not a single piece of electronics or anything mechanically interesting in my house survived its warranty period.

I'm glad we have a maker community, I'm glad we have Android and Linux and Raspberry Pis and a million ways to explore. I lament how hard it is for kids to really understand hardware now that things are so integrated that you can't fully get any real insight with just a scope and terminal.

But I have a life and a job and want dependable tools tailored to those purposes. Apple makes the right tradeoffs for me in and it doesn't serve my personal needs to see their focus shift away from that.

I also think it's doing people in general a disservice to frame everything as us vs them, and make every Apple decision appear as though it's hypocritical, untrustworthy, or seeking profits by scam rather than value. That's a lot of the push back you see in this thread, and it's not all directed at you, its directed at other commenters in the thread some of whom invoke your name.

I didn't raise the error 53 point, you did. You raised error 53 as an example of when people who don't understand how a system is put together criticize these things and make themselves look stupid without understanding the design of the system. I pointed out that you did not understand that this was not a security issue.

You linked to Apple's statement prior to engineers coming out with the information that ark linked you to.

"So if an attack vector is left open on release, it should never be patched?"

Hardly. This is a straw man, and a red herring. This again goes back to what I was saying, you are accusing us of not understanding the feature but you don't understand the feature.

It is not that the new software update caused the phone to be a brick because apple pushed error 53 to it as an update in a new version of iOS. Rather, it was the act of installing ANY software update at all that resulted in error 53. It was not the new firmware that was telling the phone to error 53 because the new firmware contained something the old firmware did not. It was the very firmware the device shipped with that would cause the device to error 53 if the home button wasn't the original upon an update to any iOS version, whether weeks after the device came out or years later.

These phones shipped to the customer with software that would cause the device to break itself with error 53 anytime a home button was changed outside of apple and it was updated, whether the first update or an update years down the line. error 53 WASN'T functionality that was added with an update and then removed with a newer update. The devices shipped with the original stock firmware programmed to act in this manner upon an update.

That's not security. You don't wait until the device is updated to disable yourself if a hacked part is detected, you do it immediately.

They patched the issue by getting rid of error 53 entirely and apologizing for it, not by adding error 53 into the equation later. Error 53 wasn't added via an update, it was initialized when you updated.

how can it even be argued this is for security when it was removed entirely?

Above all, how can you not know the difference between these two things and then condescend others who do? I've been kind to this point, but to be brazenly insulting and condescending when you have less knowledge on the issue than my store's shipping clerk on how these devices work is absurd. You're grasping at straws because the low blow character assassination stuff isn't sticking.

You're suggesting we have something to learn from you while demonstrating compete ignorance over something that was settled seven years ago. You fundamentally don't understand how any of this works yet you talk down with a bitter and insulting attitude. You are genuinely, beyond clueless on how these systems work.


Further, authorized service centers do not get access to motherboards schematics, motherboard boardviews, or even the charge port to an iPhone. The term I am looking for is not authorized service center because authorized service centers are not given access to supply chains to purchase any of what I use to do my job. This is something you would know if you had done research before blindly throwing insults at the wall to see what sticks.

I am always open to speaking to people on the other side of the aisle and engaging with different perspectives. That you call this "rallying troops" is ridiculous. Someone may watch who agrees with what's in this thread; and they get to hear the other side of it. And vice versa. This is called discussion. It's how you build a discussion, a movement, and mqke progress.

But what I find really funny is you can't see how claiming I'm a soy pill snake oil peddler isn't an invitation to discussion. Just admit you want to insult and character assassinate. If you're going to be the b... Be the WHOLE b! Stand by the words you chose. Or apologize. But the weasely way you communicate here out both sides of your mouth is kinda shameful.

 

[ArkSingularity]

There is Rossmann the person that we are talking to in this thread and there is Rossmann the hero-influencer that people base their world view on.

Rossmann the YouTube channel is a business no different than Apple is a business. Saying Rossmann the YouTube channel is trying to drum up views is no more personal than saying Apple is making decisions for business reasons.

I have nothing against Rossmann the person and I am willing to talk to that person in this thread and perhaps learn (and perhaps teach). But if people are going to point to the voice on YouTube that is telling them what to believe, I'm going to make the point that I don't consider them to be a credible source. The more people lionize a source I find non-credible, the more I'm willing to poke at that illusion.

YouTube channels make their money from controversy and engagement. Just looking at the titles and thumbnails on the channel it's clear that rabble rousing is part of the strategy. That needs to be taken into account when considering the information that is being shared. Rossmann's channel, and MaxTech in particular have a demographic they're tilted towards and I've seen enough to discredit them in my eyes. The story he's trying to sell on the channel smells of snake oil to me.

As I said, a lot of the push back isn't against Rossmann the person, but Rossmann the message.

I mean, am I supposed to fall for that or something? Are you being sarcastic? I want to give you the benefit of the doubt here, but I'm genuinely having a hard time seeing how you could seriously be making the case that the personal attacks being made in this thread somehow were made against "Rossmann the message" when the substance of many of them was a direct attack on his character and intentions.

I'm sorry, but I'm having a lot of trouble really seeing how this is productive, and I don't really want this to devolve into a flame war. I think we are going to have to agree to disagree on this one.

 

[Jay Tee]

TL;DR - it depends what you break, and how bad you break it!! Sometimes Applecare+ is a steal and you are lucky you got it. Sometimes you will be paying almost $700 for a basic repair. Did you break your machine in a way where I can salvage what you have, or did you break it in a way where I have to replace everything? If you did the former, you're almost always better off with a good independent. If the latter, Applecare+ would've been the way to go.

When it comes to warranties, that's where I'm going to be talking out of my ass. I 100% admit I do not keep up to date on this and don't have much knowledge on it at all, so take with a grain of salt.

The OLD Applecare that I remember back when I started doing this in 2008 wasn't a great deal. From what I remember, you had zero coverage for accidental damage. It was just an extended warranty that extends you to the warranty that other countries with halfway decent consumer law give you to begin with. You still got quoted $700+ for a screen back then even if you had applecare. This left a bad taste in a lot of people's mouths. I universally suggested people stay away from this plan.

Apple listened to consumer feedback and it got a lot better. Now it's more like an insurance plan... Applecare+ covers accidental damage incidents if you paid a deductible The last time I went over the pricing of this was over 5 years ago. It was $379ish from what I remember to buy applecare, and $299 for a deductible. From what I see, the same $299 deductible exists and pricing is $179-$399 for 3 years of base coverage. It can actually be a good deal, and a way better deal than ANY independent service center, depending on how you broke the machine!

In 2018 when I wrote that page for my site, if you had a machine where I could fix the board - I was a better deal, every time. If you had a machine where your board was unfixable & needed replacement, applecare+ w/ deductible was a better deal. It seems like that is still the case.

Some examples:

Where we beat Applecare+:
Let's say you have a 16" Macbook Pro. $399 for 3 years base coverage, $299 deductible. That means a liquid damaged board repair will cost you $698 through apple, vs $325-$425 through us. Applecare loses. That same repair can be found cheaper if you find a place that has lower payroll than we do. Also keep in mind this is only for the first 3 years - after that, you're on your own unless you keep renewing. In this scenario, We are the better deal. The price is lower, and the price stays lower for longer.

Where Applecare+ beats us:
Let's say you got water on the power supply for the T2. T2 got 12v. CPU got 12v. GPU got 12v. This board is toast. I can't fix it, I can only replace it, and it costs over $1200... Applecare will cost you $698 for the entire repair, which is hundreds less than my parts cost of the board. AND, Apple will cover everything else that's wrong with the machine. Applecare is a way better deal in this case.

Where we beat Applecare+:
Let's say your issue with the machine is nothing but... an angle sensor.... a sub-$300 repair. BUT... but.. it has liquid damage on it! Even though the rest of the machine is liquid free... they're not having it. You have to pay the full rate for a liquid damage repair. You're stuck paying $698 through Applecare+, and it has to be in the first 3 years. That's harsh. We charge less than half that and it would be the same whether you're 3 years in or 7 years in. Actually cheaper 7 years in because parts cost is cheaper, machine is older & easier to work on once more familiar with it, etc.

Where Applecare+ beats us:
If you have any uncertainty about the quality of the independent repairers in your area and just don't want to deal with going outside of Apple, the price premium of Apple would make sense.

Again, Applecare+ is faaaar from what it was back in 2008. I remember people getting quoted $1200 for display assemblies because of a cracked screen back when a grade A+ screen from a factory unopened AUO box was $77. Apple had zero mercy for the customer that they paid $300+ for Applecare when they bought the machine.. the $300 would cover the screen and $200+ on top in labor... but they still wanted $1200. It was a crazy time.

Apple listened to their customers and came up with a far less crappy system, which is a good thing for you all. Applecare+ of 2023 is a far cry from the Applecare of 2008 when I started doing this, shortly before registering on this forum

If you're careless, I would get Applecare+ and keep renewing it every year. If you are not careless, I wouldn't. It's impossible to say whether it is a good deal without specific future-vision into how you will damage your machine.

Thank you for a very comprehensive and thoughtful reply.

By clarifying exactly where you've positioned your business, I'm now, not less, but in fact, more confident in making an Apple purchase. It's gratifying to know there's a business out there that's going to take care of my device with quality sourced materials, which adds longevity to my machines.

Furthermore, I'm now less apprehensive when considering upgrades to my Apple purchases at the point of sale, which translates to even more revenue to them.

 

[l.a.rossmann]

Thank you for a very comprehensive and thoughtful reply.

By clarifying exactly where you've positioned your business, I'm now, not less, but in fact, more confident in making an Apple purchase. It's gratifying to know there's a business out there that's going to take care of my device with quality sourced materials, which adds longevity to my machines.

Furthermore, I'm now less apprehensive, in adding upgrades to my Apple purchases at the point of sale, which translates to even more revenue to them.

Any time! I'd suggest anyone who said fk it to applecare 10 years ago to reconsider it now. It's not always the best, but it's WORLDS better than what was being sold in the A1286 days. A completely different product now.

 

[ArkSingularity]

Any time! I'd suggest anyone who said fk it to applecare 10 years ago to reconsider it now. It's not always the best, but it's WORLDS better than what was being sold in the A1286 days. A completely different product now.

You can actually add it after the original 60 day window now too. You have to bring it into the Apple Store and have them do diagnostics first (they want to make sure that there isn't something pre-existing wrong with it if you add AppleCare after the typical purchase window), but I like that you can pay for it annually now.

I did this on my M1 MPB. Then (I kid you not, I'm literally not making this up) - as they were doing diagnostics, a shooting broke out in the mall and we had to evacuate. So they never actually finished the diagnostics, but I went back in the next day and was able to pay for it and get it added.

 

[Analog Kid]

I didn't raise the error 53 point, you did. You raised error 53 as an example of when people who don't understand how a system is put together criticize these things and make themselves look stupid without understanding the design of the system. I pointed out that you did not understand that this was not a security issue.

I didn't raise it, @ArkSingularity did. The point, back then, was whether Error 53 was a notorious effort to prevent repair, or an attempt to lock down the chain of trust in the hardware. The fact that people interpret that check as an attack on repair shops is misguided. I think they and I are at least closer to a common understanding with each other on that point.

They, as do you, still seem to take this all as maligning independent repair shops. I don't see any evidence of it. You said there was a comment by Apple blaming the repair shops, but I haven't seen that and you don't link to it.

You linked to Apple's statement prior to engineers coming out with the information that ark linked you to.

In my initial response to you I quote both the original response from Apple and their announcement that they'd patched the problem.

Here was Apple's statement:

We protect fingerprint data using a secure enclave, which is uniquely paired to the touch ID sensor. When iPhone is serviced by an authorised Apple service provider or Apple retail store for changes that affect the touch ID sensor, the pairing is re-validated. This check ensures the device and the iOS features related to touch ID remain secure. Without this unique pairing, a malicious touch ID sensor could be substituted, thereby gaining access to the secure enclave. When iOS detects that the pairing fails, touch ID, including Apple Pay, is disabled so the device remains secure.​

If repair shops sought proper authorization from Apple, or referred security critical repairs to a repair shop suited to handling them, this wouldn't have been a problem, but since some were scavenging buttons from iPhone corpses and installing them it became one. Apple later updated their firmware to support the customers who prefer shops such as yours:

Some customers’ devices are showing ‘Connect to iTunes’ after attempting an iOS update or a restore from iTunes on a Mac or PC. This reports as an Error 53 in iTunes and appears when a device fails a security test. This test was designed to check whether Touch ID works properly before the device leaves the factory.​

​

Today, Apple released a software update that allows customers who have encountered this error message to successfully restore their device using iTunes on a Mac or PC.​

​

We apologize for any inconvenience, this was designed to be a factory test and was not intended to affect customers. Customers who paid for an out-of-warranty replacement of their device based on this issue should contact AppleCare about a reimbursement.​

It is clearly referred to as a security test meant to test the proper functioning of an authorized button when installed by Apple.

I don't read any of that as maligning repair shops.

It is not that the new software update caused the phone to be a brick because apple pushed error 53 to it as an update in a new version of iOS. Rather, it was the act of installing ANY software update at all that resulted in error 53. It was not the new firmware that was telling the phone to error 53 because the new firmware contained something the old firmware did not. It was the very firmware the device shipped with that would cause the device to error 53 if the home button wasn't the original upon an update to any iOS version, whether weeks after the device came out or years later.

These phones shipped to the customer with software that would cause the device to break itself with error 53 anytime a home button was changed outside of apple and it was updated, whether the first update or an update years down the line. error 53 WASN'T functionality that was added with an update and then removed with a newer update. The devices shipped with the original stock firmware programmed to act in this manner upon an update.

That's not security. You don't wait until the device is updated to disable yourself if a hacked part is detected, you do it immediately.

They patched the issue by getting rid of error 53 entirely and apologizing for it, not by adding error 53 into the equation later. Error 53 wasn't added via an update, it was initialized when you updated.

how can it even be argued this is for security when it was removed entirely?

We're clearly talking past each other here because the error message isn't a feature, the hardware check was the security feature. I think I've been pretty clear that I don't believe it was meant to lead to the problems it caused.

Checking the serialized part and ensuring it was properly installed was for security. That was the point of my disagreement. Nobody is saying the way it played out was as planned or that bricking phones in the field was some sort of security feature.

I think you're so busy trying to tell me I'm stupid that you're not actually following the conversation:

Here's the way I look at it: For decades, repairability was serviceability was the norm. That has steadily decreased across the industry largely because technology has become more compact and more advanced (which innately decreases the ease of repair). This is understandable, but Apple has made some, at times, fairly arbitrary decisions that have further restricted this much more than other manufacturers across the industry. The push towards serializing components, designing things in such a way that even those with the special tools required can't repair them (e.g. the storage chips), among many other things are all examples of this. Error 53 on the iPhone is an especially notorious case of this, but this is far from the only example.

I read this, correctly or not, as Error 53 is a notorious case of arbitrarily serialized components restricting repair.

Error 53 is an interesting example. Touch ID. Apple has gone through tremendous lengths to preserve user privacy and security in their biometrics and elsewhere, yet one obvious vulnerability is the sensor itself. Remember, Huawei has been essentially banned from selling equipment in the US because of concerns they would backdoor hardware, so this isn't purely hypothetical. Serializing the TouchID sensor and implementing tamper detection is an obvious step to take.

Based on everything you're saying, I don't think you or they disagree with me on this point. It was not an arbitrary serialization-- checking that pairing was an attempt to close a vulnerability.

That's where you came in

I find it sad that the person who said I am not worth listening to because I lack engineering knowledge is the person who put error 53 in the same sentence as the word security and discussed it for three paragraphs.

I have no idea what you're talking about with "it's not security to wait 6 months and then brick a phone"-- that wasn't the conversation. The conversation was whether serializing those parts was a way to ensure security of TouchID.

Of course rereading my response I realize I neither put error 53 in the same sentence as security nor did I go on for 3 paragraphs about it so maybe you weren't referring to me. Hard to know.

 

[Jay Tee]

I did this on my M1 MPB. Then (I kid you not, I'm literally not making this up) - as they were doing diagnostics, a shooting broke out in the mall and we had to evacuate. So they never actually finished the diagnostics, but I went back in the next day and was able to pay for it and get it added.

LOL. First world problems eh...or is it ?! Sometimes, you gotta wonder.

 

[stiliyan]

The software equivalent would be if the fingerprint data were stored in plain text a company realized they could just copy it from one phone to another when a customer changes devices-- it should be a clue that while it might be a convenience now it's a gap in security that will probably be closed someday.

That is plain stupid аrgument and if that is the way Touch ID is/was working even remotely close, then the fault should be clearly in Apple.
Moreover, as explained it is far easier for someone to get access to an iPhone via any of the tens or hundreds software security flaws that are found each year, then to steal the actual phone, swap or attach a compromised touch ID button and then login.

 

[xpusostomos]

Unless I'm missing something, it would be easy for Apple, upon you logging into the device, to recognise a new piece of hardware, and sync any security keys with that new device to make sure it's secure. That way the new hardware doesn't work until you've supplied your credentials, but once you have, it automatically sets itself up to work. This is hardly beyond the ingenuity of Apple. Since nothing happens until the secure enclave is unlocked, the security should be perfect. That Apple didn't do it, means they are nefarious and selfish in their motives.

 

[iJest]

Yes, but that doesn't remove the fact that there may be data on the drive that you need access which may not be backed up. I get cloud based backups, but I'm talking about average consumers. Do you really think a twenty-something year old working all night on his thesis, and the logic board craps out will have a backup?

I get the value of the backup, but its a sad move to justify an anti-consumer move and support apple (and others) who seem to want to make these these disposable products

There's many advantages to the consumer in having replaceable components, but there are so many people here that feel such discussion is an attack against apple and they defend apple to the bitter end. I don't mean just this thread, but in general when these topic arise. I was hesitant to post a counter view simply because there would be members making excuses and justifying apple's move.

The average consumer should also be backing up. Drive failures aren't a Mac thing. They're an every-computer-that's-ever-been-created thing.