Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
If you purchase Apple Care, the whole replacement is free. It will pay for itself....

It's not free. It's essentially a prepaid repair for mechanical/technical failures. For AC to pay for itself you'd need to have two separate mechanical failures a year or longer after purchase -- kinda rare based on my 5 iPhone history.

For accidental or user caused damage there is a $79/99 per incident copay depending on which phone you have. So if your phone never fails (mine never has) then it doesn't pay for itself. I have broken the screen on my 6. I was charged $99 for a new one -- fixed in-store in about an hour, so I saved the $79 free AC would have cost me. If I have a tech failure then I have my AXEX warranty extension to take care of me.

Extended warranties are rarely a good purchase and usually only an emotional one. AC is no different.
 
  • Like
Reactions: lordofthereef
Good write up however I have yet to see how this would in actuality work. Nothing from Apple either. If the "chain" is needed for security why c an't Apple just come out and say it.
And my single biggest issue: what gives Apple the right to permanently brick my device remotely?




I am in the same space. Have yet to see anything that gives technical or factual credence to a security issue. Instead we are currently left with vaguely worded official responses and a whole lot of online supposition.
Facts.
Isn't that what's essentially referenced in the quote from an Apple spokesperson that is included in the article?
 
What is this mental disorder kiddies today seem to have where anything a little dated is obsolete? What makes you think the age of the law has anything to do with its relevance?

Don't screw your customer. Don't destroy their product because they do something with it you don't like. There's nothing new or trendy about that.

And for the record, I wasn't even born in 1971, but all these little kiddies these days saying it's old, it's junk just make them sound like the stupid children they are. Same goes for the ones saying they should replace the 3.5mm audio pin just because it dates to the 70's.

The Magna Carta is 801 years old from before the US even existed. It's really time to throw away those horrible antiquated legal concepts. Public jury trials are so 800 years ago, we should modernize and let government agents try people in secret just because that law is so old.

You're kind of going a little too far in the other direction though. Some laws especially regarding tech are definitely a little outdated and could use some amending.
 
Apple pulls it and people defend them, although there is no proof. People are already making up scenarios that don't exist from a meaningless apple PR statement. For some people is like big brother, and people follow them blindly.

Until we know exactly what happened all scenarios are made up, including your own. Welcome to the internet.
 
Good write up however I have yet to see how this would in actuality work. Nothing from Apple either. If the "chain" is needed for security why c an't Apple just come out and say it.
And my single biggest issue: what gives Apple the right to permanently brick my device remotely?




I am in the same space. Have yet to see anything that gives technical or factual credence to a security issue. Instead we are currently left with vaguely worded official responses and a whole lot of online supposition.
Facts.

Agreed.

Apple could do a lot here by specifically acknowledging whatever their particular concern is with some less vague details supporting them. Though they might feel like that could jeopardize their reputation as having robust security, it would be great for them to sacrifice a little bit of that for reassuring customers that they actually have their customer's security in mind. Again, they are victims of their own secrecy- in this case potentially costing them a share of the public trust.

Until we know the magnitude of the potential threat it's impossible to dismiss the notion that Apple overreacted here, even though I personally favor locking the whole thing down in case of a breach.
 
  • Like
Reactions: dk001
All Apple has to do is confirm, technically as of right now, the threat exists, and a device has been compromised in this manner, hence the bricking. They have not done so. Until they do so, its about as credible as our government taking away our civil rights cause there "might" be a threat of terrorism, and they require access to our data to prevent it.

I am all for security for a reason, a solid reason. This update that suddenly bricks a phone without clear communication is amateur hour, especially if I own the device!

Apple is testing the waters here, they have been very careful in their wording.

I am not of the current generation of mac users where the device is glued, I am from a generation where tinkering, upgrading and getting the most of your device was encouraged, the early generation of mac users. If Apple is telling me that they can brick any of my devices in the future......cause it has non apple parts, that is every mac I own pre 2012, , including ipods, where I have changes the battery/hd.

Heck, they can turn around to all of us and say that the RAM, and HDDs we replaced could have been modified to steal our data.....and the device will not function until official parts are put back in.

What I find funny is that had Microsoft or Google pulled this stunt, these forums would be on FIRE, saying how could they etc. Apple pulls it and people defend them, although there is no proof. People are already making up scenarios that don't exist from a meaningless apple PR statement. For some people is like big brother, and people follow them blindly.

I wait for some evidence. Any piece of evidence that backs up Apple's action. None has been presented so far.

Microsoft has and still does, and will even at times link it to your user name/account so you lose all your data and digital content.

http://www.cinemablend.com/games/Banned-Xbox-Live-Accounts-Lose-Access-All-Xbox-One-Games-56755.html

Google has already taken and sold your info a thousand times over. No need for them to protect it, as it is already been sold. :p



Funny everyone wants apple to prove, what they already state is a possibility. Use the wrong part there may be issues. If the issues arise from an apple repairer then bring in the phone and they will take care of you. If the issue arises because you or an unauthorized repair/part, bring it to Apple and the will let you know the out of warranty cost to repair/replace.

If you come from the generation of tinkering (as I do as well) then you should know that updating an OS with third party hardware could cause issues, even 'bricking' and no crying back to the manufacture. It is a risk you take/took. Same with this, take the risk if you choose but understand you void all support.

If you think you are smart to choose someone outside of the Apple umbrella to 'fix' your device, or do it yourself, then be smart enough to know not to update the OS if it is working good enough. And be smart enough to know you agreed to the terms Apple laid out regarding the device, regardless if you choose to read the agreement or not.
 
  • Like
Reactions: St.John Smith
Isn't that what's essentially referenced in the quote from an Apple spokesperson that is included in the article?

Went back and reread it. Tells us? Kind of. Couched wording that gives the impression however doesn't come out and say it. reads more like a very carefully legally worded response.
If Apple came out and said that for all critical parts in your device a check is done to ensure that the correct parts are used. In the event this is found to be incorrect, you will get an error 53 on your device. Then you ... and follow their Error 53 steps.
Surprisingly, including the Error 53 handling, nowhere does Apple come out and say that this will in fact brick your device.
Tired of the grey. Can't we get a black/white answer for once?
 
So, according to this logic, if you take your new Lexus to a non-dealership repair shop and they put non-factory aftermarket replacement parts on your car, Lexus is liable when something goes wrong?


no, it means that Lexus would have the ability to make your entire car unusable just cuz
 
no, it means that Lexus would have the ability to make your entire car unusable just cuz


I think for your own sanity it is best not to reply to these ridiculous car analogies......of which I have yet to see one that bears any resemblance to the situation here

There are some analogous cases but they are all theoretical although they show the silliness of it all

I suggested one in which Microsoft decided that because XP no longer has any security updates that anyone who continues using it is at risk of being hacked. In a preventative measure they issued one last update that burnt out the computer CPU and erased the hard drive in order to ensure no hacker could exploit the situation

Imagine if that happened and the responses on here!
 
  • Like
Reactions: St.John Smith
Until we know exactly what happened all scenarios are made up, including your own. Welcome to the internet.

I just want proof. Dont care about the money angle, I want to know the iphone is secure, even with a 3rd party sensor
 
I just want proof. Dont care about the money angle, I want to know the iphone is secure, even with a 3rd party sensor

It'll never be fully secure as long as it has that fingerprint sensor, since it can easily be fooled with a fake finger.

That's why it's a bit misleading to use security as an excuse in this case. An artificial fingerprint attempt... which requires no custom hardware or opening the device... seems far more likely than having your sensor replaced with a part somehow customized for evil intents :)
 
Last edited:
It'll never be fully secure as long as it has that fingerprint sensor, since it can easily be fooled with a fake finger.

That's why it's so bogus to use security as an excuse in this case. A fake finger attack seems far more likely than having your sensor replaced with a unit customized for evil intents :)

True, the scanner can and has been bypassed with a copy of the finger print
 
Except it's not "just cuz".

Yep.

For the car analogists: please go and try switching out the ignition on any modern car without getting the immobilizer and boards on the ignition itself programmed (at significant cost) by the dealer, we will wait while you do. Spoiler: your car will be a $20-$100K brick on wheels. This also goes for the car's CPU, ABS computer, and many of the electronic drivetrain components (ie- traction control computers)- and that's with official first party parts! This is true for nearly every vehicle made by every major car manufacturer for at least the last 10 or so years.

This continues to be a terrible analogy for many reasons, not the least of which is that it directly contradicts the point the people bringing it up are are trying to make.
 
Yep.

For the car analogists: please go and try switching out the ignition on any modern car without getting the immobilizer and boards on the ignition itself programmed (at significant cost) by the dealer, we will wait while you do. Spoiler: your car will be a $20-$100K brick on wheels. This also goes for the car's CPU, ABS computer, and many of the electronic drivetrain components (ie- traction control computers)- and that's with official first party parts! This is true for nearly every vehicle made by every major car manufacturer for at least the last 10 or so years.

This continues to be a terrible analogy for many reasons, not the least of which is that it directly contradicts the point the people bringing it up are are trying to make.


here's the problem, people did switch out the ignition with a third party, and their car worked just fine until they were foolish enough to let the manufacturer brick it without being given a heads up

we can agree, i think, to let the courts decide
 
Hey Ford!! I took the ignition out of my Explorer and replaced it with one from Bob's Cheap Ignitions down the street, and now my car won't start! You bastards did this on purpose! I'm lawyering up!

Would be the same if the Ford SUV had started and worked fine with the replaced third party ignition but then didn't one day because of some patch Ford issued to protect your security / privacy as a customer.
 
Security issues aside, my hypothesis for the Error 53 is it allows Apple to save service time by simply offering to replace the phone for $299 as opposed to changing the customer's screen, putting the broken screen back on, and then telling them there's no way to fix the Touch ID issue. It saves each Apple store a few hours a week in repair/service time. With the $299.99 cost of replacement, Apple still nets close to $100 in profit where as they only get about $50 on the screen repair, so there's no negative balance due to loss for labor costs.

They have a programming machine that pairs a new Touch ID to the logic board for screen repairs that show no signs of past after-market replacements. I don't know why they don't just apply this fix regardless of "tampering"(maybe there's little value in after-market LCDs). Maybe the Error 53 message facilitates this replacement process.
 
Last edited:
here's the problem, people did switch out the ignition with a third party, and their car worked just fine until they were foolish enough to let the manufacturer brick it without being given a heads up

we can agree, i think, to let the courts decide

The person to give the "heads up", would be the imbeciles who replaced it and knew about it (known since IOS 8.3) but took the client's money anyway... But, hey, Apple has more money so lets go after it instead....


If so called "authorized" (sic) places didn't use the proper parts and the proper procedures (both needed), then THEY should be sued, not Apple.
 
The person to give the "heads up", would be the imbeciles who replaced it and knew about it (known since IOS 8.3) but took the client's money anyway... But, hey, Apple has more money so lets go after it instead....


If so called "authorized" (sic) places didn't use the proper parts and the proper procedures (both needed), then THEY should be sued, not Apple.

The phones that were bricked worked fine until they tried to update. Quick refresher- the daily reminder to update your iOS does not have the option for "quit reminding me", so you get the message every day until you relent.

Here's a thought- "Apple has determined that your hardware is not compliant with the latest software update and may render your device completely useless, click accept to proceed or cancel to exit"

or how bout an option to restore from last backup…

Apple broke the device, they didn't need to. I applaud the efforts being taken to bring a class action on this.
 
The phones that were bricked worked fine until they tried to update. Quick refresher- the daily reminder to update your iOS does not have the option for "quit reminding me", so you get the message every day until you relent.

Here's a thought- "Apple has determined that your hardware is not compliant with the latest software update and may render your device completely useless, click accept to proceed or cancel to exit"

or how bout an option to restore from last backup…

Apple broke the device, they didn't need to. I applaud the efforts being taken to bring a class action on this.
As I recall, that type of reminder alert comes up only if/once the update was downloaded onto the device and was waiting to be installed, and that downloaded update can be deleted which should stop the reminders.
 
  • Like
Reactions: jkaz
So you are saying that my bank, and all third party apps, allow me to log in with only my phone's four digit password? Mastercard, Visa etc. allow this too? I find that hard to believe. My bank doesn't / shouldn't know my phones passcode. Even if it did, it wouldn't match my bank password.

I'm guessing that the Touch ID either returns a "go" or "no go" to the app that queries the Touch ID information. "Yes, this is Joe Mama, it's okay to let him proceed."

Any developers care to comment on this?

Yes, in the case of third-party apps it just says "authenticated" or "not authenticated". You don't need to use a fingerprint, though - you can use your passcode instead (sometimes the sensor is unreliable, for example). The API hides a lot of the implementation details, so most developers won't know how it really works, but Apple document it in their iOS Security Guide (PDF).

When you boot your iPhone up, the filesystem is encrypted. It's just full of meaningless junk; you can't use the phone. Once you enter your passcode for the first time, the system reads the filesystem key (which itself is stored encrypted by your passcode), and tries to decrypt it. If your passcode is correct, it will end up with the correct filesystem key, and it can unlock your iPhone's hard drive and read useful data from it. This filesystem key is called "NSFileProtectionComplete".

Page 12 said:
(NSFileProtectionComplete): The class key is protected with a key derived from the user passcode and the device UID.
Page 15 said:
... when a passcode is entered, the NSFileProtectionComplete key is loaded from the system keybag and unwrapped.

This filesystem key is then held in the Secure Enclave so the iPhone can read/write data from your hard drive. We haven't used TouchID or fingerprints so far, just a passcode - remember this is the first-boot scenario. So what happens to that all-important filesystem key when you lock the phone?

Page 9 said:
If Touch ID is turned off, when a device locks, the keys for Data Protection class Complete, which are held in the Secure Enclave, are discarded. The files and keychain items in that class are inaccessible until the user unlocks the device by entering his or her passcode.

With Touch ID turned on, the keys are not discarded when the device locks; instead, they’re wrapped with a key that is given to the Touch ID subsystem inside the Secure Enclave. When a user attempts to unlock the device, if Touch ID recognizes the user’s fingerprint, it provides the key for unwrapping the Data Protection keys, and the device is unlocked.

So basically if you have TouchID disabled (passcode only), this key gets thrown away and you need to enter the passcode again next time you unlock. It's the same process as you go through on first-boot. TouchID is completely optional - it just holds on to the key which you already obtained via your passcode for a while (48 hours if the device stays on).

Okay, so that's unlocking the phone. What about other stuff like iTunes Store purchases?

Page 8 said:
Touch ID can also be configured to approve purchases from the iTunes Store, the
App Store, and the iBooks Store, so users don’t have to enter an Apple ID password. When they choose to authorize a purchase, authentication tokens are exchanged between the device and the store. The token and cryptographic nonce are held in the Secure Enclave. The nonce is signed with a Secure Enclave key shared by all devices and the iTunes Store.

So when you enter your iTunes Store password the first time after a reboot, your device gets a temporary token to use for purchases, stores it in the Secure Enclave, and guards it behind TouchID. It's totally optional; it's just a shortcut for entering your password.

The same applies to Apple Pay:

Page 34 said:
The Secure Element will only allow a payment to be made after it receives authorization from the Secure Enclave, confirming the user has authenticated with Touch ID or the device passcode. Touch ID is the default method if available but the passcode can be used at any time instead of Touch ID. A passcode is automatically offered after three unsuccessful attempts to match a fingerprint and after five unsuccessful attempts, the passcode is required. A passcode is also required when Touch ID is not configured or not enabled for Apple Pay.

That's a theme throughout the whole document. It's one of the very first things they mention about TouchID:

Page 7 said:
When Touch ID scans and recognizes an enrolled fingerprint, the device unlocks without asking for the device passcode. The passcode can always be used instead of Touch ID

So yeah, it is totally technically possible to rip the TouchID sensor out of your phone and still be able to unlock it (assuming you have the passcode). TouchID is not essential for any single feature of the device; it is only ever a shortcut for entering the passwords you have already recently entered in to the phone.

Law firms? I just did all of your investigation work for you. Feel free to cut me a cheque.
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.