Security Concerns + AppleCare Support (All Devices)

Discussion in 'iPhone' started by Black Magic, Oct 19, 2015.

  1. Black Magic macrumors 68000

    Black Magic

    Joined:
    Sep 30, 2012
    #1
    I've been thinking about this for some time and was curious about what others thought about some of the practices of the Geniuses at the Apple Stores during support cases. Basically, if you bring in a defective device like an iPhone, many times they ask for you to unlock it then they take it to the back for review. This could be something as simple as dust in the camera lens.

    On the Mac side, they want your password for your Apple ID tied to your account. They will also document said password into their systems. Does this not alarm anyone?

    When you see events like the "Frappening", kinda makes you wonder. Your thoughts?
     
  2. I7guy macrumors G5

    Joined:
    Nov 30, 2013
    Location:
    What Exit?/Saguaro Country
    #2
    How are they going to run diagnostics on a locked phone?
     
  3. mbaran macrumors regular

    Joined:
    Jun 10, 2008
    #3
    This is not always true. I took my my late-2013 rMBP for battery service.

    They did not take my account password (nor would I have given it to them). They returned the device with all data intact and a replaced battery.
     
  4. iNinja08 macrumors regular

    iNinja08

    Joined:
    Sep 21, 2015
    #4
    It's not just apple, it's any computer/tech repair outfit. Nothing will prevent shady employees from being shady. There is some level of control a company can offer but there will always be a risk if your peepee is on your phone or computer, it could end up in the wild.
     
  5. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #5
    I have only used Apple's service 2 times so far (one time for a Mac and one for a phone), but in both cases I have not been asked for passwords, or even to let them take an unlocked device to the back. And I see absolutely no justification for giving them your Apple ID password and doubt very much that this is company policy at Apple. Just don't do it. For things like testing the camera after removing dust they can bring it back to the front.
     
  6. metsjetsfan macrumors 65816

    Joined:
    Feb 2, 2011
    #6
    I beleive the main reason for unlocking the phone is to prove that the phone is actually yours. Otherwise people can bring in stolen or bought stolen devices.

    Dont know about the macbook thing tho
     
  7. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #7
    If that was the case you could just lock it again before they take it out of your sight.
     
  8. doboy macrumors 68000

    Joined:
    Jul 6, 2007
    #8
    Other option is you can encrypted backup your phone to your computer and wipe it before taking it in for service. It's a pain, but if you need to have your phone serviced...
     
  9. melman101 macrumors 68030

    Joined:
    Sep 3, 2009
    #9
    I had to change my password as soon as I got my computer back.
     
  10. Black Magic thread starter macrumors 68000

    Black Magic

    Joined:
    Sep 30, 2012
    #10
    I would expect them to do it right in front of me like they done before or you can do it via web where they send you a text message.
     
  11. Black Magic thread starter macrumors 68000

    Black Magic

    Joined:
    Sep 30, 2012
    #11
    Keyword is battery. If you had a memory issue with constant lockups, that would have been another story.
     
  12. yg17 macrumors G5

    yg17

    Joined:
    Aug 1, 2004
    Location:
    St. Louis, MO
    #12
    Change your PIN or password before you give it to them, change it back when they're done with the repair. Simple solution to the problem
     
  13. leesweet macrumors demi-god

    leesweet

    Joined:
    Feb 1, 2009
    Location:
    Northern Virginia, USA
    #13
    Definitely. I would never give them a password and with the password I have in 1Password, I couldn't. Unlock it and do something for them, sure. People need to get in the frame of mind that these aren't 'phones' any longer, with all the health and other personal data on here.

    As was said, if they really need it unlocked and open, be sure to back it up first and then wipe it. But as I've said elsewhere, that would be a lot easier if there was a product that did a complete byte-by-byte backup of your phone you could lay right back down on it when you got it or a replacement back.
     
  14. Black Magic thread starter macrumors 68000

    Black Magic

    Joined:
    Sep 30, 2012
    #14
    You haven't thought this through. You unlock it then they take your phone. All the data they will have access too like pictures and such. The safest bet is probably erasing your phone.

    On the mac side, having a second hard drive you can pop in that's erased with a support account is doable on devices that alow you to change out that component. otherwise you need to erase that too and have a good backup. Those devices they ship off to a vendor for repair.
     
  15. CNeufeld macrumors 6502a

    Joined:
    Nov 25, 2009
    Location:
    Edmonton, AB
    #15
    While I understand the concerns about other personal data (pictures of my junk, banking info, etc), what's the concern about your "health" data? How is the number of steps I walked or flights of stairs I climbed a risk to me? Or even my heart rate as I take a poop?

    Just asking, because I've noticed a number of people commenting on the health data and Apple's decision to make that part of the encrypted only backup.

    C
     
  16. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #16
    On a Mac, simply make sure that your HDD is encrypted using Filevault so they can't access your files. If the repair shop needs to run diagnostics with the running computer, they can boot a recovery environment from a USB drive (if you have a firmware password set, you should clear it before handing in the computer, so they can select the boot device on startup).
     
  17. bradl macrumors 68040

    bradl

    Joined:
    Jun 16, 2008
    #17
    This still won't help you.

    Case in point: Option-S when starting your Mac. They boot to another disk, mount your drive (as if it were external), and boom! Access to your data.

    This is where FileVault 2 comes in, where your entire drive is encrypted, and can not be unlocked or accessed, even when starting your Mac with another drive acting as the boot device.

    this is the same issue that anyone would have, regardless of taking it to the Genius Bar, Applecare+ support, stolen, or otherwise. Changing your password won't matter if your data lies in an unencrypted state on your drive.

    BL.
     
  18. Subwaymac macrumors regular

    Subwaymac

    Joined:
    Apr 1, 2009
    Location:
    Illinois
    #18
    99% of people don't have anything of value or information worth taking.

    Maybe Hillary could blame her email scandal on an Apple Store employee?
     
  19. metsjetsfan macrumors 65816

    Joined:
    Feb 2, 2011
    #19
    ? If you unlock it then its your device what does it matter if you relock it. Yes there are ways around it.
     
  20. mbaran macrumors regular

    Joined:
    Jun 10, 2008
    #20
    Wouldn't they use bootable diagnostics? Part of diagnosing a true hardware error is to ensure it's not caused by user install software.

    I'm not denying what they may do, but they're not getting my password. I would rather wipe it first and bring it empty.
     
  21. metsjetsfan macrumors 65816

    Joined:
    Feb 2, 2011
    #21
    I beleive you can. Just ask. You just need to turn off find my iphone bc of something tondo with activation lock if they mess ur your phone while fixing it.
     
  22. leesweet macrumors demi-god

    leesweet

    Joined:
    Feb 1, 2009
    Location:
    Northern Virginia, USA
    #22
    If it was wiped while it was locked and Find My iPhone was on, it would probably be toast. That's the point of the app, no? :)
     
  23. leesweet macrumors demi-god

    leesweet

    Joined:
    Feb 1, 2009
    Location:
    Northern Virginia, USA
    #23
    Beyond the health data, per se, in the health section is birth date and other info that is PII data which could be easily lead to identity theft. As for any personal data, you want to keep it as secure as possible.
     
  24. Eileen89 macrumors 65816

    Joined:
    Aug 12, 2014
    #24
    Why do they take it to another room? When my daughters iPhone 5S was having a battery issue last month, the Apple employee ran the diagnostics at the desk right in front of us. He never took her 5S in another room.
     
  25. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #25
    If people start using Healthkit to its full extent, there could potentially be a lot more in there, such as medical test results, reproductive health data, as well as your medical ID containing medical conditions etc. Just check out the Health app.

    Besides that, an unlocked device may also give access to your private and/or job emails, messages, contacts, call history, location history etc. I think people often underestimate how much potentially sensitive information they have on their devices.

    I would never let a stranger take my phone out of my sight while unlocked. When giving it away for longer you'd preferably even shut it down, since that discards the encryption keys for the data protection. In this state it's very difficult to access the stored information , provided you have a reasonably secure passcode (that's why the FBI complained about Apple's device encryption).
     

Share This Page