> Previously.

No. This is actually A Good Thing, as there's no way for Apple to know whether someone is messing with the fingerprint sensor to gain access.
posted by slater at 10:31 PM on February 5, 2016 [15 favorites]

It'll be interesting to see how many people who get burned by this software feature choose to jump ship and go with an android (or Windows Phone haha) rather than risk putting a replacement phone at risk of being bricked by what seems like a pretty lame MDM-like functionality.

I can almost understand the desire to make sure that the ID features of the home button are always secure but it seems like at the end of the day there should always be some sort of software key held in escrow so that an Apple tech can unlock the phone even if the warranty has been rendered void.
posted by vuron at 10:35 PM on February 5, 2016 [5 favorites]

Well one answer would be to say "okay we don't trust this fingerprint module, so we'll completely disable fingerprint functionality, and you can log in with your password like people with older iPhones"
posted by aubilenon at 10:37 PM on February 5, 2016 [121 favorites]

Looks like people with damaged fingerprint sensor (even those who have not had it fixed third party) are now finding the entire phone bricked. This is not a good thing at all.
posted by asra at 10:39 PM on February 5, 2016 [11 favorites]

I love how the article repeatedly throws its hands up in the air crying "No one knows what's going on!" then follows up with an official statement from Apple. Which it prefaces with "this is techno-mumbo-jumbo that we didn't understand".
posted by meowzilla at 10:39 PM on February 5, 2016 [38 favorites]

Ultimately this is a security feature so I can understand that a fail closed model for security features would be optimal but even then the idea that a security feature would result in an unrecoverable state is remarkably bad from a design perspective (Iphones get damaged too easily) and a nightmare from a public relations perspective.
posted by vuron at 10:42 PM on February 5, 2016 [11 favorites]

No. This is actually A Good Thing, as there's no way for Apple to know whether someone is messing with the fingerprint sensor to gain access.

Sure, this is why it was widely publicized beforehand, and everybody knows you don't mess with the home button because it's cryptographically paired to the device.

There's a way to do this kind of thing right: provide the information up front, inform third parties and users that they are Not Supposed To Do This, and ideally have some certification program that will allow them to get access to the magic key for replacing the fingerprint sensor. Or you can just cry "But Security!", burn a few customers and make sure users in he future think twice before getting their own hardware fixed by a third party.
posted by Dr Dracator at 10:47 PM on February 5, 2016 [15 favorites]

When phones were just phones, it was nbd if someone broke into it as the amount of damage they could do was relatively small, more annoyance than danger.

Now that phones, both Apple and Android are credit cards as well, it's a lot more important that third-party hackers, and especially those with access to the validation hardware, get locked out. It's a bind that I don't see a good answer for. Other than leaving the fingerprint reader and what not off the phone.
posted by bonehead at 10:48 PM on February 5, 2016 [5 favorites]

One way to look at this, apparently, is that Apple is unremittingly, unquestionably evil. Another way to look at it is that Apple uses hardware to secure the phones, and letting unvalidated third-parties swap out that hardware breaks the security features of the phone.

Apple's CEO has been pretty strident about protecting user privacy, even under significant pressure from very powerful governments, so I'm surprised to see a publication like the Grauniad take the lazy Apple-is-evil tone, when it once used to publish Snowden's exposés.
posted by a lungful of dragon at 10:51 PM on February 5, 2016 [41 favorites]

"If a customer encounters an unrecoverable error 53, we recommend contacting Apple support."

Does that mean the handset is not actually permanently disabled? There doesn't seem to be any good reason for permanently disabling the phone, if the customer can get it to an Apple-approved technician and prove their identity, why not reactivate it?
posted by L.P. Hatecraft at 10:55 PM on February 5, 2016 [3 favorites]

I can almost understand the desire to make sure that the ID features of the home button are always secure but it seems like at the end of the day there should always be some sort of software key held in escrow so that an Apple tech can unlock the phone even if the warranty has been rendered void.

A big part of Apple’s focus on security is that they don’t want any back doors. No key escrow means that no government can force them to unlock a phone. It does seem like a huge oversight that the six-digit passcode doesn’t work in this situation.

But, if they did allow access via passcode is it possible that some maliciously-altered touch id hardware could exploit a phone that had gotten past the passcode screen? Even if the answer is “no way currently known” this still plugs a potential hardware attack.
posted by D.C. at 10:56 PM on February 5, 2016 [7 favorites]

This isn't the right way to protect users:

He says he thought no more about it, until he was sent the standard notification by Apple inviting him to install the latest software. He accepted the upgrade, but within seconds the phone was displaying “error 53” and was, in effect, dead.
posted by bleep at 10:58 PM on February 5, 2016 [6 favorites]

If my phone is broken in this way, would it help if I stood in a hamper and sang "Jerusalem"?
posted by fifteen schnitzengruben is my limit at 10:59 PM on February 5, 2016 [10 favorites]

I love how the article repeatedly throws its hands up in the air crying "No one knows what's going on!" then follows up with an official statement from Apple. Which it prefaces with "this is techno-mumbo-jumbo that we didn't understand".

My guess is the article was written and they weren't expecting a quote from Apple beyond 'no comment'.
posted by dumbland at 10:59 PM on February 5, 2016 [2 favorites]

After reading a bit more it sounds like sometimes the error can be corrected if you still have the original home button module by replacing the cable connecting the home button components to the processor. That would seem to suggest that this is a boot time hardware check to match some unique identifier on the home button cryptographic module with the processors internal security store.

It seems like Apple technicians at least have the ability to repair/replace damaged home button components presumably by reprogramming the ID bits on the new home button assembly to match the old ID so I suspect that in theory that could be reversed engineered to either bypass the security check or spoof the software into thinking that the original module was still in place.

Man still seems like a sketchy a hell design.
posted by vuron at 10:59 PM on February 5, 2016 [3 favorites]

The original Apple Mac, which you can see being dissected here, was made deliberately almost impossible to do any work on yourself.

I'm not sure why anyone is surprised.
posted by adept256 at 11:02 PM on February 5, 2016 [4 favorites]

It's rare to see one of these hand wringing issues of the Brand Wars® so common to the broader Internet here on MetaFilter.

(One of the many reasons why I keep coming back to MetaFilter.)
posted by fairmettle at 11:05 PM on February 5, 2016 [2 favorites]

Heh, Metafilter is general good about brandwars until Apple is involved and then we seem to get bad with just about any shade being thrown at Apple almost immediately being contested.
posted by vuron at 11:09 PM on February 5, 2016 [10 favorites]

Forget it Jake, it's Apple Town.
posted by idiopath at 11:12 PM on February 5, 2016 [45 favorites]

out of curiosity, a) is fingerprint whatever something the user can disable and ignore at purchase and b) if so, would having it in a deactivated as-new state obviate the issue?
posted by mwhybark at 11:18 PM on February 5, 2016 [1 favorite]

Apple Pay is now at a crucial stage in the campaign to get merchants to accept it.

I think the scorched-earth character of the error 53 protocol is meant to safeguard Apple Pay's reputation with retail outlets, not user privacy.
posted by jamjam at 11:24 PM on February 5, 2016 [16 favorites]

Ha ha ha ha Apple. I hope they get sued.

But there was probably a clause buried somewhere in the iOS 9 EULA that gives them the right to brick your phone if it's altered in any way. You still own it, I guess, but it's Apple's privilege to decide if they let you use it as a phone or a paperweight.
posted by Kevin Street at 11:32 PM on February 5, 2016 [2 favorites]

Stuck inside of Mobile with the Cupertino blues again.
posted by lometogo at 11:37 PM on February 5, 2016 [16 favorites]

People are critical of Apples openness of their security architecture? Have you read the iOS Security Guide? Can you point to another major manufacturer (let's say one tenth the size of Apple) that has a security document half as good?

Saying "well, Apple techs can fix it!" is probably wrong. Apple's floorspace is absurdly profitable, and the way they've set up iOS/iCloud means if you have problems with any iOS device, they literally just give you a new one in store and ship the broken off for parts. The last thing they're going to do is fix it in store, because you standing there not-buying something is costing them a lot.

If I had to guess the reason for this is based around rate limiting fingerprint attempts. Basically when your fingerprint get scanned it gets turned into an absurdly long number and sent somewhere (the secure enclave) for verification. Huge speculation: they don't want to do rate limiting at the secure enclave level. I can think of a few reasons for this: it's code complexity they don't want to introduce to their microkernel, it's resource limited, or potentially some other reasons (I'm not really familiar with L4).

This means if you don't want the FBI (or insert evil TLA here), you need to authenticate your "client". In this case your client is the fingerprint reader. If you don't do this, some enterprising hardware manufacturer builds a "fingerprint scanner" which just starts enumerating all fingerprints at an absurdly fast rate. This is not speculative either: people have built hardware to restart iPhones to bypass the delay on pin entries, for the sole purpose of brute forcing. Demo (CVE-2014-4451). I don't have a source on this, but I recall the FBI being specifically being interesting in spending money on this.

As for giving other shops the keys to rekey the hardware, I would really, really, really prefer that the keys for this sort of access are only in a company with more money than god and a recently antagonistic relationship with nearly every government. I mean, I would prefer the keys not exist at all, but if my options are Apple or Apple and any third party hardware repair with money...

Are people are Apple can actually re-key the hardware? To be honest I'd be surprised if they were actually repairing peoples phones and not just burning them for parts due to burned-in-hardware keys.

Anyways, with all the hubbub about crypto lately, who has access to what, etc this seems like a really good application of secure design and failing fast. The bootchain going "hey, I dont recognize this component thats directly wired to my secure enclave but #yolo lets take input from other parts of the system!" ... yeah.

...I shouldn't drink Gin and comment on Mefi...
posted by yeahwhatever at 11:43 PM on February 5, 2016 [63 favorites]

I love how Apple apparent trust a consumer-grade fingerprint scanner so much that there is absolutely no chance that any sort of passphrase could possibly be used in its stead if it's been replaced or whatever.
posted by Dysk at 11:47 PM on February 5, 2016 [3 favorites]

"If a customer encounters an unrecoverable error 53, we recommend contacting Apple support."
Does that mean the handset is not actually permanently disabled?

Oh, it'll still be bricked beyond recovery, but Apple just wants to give you that special kind of customer service and go that extra mile by informing you of your "Shit Outta Luck" status in person.

Non-snarky answer: No, and the most likely reason is that the device is now compromised, and in order to protect themselves from any liability from re-activating a device that somehow has bypassed their own security check through a exploit that is unknown to them. Their actions are reasonable given the current state of the device and the operating system.

However, their decisions that led to the creation of this current state are ridiculous. There were many things that could have been done to avoid this, but none of those things are in line with Apple's overall objectives. Over the last 8-10 years, they have methodically removed, blocked, or otherwise hindered the ability of the end user to have much say in how they use their devices, be it phone, tablet, or computer. You do the Apple Dance, or GTFO.

I was a dedicated Apple user from 1994 to about 2008 or so, using them for general home use and professional video and audio production, as well as in corporate business environments in small and large networks. After about 2008, I started to notice things that slowly soured my opinion of Apple - update after update, buggy features that were supposed to let them "play nice with others" were never really being addressed, the abandonment of their forays into the enterprise market, IT/admin features that were once easy to access were now made inaccessible, and overall support of third-party solutions seemed to be ignored by Apple, causing many of those developers to find other platforms to work on. Then a lot of the positive aspects of "walled garden" of iOS started to become more prison-like, and with that my love for Apple was long gone. The message from Apple was clear to me: "We're making boatloads of money now, we don't really give a rat's ass about what you want anymore." That's their choice, and it seems to be working for them. My choice was to avoid them anytime I could from then on out.
posted by chambers at 12:00 AM on February 6, 2016 [29 favorites]

Any photos or other data held on the handset is lost – and irretrievable.

Then Apple has made the choice to behave like a bloody virus. Come on, there is no excuse for this. I'm sure it's tricky, but surely Apple is getting paid enough to figure it out without just utterly fucking all these people over. Also, the point the article makes about the difficulty involved in accessing official repairs outside of a few major Apple Store-served markets seems to me to be essential. So people in most places on Earth can't get their iPhones fixed now? It's buy a new one, bubble wrap it and pray?
posted by two or three cars parked under the stars at 12:15 AM on February 6, 2016 [6 favorites]

Anyways, with all the hubbub about crypto lately, who has access to what, etc this seems like a really good application of secure design and failing fast. The bootchain going "hey, I dont recognize this component thats directly wired to my secure enclave but #yolo lets take input from other parts of the system!" ... yeah.

The weird part to me is that they silently roll this out in an OS upgrade, and it bites people who had their phone fixed months ago - i.e. have been using a "compromised" fingerprint scanner for months. If this is such a big security risk that bricking the device is an appropriate response, you would think they would have put it in at launch - after all, it's using hardware capabilities that were already there - and made a big deal about it. Something must have changed to make pissing off the customer worth it.
posted by Dr Dracator at 12:27 AM on February 6, 2016 [34 favorites]

and I'm surpised about this because...
posted by _Synesthesia_ at 12:38 AM on February 6, 2016

I have an HTC Desire Z that's six years old, has Android Jellybean installed on it (2014 software but still serviceable), and has had its entire housing replaced with a Chinese knockoff which is nonetheless pretty decent. I don't know that this makes me loyal in any way shape or form to HTC, but I'll tell you one thing - if replacing the housing had bricked the phone, even if I'd done the repair correctly? It would have made me determinedly disloyal to them.
posted by 1adam12 at 12:39 AM on February 6, 2016 [1 favorite]

I'm sorry, but when did "Warranty void if..." start to mean "We'll send some (virtual) goons over to destroy your property if..."? If the warranty is void, generally that just means they won't fix it for free. And since you already aren't going to them to fix it, why would they care?

This isn't a warranty issue. This is a protection racket issue.
posted by Sys Rq at 12:51 AM on February 6, 2016 [30 favorites]

Does that mean the handset is not actually permanently disabled?

No, and the most likely reason is that the device is now compromised, and in order to protect themselves from any liability from re-activating a device that somehow has bypassed their own security check through a exploit that is unknown to them. Their actions are reasonable given the current state of the device and the operating system.

I can understand this, because multinational corporations gonna multinational corporate, but I think customers are still reasonable to be angry about this. If these Apple-approved technicians are able to perform repairs on security-critical components like the fingerprint scanner, aren't they already verifying people's identities as part of that process and accepting the associated liability? Otherwise what's to stop someone taking a stolen phone to an approved technician to get the button/scanner replaced?
posted by L.P. Hatecraft at 12:52 AM on February 6, 2016

Y'all a bunch of nerds who like hacking your hardware or whatever and that's fine but for like the rest of us normal people, making sure the person who steals my phone and tries to circumvent security on it doesn't get to my photos and credit card numbers is a pretty great feature.

A thousand people are affected? Yes, worth it to serve the millions of others.

And yes, apple service was great every single time I had to see them. Like when they replaced my laptop battery, for free, out of warranty. Both times. Or when they replaced the camera in my phone. Also out of warranty, for free.
posted by danny the boy at 12:54 AM on February 6, 2016 [20 favorites]

Y'all a bunch of nerds who like hacking your hardware or whatever and that's fine but for like the rest of us normal people

Many of the people affected by this aren't nerds, they're just normal people who broke their phones and took them to be repaired at non-Apple service centers because an Apple-approved one wasn't available.
posted by L.P. Hatecraft at 1:01 AM on February 6, 2016 [44 favorites]

I hope someone creates a virus for iPhones which tricks the phone to think it was repaired by someone other than Apple, thereby bricking tens of thousands of people's phones indiscriminately.

If they did that, *then* Apple would actually be motivated to fix their damn OS.
posted by markkraft at 1:06 AM on February 6, 2016 [3 favorites]

Any photos or other data held on the handset is lost – and irretrievable.

Now that your phone is your credit card, surely that's the point. If your phone is stolen and villains are monkeying with the locks to get inside, don't you want all of your data unretrievable from the handset? Meanwhile you easily retrieve all of your data by restoring your replacement phone from your own authorized backup.
posted by fairmettle at 1:08 AM on February 6, 2016 [3 favorites]

That is a fantastic argument for your phone not being your credit card.
posted by Dysk at 1:12 AM on February 6, 2016 [104 favorites]

Also, you can cancel credit cards. If you lose your phone or have it stolen, why not just have the Apple Pay system irreparably shut down or deauthorize without bricking the entire phone?
posted by Dysk at 1:13 AM on February 6, 2016 [18 favorites]

The backup relies on uploading everything to iCloud. If you're in a place where mobile data is expensive and wifi is not ubiquitous (say, Malaysia) then it may be a while before you're able to sync up iCloud to your phone. Also getting a backup to your computer is tricky - you can't just drag & drop like a USB drive, you need iTunes and that dongle and etc etc so on and so forth.
posted by divabat at 1:14 AM on February 6, 2016 [10 favorites]

"If your phone is stolen and villains are monkeying with the locks to get inside, don't you want all of your data unretrievable from the handset?"

Shouldn't that be a choice that you can and should make yourself?
posted by markkraft at 1:15 AM on February 6, 2016 [3 favorites]

Shouldn't that be a choice that you can and should make yourself?

Individual choice? What nonsense. Our Unification of Thoughts is more powerful a weapon than any fleet or army on earth.
posted by effbot at 1:22 AM on February 6, 2016 [5 favorites]

Man, even if you think this is a reasonable security feature, you have to admit that they rolled it out in a completely terrible way. "Time for an update, and oh by the way you have to buy a new phone now." It's one thing for updates to suddenly make things sluggish or annoying, but it's not hard to imagine why people are upset that they have to spend $800 on a new phone.
posted by teponaztli at 1:22 AM on February 6, 2016 [10 favorites]

I've never understood this need to use a phone as a means of payment.
posted by urbanwhaleshark at 1:25 AM on February 6, 2016 [17 favorites]

Why the data would be lost: on iOS all* user data is encrypted. The key to this encryption is basically a combination of a user passcode/fingerprint + a hardware key. This is to basically force any attacks to decrypt the contents of a phone to be done on a phone itself -- you cannot extract the memory from a device and try to decrypt on another device. This means if your data is not mirrored elsewhere (i.e. iCloud, your computer) and the device is no longer usable the data on it will be unable to be decrypted by anyone, including Apple.

This obviously has some repercussions in this instance, and there are good reasons to not want to use iCloud, however it's not like it's malfeasance or poor engineering. Presuming you own a computer, you should still have backups there. Saying that there must be some way to get the data without the device cooperating is what lawmakers are currently asking for, and if so would make the devices not-subpoena-proof.

Also, I was wrong earlier. The secure enclave does in fact enforce timing restrictions on post A7 devices, which all fingerprint reading devices are. This means rate limiting probably isn't the reason. Nevertheless, the secure enclave stores fingerprints, credit cards, and the AES keys for the device. Not wanting random shit wired to makes perfect sense to me.

Finally, I'm a bit surprised people are assuming conspiracy here. Is the proposition that Apple is punishing people who get third party repairs done because they want the money? How big is the third party iPhone repair market? I'd find it far more believable that the cost to their support pipeline from dealing with aftermarket parts is a greater cost and motivator than the missed revenue.

Also, this is not something unique to Apple. Microsoft, Sony, and Nintendo all do exactly the same thing in their gaming consoles. Auto manufacturers as well.

*Some exceptions apply
posted by yeahwhatever at 1:27 AM on February 6, 2016 [13 favorites]

Even if the explanation makes sense, and even if Apple is doing this to protect the consumer, why not allow an Apple technician to disconnect the third-party reader and then have the user authenticate via PIN?

For goodness sake ... Don't tell me Apple hasn't thought of that.
posted by oheso at 1:28 AM on February 6, 2016 [4 favorites]

The risk of the FBI brute forcing their way into my phone is far less threatening to me than the prospect of having to pay $800 to buy a new phone because I had no way of knowing they were going to suddenly implement a policy of bricking my phone for third-party repair. I'm not minimizing the very real need for security and privacy, but it just doesn't make any sense to go about things the way they're doing it. It's like burning down the house because there might be a burglar.
posted by teponaztli at 1:32 AM on February 6, 2016 [18 favorites]

Y'all a bunch of nerds who like hacking your hardware or whatever and that's fine but for like the rest of us normal people

In addition to what L.P.Hatecraft said about everyday users whose phones break with no certified Apple tech in any reasonable proximity, here's another situation for you.

What about the users who have no intention of using the features whose security Apple is trying so hard to protect? Those have no need for Apple Pay, Touch ID, or have no intention to store any sensitive data related to money transfer on it, or use any of these features at all? With the earlier phones, I could wipe or brick it remotely if I needed to, and in if the situation arises that it's lost and I don't realize it, they would have to guess the screen lock code and my iTunes password to get anything useful, and do it all before I noticed it was gone (oooh, they get to see my pictures, or even enjoy searching through 3,000+ email messages to find one that's of use, or maybe even send a rude text to somebody!) .

As far as I know, you can't 'opt out' of these 'features' you MUST HAVE. I see turning my phone into a wallet a ridiculously risky thing in itself for the near future. Now I would get a $270 - correction - $400 smackdown and/or a bricked phone by Apple for a feature that I never wanted or will ever use just because I can't get to an Apple tech that could be hundreds of miles away or more if my screen breaks just... baffles me. I'm bet Apple's next genius marketing/PR move will be suggesting I buy two phones so I have a spare - and call it "The innovative convenience of iClone" or something equally daft and insulting.

I'll keep my old beat up 4s or this 5 with a cracked screen I was given for free, thank you.
posted by chambers at 1:33 AM on February 6, 2016 [23 favorites]

Now that I get a $270 smackdown

The article quotes it at 270 pounds, so closer to $400.
posted by teponaztli at 1:36 AM on February 6, 2016 [4 favorites]

How big is the third party iPhone repair market?

If you need to ask this question, the answer will almost certainly surprise you. It's huge. There is an entire industry of third-party smartphone servicing, especially in less developed countries, or even just smaller ones (most of Denmark for example is hours away from any Apple certified techs) and the iPhone is probably the single handset series with the biggest market share.
posted by Dysk at 1:58 AM on February 6, 2016 [9 favorites]

The article quotes it at 270 pounds, so closer to $400.

To add some numbers, various types of official iPhone repairs seem to cost less than $400. For instance, out-of-warranty, a battery repair is $79, a screen replacement costs between $109 and $149, and other repairs run between $269 and $329. In-warranty repairs cost less.
posted by a lungful of dragon at 2:05 AM on February 6, 2016

It's like burning down the house because there might be a burglar.

Not just burglars, but also when there's a hailstorm that damages the roof and you know an expert roofer you've known since high school but isn't on their list, or the next door neighbor accidentally hits a baseball through your window and you try and replace the window yourself, or if the Jehova's Witnesses knock on the door instead of using the doorbell and you're not home.

Security AT ALL COSTS. Nuke it from orbit. It's the only way to be sure.

Ok, that last one about the doorbell was a bit much, I admit.
posted by chambers at 2:06 AM on February 6, 2016 [4 favorites]

a screen replacement costs between $109 and $149

It's probably going to be more than just a screen replacement, as they'll probably do the whole front plate - screen, digitizer, glass, and button/fingerprint reader assembly. I admit I don't know the specifics about this repair, but judging from the several dozen times I've taken various iPhones, iPads, Macs, Powerbooks, and Macbooks over the last 20 years*, replacing more than is needed because it gives them faster turnaround times is often their MO.

*I'm not that hard on machines, 95% of those were employee's computers/devices.
posted by chambers at 2:16 AM on February 6, 2016 [1 favorite]

These are flat fee repairs. Again, just some numbers to put things in perspective.
posted by a lungful of dragon at 2:17 AM on February 6, 2016

"even if Apple is doing this to protect the consumer..."

...by implementing an expensive vulnerability into your phone that lots of people can potentially exploit, in order to brick your device.
posted by markkraft at 3:13 AM on February 6, 2016

No matter the historical legacy of the failure of all security/copyprotection the big dumb guys keep trying and will keep getting defeated. I look forward to the work around next month.
posted by iamck at 3:15 AM on February 6, 2016

Assuming someone can and will find an exploit here, Apple's security "feature" lends itself very well to this kind of attack... with Apple itself doing the real damage.
posted by markkraft at 3:17 AM on February 6, 2016 [1 favorite]

I've never understood this need to use a phone as a means of payment.

Me too. Credit card security seems poor enough already. Perhaps the Apple Wallet people think they can improve that.

But, there are people, and lots of them, who think that any non-high-tech solution to anything is by definition ridiculous and obsolete. They are eager to replace it. Take a card out of your pocket and scan it? What, did we lose a war?
posted by thelonius at 3:18 AM on February 6, 2016 [8 favorites]

iOS 9 was released 1 year after the iPhone 6, so if we accept that bricking the phone is a necessary response to a hardware compromise, that means that millions of phones were potentially vulnerable to a hardware based attack for a whole year.
posted by Lanark at 3:21 AM on February 6, 2016 [4 favorites]

So is this the new Antennagate/Bendghazi basically-made-up Apple-related controversy for this news cycle to help juice page view counts?
posted by DoctorFedora at 3:22 AM on February 6, 2016 [9 favorites]

Haven't they just incentivised the entire 3rd-party repair industry into breaking their protection?
posted by fullerine at 3:25 AM on February 6, 2016 [3 favorites]

yeahwhatever: This obviously has some repercussions in this instance, and there are good reasons to not want to use iCloud, however it's not like it's malfeasance or poor engineering. Presuming you own a computer, you should still have backups there.

In many of the parts of the world where authorised Apple technicians are least accessible, this is really not something you can presume. Even here in the UK, I know several people with iPhones and/or iPads as their only computing devices.


a lungful of dragon: To add some numbers, various types of official iPhone repairs seem to cost less than $400. For instance, out-of-warranty, a battery repair is $79, a screen replacement costs between $109 and $149, and other repairs run between $269 and $329. In-warranty repairs cost less.

Listed prices for the UK for repairs other than battery and screen seem to start at £236.44 for iPhone 6s, if you haven't got the AppleCare+ With Accident Damage thing.
posted by Dysk at 4:14 AM on February 6, 2016 [3 favorites]

A lot of user ire can be avoided by creating useful error messages. Error 53 means nothing to users.

A good pattern for error messages is to inform the user when bad things happen by answering these questions:

1) What happened?
2) Why did it happen?
3) How does it affect ME?
4) What steps can I take now to solve this problem?

Examples:

What happened:
* Unable to log in
* Unable to retrieve profile information
* Unable to display your results

Why did it happen?
* Your session expired
* Your username/password doesn't match
* Unable to contact database
* Unable to contact website
* No signal

How does it affect me?
* You are not logged in, and so cannot continue
* You will not see any results from your query
* You will see partial results from your query
* We cannot display your profile

What steps can I take now to solve this problem?
* Try logging in again
* Keep hitting Refresh
* STOP hitting Refresh
* Try this alternate URL
* Contact support (and provide a link/email/phone number)

Stuff like this can save a lot of headaches.

- UX Guy
posted by sidereal at 4:59 AM on February 6, 2016 [30 favorites]

I've never understood this need to use a phone as a means of payment.

Yesterday, I walked across the parking lot at work to get some snacks. I tapped away at a game on my phone while I waited in line. When I made it to the cash register, this dance began:

1. Turn off phone.
2. Phone into pocket.
3. Put snacks on counter.
4. Wallet out of other pocket.
5. Cash out of wallet.
6. Hand cash to clerk.
7. "Do you have a loyalty card?"
8. Take loyalty card out of wallet.
9. Clerk scans loyalty card.
10. Put loyalty card back into wallet.
11. Take coin change from change-dispensing machine. ugh that fucking thing
12. Coins into pocket. Hoping that I don't drop any in my haste to:
13. Take bill change from cashier.
14. Bills into wallet.
15. Take receipt.
16. Receipt hastily folded up.
17. Wallet and receipt back into pocket.
18. Stuff receipt farther down into pocket. Go through Mitch Hedberg routine in my head about receipts for four bucks worth of snacks.
19. Collect snacks.
20. Head toward door.
21. Juggle snacks to get phone out of pocket again, because I'm not going to walk across an entire damn parking lot without checking my email.

Somewhere around step 10, I am absolutely certain that everyone in the store is glaring at me for the time this process is taking. It sucks. Or, I can put my credit card and my loyalty card into my phone, and the process is:

1. Put snacks on counter.
2. "Do you have a loyalty card?"
3. Click over to Wallet app.
4. Click on loyalty card.
5. Clerk scans phone.
6. Swipe to credit card.
7. Click to pay. Receipt shows up automatically in separate loyalty card app, so clerk doesn't even ask.
8. Collect snacks.
9. Head toward door, automatically clicking over to email as I go.

Note that in the previous series, I get anxious at step 10. This procedure doesn't even have a step 10. Is using my phone as a means of payment as great as a polio vaccine? No, but it can be better than not using my phone as a means of payment.
posted by Etrigan at 5:04 AM on February 6, 2016 [8 favorites]

Threads and stories like this always make me feel like the two old coots sitting in the theatre box on the Muppet Show, yelling something about how I thought these things were supposed to make our lives easier.
posted by The Card Cheat at 5:17 AM on February 6, 2016 [14 favorites]

Personally, this feels like a feature, not a bug. But, folks need a reason to hate on Apple...
posted by HuronBob at 5:30 AM on February 6, 2016 [9 favorites]

Wow, Etrigan, when you put it that way, maybe your phone should be your CAC, too.
posted by indubitable at 5:43 AM on February 6, 2016 [1 favorite]

When I made it to the cash register, this dance began

This is my skeptical face. Oh, something didn't take 60 seconds? You had to put some things down? Heaven forfend.
posted by listen, lady at 5:51 AM on February 6, 2016 [40 favorites]

I've used my phone to pay at the cash register and it's exactly the same as using a bank card except that you hold your phone over the reader instead of swiping your card. It's sort of fun in a "hey I'm living in the future" way but it's not more or less convenient than paying with a card.
posted by octothorpe at 6:01 AM on February 6, 2016 [7 favorites]

The Touch ID vault is the key to the iPhone's security. It's not just a button.

Most people don't really understand what goes into properly implementing cryptography.
posted by LoveHam at 6:07 AM on February 6, 2016 [11 favorites]

Heaven forfend.

Yes, I do get that it's not the worst thing in the world. For instance, acting like convenience is something incomprehensible or to be sneered at is worse.
posted by Etrigan at 6:16 AM on February 6, 2016 [14 favorites]

Now that your phone is your credit card, surely that's the point.

So when we lose our wallets/purses/credit cards we should expect our banks to silently and irrevocably lock our accounts, rendering them absolutely useless and completely lost of any monies we didn't transfer to another bank or account?

Simply disabling Apple Pay on a phone with an unauthorized home button is a user friendly solution to this problem. Bricking the phone with no warning is retribution.
posted by dozo at 6:31 AM on February 6, 2016 [26 favorites]

No plenty of people understand crypto they just question the wisdom of placing cryptographic components in a platform that is inherently easy to damage, located at the primary touch point so that hardware wear on the component is maximized, and making it so that there is no technician bypass of the fingerprint mechanism for device recovery.

I know people are really concerned about the idea of the NSA or other big brother entity having access to their Selfies and Credit Card information (as if both of those are in any way secure from the NSA given already present backdoors in the carriers IP networks) but making it where cryptographic features can completely destroy the functionality of a phone with no hope of recovery is an awful design.

What is also kinda interesting is that the lack of a backdoor for recovery using an alternative (like a PIN or technician bypass) is probably going to result in a lot of CISOs for companies (and governments) saying that the Iphone cannot be used for company (or government) related activities like email.
posted by vuron at 6:33 AM on February 6, 2016 [5 favorites]

Most people don't really understand what goes into properly implementing cryptography.
posted by LoveHam at 23:07 on February 6

"I can't believe that the safe company doesn't have a way into the safe I bought from them, especially after I changed the lock."

"Error 53" is an awkward and unfortunate bug, but there's a lot of disingenuousness or SOMETHING going on to suggest that it's some sort of a deliberate thing. Folks are starting to remind me of the sorts of people who angrily blame "planned obsolescence" for the fact that the march of technological development fails to stop at the moment they buy product X, and that product X does not have a lifespan that lasts literally forever.
posted by DoctorFedora at 6:34 AM on February 6, 2016 [4 favorites]

It doesn't seem to be just repaired iPhone 6 units that are bricking, but even some of those (link from article) that merely have a cracked screen. Many people will put up with a small screen crack, so should Apple brick their phones even if there is no security compromise?
posted by scruss at 6:35 AM on February 6, 2016 [2 favorites]

I'd never heard 'heaven forfend' until Monty Burns said it.
posted by lazycomputerkids at 6:37 AM on February 6, 2016 [2 favorites]

I think what bothers me most about this is that, when I buy something like a smart card or Yubikey, I know that I'm signing up for super secret agent James Bond shit that is supposed to self-destruct if you so much as look at it wrong (tamper-resistant hardware). That's the idea! But I don't think most people who own iPhones need to or intend to have that level of security and the inherent tradeoffs when what they're really doing is just the usual phone stuff like storing selfies, texting friends, playing games, etc. So now, instead of having an isolated secure element that you only use for secure stuff, you've mashed everything together in one platform so the restrictive rules apply to everything, even the vast majority of stuff that doesn't warrant that kind of security.
posted by indubitable at 6:50 AM on February 6, 2016 [13 favorites]

For instance, acting like convenience is something incomprehensible or to be sneered at is worse.

In what way is your $700 phone self-bricking convenient? Really, the actual use case of pulling a plastic card out of your wallet is a lot less different from the phone scenario than the contrived example you gave of using cash.
posted by indubitable at 6:54 AM on February 6, 2016 [12 favorites]

Also those change dispensing machines are AWESOME
posted by grumpybear69 at 6:56 AM on February 6, 2016 [4 favorites]

There's so many things wrong with how they did this.

One: iPhones have had fingerprint scanners for three generations. Apple Pay is newer than that, but it's still been around a while. This problem did not crop up overnight - they could have taken the time for a proper rollout.

Two: There's zero transparency. The error code is completely opaque, there was no warning in the update notes, your phone just dies. Charming.

Three: thanks to the lack of transparency, users can't even properly tell if this is a proportionate response to a threat. Would disabling the fingerprint reader be enough? I'd think so, but I can't say for sure. I'm not inclined to give them the benefit of the doubt after 1 and 2, though.
posted by Holy Zarquon's Singing Fish at 6:57 AM on February 6, 2016 [10 favorites]

indubitable, you seem to be arguing a point that I am not making. And my "contrived" example is literally the exact process I went through yesterday.
posted by Etrigan at 7:05 AM on February 6, 2016 [1 favorite]

I walked across the parking lot at work to get some snacks. I tapped away at a game on my phone while I waited in line. When I made it to the cash register, this dance began...

You do understand that the "dance" actually began with your inability to exist for 15-20 minutes without having to be entertained, right?

Anyway...That this issue began with the installation of iOS9 makes me wonder if this isn't actually some deeply buried bug in the code that Apple has yet to find?
posted by Thorzdad at 7:08 AM on February 6, 2016 [17 favorites]

Etrigan, your described payment sequence is a good example of why I don't really buy things with cash (especially because then I wouldn't be able to track how much of my budget I spent on snacks). It's not a great example of why paying by phone would be superior to paying by card, which would really only add the steps involved in opening and closing your wallet and remembering that most cards are chip cards now (and most store chip-card readers are finally operational), so use this front slot rather than swiping. Also, it's totally on you if you don't remember to take your loyalty card out of your wallet at the same time as your credit card; that's a couple extra steps, too. (You might remember better if not playing a game while in line?)

At some point, perhaps payment by phone will be ubiquitous enough to be convenient, and I'm sure Apple is probably already counting on that. Right now, though, it would be more effort to research and try to remember the handful of places that might support payment by phone than to just pull out a card. And man, it is so much cheaper to replace a compromised card than an allegedly compromised phone. Your cards also don't come with terms that are violated when you accidentally get them wet.

Oh right, and can ya try not to read your email while walking through the parking lot? Heh.
posted by limeonaire at 7:09 AM on February 6, 2016 [10 favorites]

It's contrived because the closest alternative to paying with a phone is paying with plastic. That eliminates at least 5 steps from the example you gave and makes retaining a receipt unnecessary.
posted by indubitable at 7:10 AM on February 6, 2016 [11 favorites]

Companies are generally run by odious people who have contempt for their fellow humans.
posted by Mental Wimp at 7:12 AM on February 6, 2016 [1 favorite]

Is the fingerprint scanner actually that important? I have weird hands that sweat too much, which conversely leads to the skin drying out and peeling more than is normal. Fingerprint scanners on phones work for me for about four days. This was true of my iphone, and is true of my LG V10 (which brought about an awareness of the Stockholm syndrome I had with iPhones, but that's a different, endless internet argument thread)

That they disable the entire phone instead of disabling the ability to unlock it from the fingerprint sensor seems like a terrible idea, but maybe they had not anticipated this problem and had no other options. Seems unlikely though, since if you get the fingerprint wrong a couple times, you have to enter the passcode. Just trigger that routine, right?

Whatever. I'm glad the alternatives caught up, and glad my foray into Apple hardware and software is over.
posted by Leviathant at 7:17 AM on February 6, 2016

I dunno, man, when my credit card is compromised my bank doesn't lock my accounts and then block me from accessing my money. They issue a new card. And generally only when there is proven fraud.

Perhaps Apple could send a notification to the user that their security has been compromised, and then do something like reauthenticate Apple Pay, rather than brick a $700 piece of hardware because they suspect you violated the warranty.
posted by Existential Dread at 7:18 AM on February 6, 2016 [7 favorites]

No, but it can be better than not using my phone as a means of payment.

This only holds if you've got a financial system that's been very slow to switch to a more advanced credit card implementation.

We've had chip and pin in Canada now for a few years. Contactless payment, tap your card to a reader and go, is generally quicker than paying with cash. You only need to do the full insert and pin dance for purchases over $100---and for those larger amounts, I don't mind a bit of extra security personally.

I'm also happy, thinking about it, that I don't have to worry if my credit card is charged to buy a cup of coffee.

Interestingly, Apple Pay has had a really hard time finding traction in Canada, partly because our banks are an oligopoly, but I think, also because there's no real demand. Chip cards are mostly good enough and people are used to them now.
posted by bonehead at 7:21 AM on February 6, 2016 [2 favorites]

I apologize for the derail.
posted by Etrigan at 7:26 AM on February 6, 2016

Chip and pin is contactless in Canada? I have one new credit card with a chip and you always have to slide it into a vertical slot in the front of the reader and it takes forever to read so I mostly don't use it.
posted by octothorpe at 7:26 AM on February 6, 2016

and making it so that there is no technician bypass of the fingerprint mechanism for device recovery.

The "technician" in your scenario is a thief in a stolen/lost phone scenario.

Simply disabling Apple Pay on a phone with an unauthorized home button is a user friendly solution to this problem.

Thus leaving the rest of the phone's contents unprotected.

So now, instead of having an isolated secure element that you only use for secure stuff, you've mashed everything together in one platform so the restrictive rules apply to everything, even the vast majority of stuff that doesn't warrant that kind of security.

Arguing that the personal data (even not financial) on our phones shouldn't be secure is ludicrous.

Every alternate access scenario proposed in this thread to a compromised Touch ID is possible backdoor for a bad actor to exploit. A backdoor for the owner is also a backdoor for criminals.
posted by LoveHam at 7:28 AM on February 6, 2016 [8 favorites]

Contactless credit payment been rolling out for a couple of years now, with the limit slowly going up as the banks adjust their loss models (we started at $25, now it's commonly $100).

The swipe thing really isn't used anymore at all. It's either contactless or insert the card and type your pin. Swipe and sign is only used as the worst case fall back. The merchants hate it because it's prone to fraud, and the cc agreements now make them responsible for fraud via the older authentication system.

The US does do things differently. It's sort of a half assed implementation from what I've seen of it, and ends up with the worst of both the old swipe method and the pain of the pin methods, at least from the interactions I've had with it.
posted by bonehead at 7:31 AM on February 6, 2016 [3 favorites]

I apologize for the derail.

I don't think it is a derail. I think these issues are why Apple Pay exists, and the consequences of that are why the error 53 issue is happening.

If Apple wants to make a consumer credit device, they have to have a certain level of security, and that means that flexible reparability has to go out the window. It's a pain in the ass for Apple customers, but it would be worse for Apple if they got a reputation for being an easy route for hardware hackers to steal from people.
posted by bonehead at 7:35 AM on February 6, 2016 [4 favorites]

Arguing that the personal data (even not financial) on our phones shouldn't be secure is ludicrous.

So this personal data, you keep no backups? Or backups that can only be decrypted with the hardware module on your phone? So that if your phone is lost, broken or compromised, the data is unrecoverable? That is not how I handle all or even most of my data (I *like* having old photos), but I will concede that some people need this level of security.
posted by indubitable at 7:36 AM on February 6, 2016 [1 favorite]

You can do effectively unbreakable security in software. You've been able to get fully software encrypted phones for years. However, Apple has chosen to use hardware as well to make the phone easy to unlock.
posted by bonehead at 7:42 AM on February 6, 2016

Yes having a key escrow or pin bypass represents a potential method for a black hat to bypass the phone's security to access the stored user information.

However at the end of the day that should be a user choice (not a vendor lock-in) and should not be built on a component that is easy to damage through accident or wear patterns. Yes "everyone" know that you don't actually "buy" a Iphone but rather lease the usage of that phone platform and IoS license on a temporary basis and the Apple can make changes to the expected phone behavior with a code upgrade but it is a monumentally bad idea to roll said feature out without alerting users and without giving users the right to opt-in or opt-out.

The fact that people are defending this action on consumer privacy grounds is incredibly disengenous because I strong suspect that at no point int time are potential consumers told when they go to the Apple Store or their carrier for a phone upgrade that the are signing onto a scenario where a valuable piece of consumer electronics (many of which are basically purchased on a lend-lease program with a carrier) could result in being permanently locked out of the platform.

Yes there are people who are going to like this feature due to the security it potentially provides but that number is going to be vanishingly small in comparison to the number of users who do not require a high level of cryptographic assurance concerning their device's security. Creating a one-sized fits all security design is simply bad and is disproportionate to the risk.
posted by vuron at 7:44 AM on February 6, 2016 [7 favorites]

Yes, bonehead, but I walked across a parking lot yesterday, therefore Error 53 isn't really a thing. It's a perfectly logical train of events.
posted by Etrigan at 7:46 AM on February 6, 2016

Creating a one-sized fits all security design is simply bad and is disproportionate to the risk.

That would mean Apple would have to offer Apple Pay capable phones and non-Apple Pay phones. I can't see them doing that.
posted by bonehead at 7:46 AM on February 6, 2016

Every alternate access scenario proposed in this thread to a compromised Touch ID is possible backdoor for a bad actor to exploit. A backdoor for the owner is also a backdoor for criminals.

Activating TouchID isn't mandatory, so an iPhone with TouchID categorically disabled would clearly not be unacceptably insecure for Apple.
posted by Holy Zarquon's Singing Fish at 7:48 AM on February 6, 2016 [2 favorites]

So you're saying Apple doesn't have my best interests at heart?
posted by datawrangler at 8:00 AM on February 6, 2016 [2 favorites]

I hate hate hate tap to pay with debit and credit cards. It just feels so insecure, although it almost certainly isn't. The extra five seconds to do the PIN entry is worth it, sorry not sorry to the other people in line. I'm the old man with a chequebook of the future I guess.
posted by the uncomplicated soups of my childhood at 8:01 AM on February 6, 2016 [2 favorites]

Seriously, I was going to get a new phone today (upgrade from flip phone to iPhone 6 Plus) and now I don't know if I should bother with these 21st century concepts. Maybe Samsung loves me and cares about me and :::wallow::::
posted by datawrangler at 8:02 AM on February 6, 2016

Haven't read all the comments above, but my sense of this is that it is the consumer version of the butt-hurt that has been plaguing law enforcement recently with respect to Apple's encryption of their phone contents. That said, Apple could have gotten way out in front of this and let people know about it before it was too late, but they probably decided the optics were bad.
posted by hwestiii at 8:02 AM on February 6, 2016

Also, the point the article makes about the difficulty involved in accessing official repairs outside of a few major Apple Store-served markets seems to me to be essential. So people in most places on Earth can't get their iPhones fixed now? It's buy a new one, bubble wrap it and pray?

When vendors talk about their authorized repair network it reminds me of the guy who says to another person, "Oh your Internet with Comcast is expensive, well then just go with another company." Of course, many people don't have that option just as many don't have the option to drive/bus/fly many kilometres to get their phone fixed.

Now that your phone is your credit card

Wait. This isn't optional?

The fact that people are defending this action on consumer privacy grounds is incredibly disengenous...

And hilarious and not surprising given that it's Apple. I think the only defence is the logic of the process. It may be logical, but the ultimate outcome/solution is absurd.
posted by juiceCake at 8:03 AM on February 6, 2016 [2 favorites]

Does it really require a hardware change to implement? After all this is only showing up in regards to a ios update so its a hardware feature that is software enabled so you could easily do an opt in or opt out option when you do the kernel update.
posted by vuron at 8:04 AM on February 6, 2016

Apple fucked this up. You can tell by the cryptic "Error 53"; that is not the Apple User Experience. Also other reports say phones in this state go into a reboot loop. The failure isn't some carefully crafted security measure, this is Apple having screwed up one of their software updates and forgetting to test the case where the fingerprint sensor hardware was tampered with. Their update breaks those phones. And unfortunately, it turns out a whole lot of people have phones with modified fingerprint sensors.

I'm an Apple fan. I have an iPhone. I'm typing this on a Mac. I absolutely hate Apple's closed software and hardware ecosystem. I also appreciate its benefits. (Related: I finally figured out how to capture and record system audio on MacOS. Something made remarkably difficult by the lack of capture support in the OS and the near-impossibility of installing third party open source kernel extensions in modern MacOS.)
posted by Nelson at 8:11 AM on February 6, 2016 [13 favorites]

You can tell by the cryptic "Error 53"; that is not the Apple User Experience.

What? My first thought, if anything, was they're getting back to their roots.
posted by Talez at 8:18 AM on February 6, 2016 [4 favorites]

While I can understand an argument that says such a feature is a good idea because security, I can't understand that anyone could think it's acceptable to introduce such a feature unnanounced in an upgrade to consumers and not say to them on installation 'hi, has anyone who is not apple repaired your phone in the last year? Because if you have done this, despite us never telling you that you shouldn't, this update can completely fuck your phone and make you have to buy an entirely new one.'
posted by reynir at 8:20 AM on February 6, 2016 [5 favorites]

A lot of user ire can be avoided by creating useful error messages. Error 53 means nothing to users.

If you try to do this in the Java world, someone will freak out about "using exceptions for flow of control". Many seem to believe that best practice is for an application to die and give a huge stack trace to the user instead of sending a message saying, hey, I can't connect to the database, call the nerds.
posted by thelonius at 8:24 AM on February 6, 2016 [1 favorite]

That's not using exceptions for flow control at all...
posted by kmz at 8:30 AM on February 6, 2016

I know! But some developers seem to have a complete horror of ever actually catching one and doing something.
posted by thelonius at 8:36 AM on February 6, 2016

In what world do you present stack traces to the user?!
posted by grumpybear69 at 8:46 AM on February 6, 2016 [4 favorites]

It makes perfect sense if you hate your customers.
posted by Holy Zarquon's Singing Fish at 8:47 AM on February 6, 2016 [1 favorite]

Is this morphing from a apple hate thread to an Oracle hate thread because both are certainly viable targets for consumer ire.
posted by vuron at 8:50 AM on February 6, 2016 [1 favorite]

When Olmos, who says he has spent thousands of pounds on Apple products over the years, took it to an Apple store in London, staff told him there was nothing they could do, and that his phone was now junk. He had to pay £270 for a replacement and is furious.

Clearly not that furious, or he wouldn't have bought another. When the typical user's response to having his $400 iPhone bricked by Apple is to go right out and buy another brand new $400 iPhone, there is little incentive for Apple to change their support model.
posted by zakur at 8:52 AM on February 6, 2016 [11 favorites]

Like Etrigan, I find the convenience of the Apple Wallet enormous. Not just paying for things, but holding tickets, etc. I look forward to the day when I can walk out of the house with one device, no wallet, no keys, no passport, and if the iPhone came with a pocket comb I'd use that too.

I'm not saying there aren't huge technical and security problems with replacing everything you carry by a single fragile electric device, but I think the problems are being addressed and I see this as a hiccup on the road to a simpler user experience. Apple will address this in some future update, because they always do, and in the meantime I'll be diligent about keeping back ups.
posted by Slarty Bartfast at 9:14 AM on February 6, 2016 [4 favorites]

Every alternate access scenario proposed in this thread to a compromised Touch ID is possible backdoor for a bad actor to exploit. A backdoor for the owner is also a backdoor for criminals.

See also: how every other smartphone vendor does things, how Apple did things, and how you can still do things with an iPhone 6 if you want I gather. Passwords. And the ability to do a remote wipe, because I'm not going to have my phone taken and not notice.

It's not like a fingerprint scanner is going to be that much harder to authenticate on when you shouldn'tthan be able to than a password prompt. We're not asking for a backdoor, just other methods for authentication.
posted by Dysk at 9:15 AM on February 6, 2016 [2 favorites]

iPhones have had fingerprint scanners for three generations

My grandfather would often tell the story of how he paid for a round of drinks for a whole bar on VE day using only Adolf Hitler's thumb.
posted by biffa at 9:29 AM on February 6, 2016 [37 favorites]

If you need to ask this question, the answer will almost certainly surprise you. It's huge.

I think the question was being asked in the context of Apple's current revenue. I suspect that on that scale, it is actually entirely negligible (as Apple had $76 billion in revenue in just the past *3 months*). Even if the third party repair business is a multi-billion dollar industry, it's equivalent to what Apple finds in the cushions of the couch. Greed for that infinitesimal market doesn't really seem plausible as the secret motive for what happened.
posted by BlueDuke at 9:39 AM on February 6, 2016 [3 favorites]

For instance, acting like convenience is something incomprehensible or to be sneered at is worse.

Siiiiiiilenced all your liiiiiiiiiiiiiife!

Luckily, such comparative estimations are relative.

Feel free to tip me using Square. I know it's more convenient.
posted by listen, lady at 9:44 AM on February 6, 2016 [2 favorites]

look, convenience is fine. i, too, like it. your elaboration of how difficult life is without this particular one is, quite frankly, absurd.
posted by listen, lady at 9:45 AM on February 6, 2016 [8 favorites]

Almost everybody's missing the point — once the system is compromised, it can't be trusted. Period.

Those phones aren't going back to Apple to be repaired. They're going to be autopsied, and then destroyed.

This is a good thing. My personal data is safe and I can buy a throwaway Android phone or "feature" phone anywhere as a temporary measure.

You can do effectively unbreakable security in software.

Incorrect. Security keys not stored in secure hardware modules/enclaves are far more easily cracked.
posted by ArmandoAkimbo at 10:00 AM on February 6, 2016 [4 favorites]

WHACK!

"Please sir, may I have another?"
posted by biffa at 10:05 AM on February 6, 2016 [3 favorites]

We're not asking for a backdoor, just other methods for authentication.

Interestingly, this is not much different a position than that of the US gov't. They want a side-door to your phone, too, not a back-door.
posted by a lungful of dragon at 10:14 AM on February 6, 2016 [2 favorites]

Is TouchID required for using an iPhone? If not, why not, if it's so essential for proper security?
posted by kmz at 10:20 AM on February 6, 2016 [5 favorites]

Apple doesn't let you password authenticate? What happens if you cut your thumb or something? Or they do, just not when a third party has repaired your phone? Riiight, side door. Just like the US government.
posted by Dysk at 10:39 AM on February 6, 2016

My iPhone 6 has both Touch ID and a passcode. If I don't feel like using the touch thing, I just enter the code just like I did on my old iPhone 5.

Apple didn't test for a bug, I'm pretty sure they'll address this.
posted by disclaimer at 10:43 AM on February 6, 2016

Damn apple for protecting my privacy! Get me to android, where I know somebody is watching, stat!
posted by valkane at 10:51 AM on February 6, 2016 [5 favorites]

Ha ha ha ha Apple. I hope they get sued.

They are, but abut something else. There's a class action going about how device performance gets irreparably worse every OS upgrade eventually leaving your device unusably slow, which is a big deal since you're locked into Apple OSes and downgrades are purposely impossible.
posted by JHarris at 11:12 AM on February 6, 2016 [3 favorites]

Now that your phone is your credit card, surely that's the point.

My "phone" isn't my "credit card". It is access to every digital thing that is important to me, that I carry pressed against my body for all my waking hours. It's the computing device that I use the most, by a wide margin. It has voicemails from people who aren't alive anymore, photos from a decade ago, access to every financial account I have, a record of my most meaningful conversations with my friends. It is the first thing I reach for when I wake up, and the last thing I put down when I go to sleep. Oh, it also happens to make phone calls and pays for stuff when I don't want to take my credit card out.

So yes, nuke that shit from orbit if it even looks like someone is trying to fuck with it.

It comes with a year of effectively no-questions-asked repairs, that is extended to 2 years for a trivial amount of money, compared to the cost of your $1000 device. If this outrages you, there are lots of other handset makers to choose from, but don't act like we are all idiots because our priorities are different than yours.
posted by danny the boy at 11:19 AM on February 6, 2016 [8 favorites]

> No. This is actually A Good Thing, as there's no way for Apple to know whether someone is messing with the fingerprint sensor to gain access.

Oh, you can't be fscking serious! 12 favorites?!

Who cares what the heck Apple knows? It's your phone!

If you are going to have a "Destroy your property" setting, at least make sure that the user consents to this explicitly in advance.

If there were a setting that said, "Permanently destroy this phone if maintained by a non-Apple technician," how many people would check it? Some small percentage of phones in the world need to be extra secure - the rest are basically just telephones with perhaps a few cancellable credit card numbers in them at worst. I have a slightly complex swipe code on my phone, and when I lose it, I'll walk over to gmail and turn off the data.

The worst is that Apple rolled this out as a secret new feature - it's not like they announced, "Hey guys, we're going to brick your phone if you've ever maintained it in the third world". And Apple is the "premium" brand - given their obscene profit margins, shouldn't customers be expecting somewhat less abuse than regular, though I suppose a lot of people consider "not destroying your phone" to be some form of handholding...

The fact that 13 people in this fairly rational forum think it's perfectly reasonable for Apple to secretly roll out a feature that destroys people's phones that they almost certainly legitimately purchased and own - it makes me fearful for the future.

--

(And also, Apple Computer is a company I know from being a developer as aggressive, inflexible and never open to negotiation - the whole "ethically challenged" package. I can't imagine why I or any reasonably cautious person would want them, or frankly, any private company to have access to their biometrics. I wouldn't give them a key to my apartment, and some unscrupulous person could do a heck of a lot worse to me with my biometrics without my even knowing!)
posted by lupus_yonderboy at 11:36 AM on February 6, 2016 [25 favorites]

Also those change dispensing machines are AWESOME

Yah! I always feel like I won something.
posted by sidereal at 11:39 AM on February 6, 2016 [2 favorites]

ArmandoAkimbo: Almost everybody's missing the point — once the system is compromised, it can't be trusted. Period.

Those phones aren't going back to Apple to be repaired. They're going to be autopsied, and then destroyed.

This is a good thing. My personal data is safe and I can buy a throwaway Android phone or "feature" phone anywhere as a temporary measure.

Maybe leave that decision up to the users? I never keep anything compromising on my phone because I kind of assume the phone company can go page through it whenever they want. So, if the choice is "Burn your $600 device" or "accept your phone is maybe compromised", I'm going to take the second!

I mean, practically every PC that exists is maybe rootkitted, and any that has ever had malware is definitely potentially rootkitted, but you don't just throw the machine into an incinerator and buy a new one! Many people, even knowing that, don't even do a complete format! Because you're not an international spy and your information was probably compromised already, so the small chance it is slightly more compromised is not worth throwing hundreds of dollars down the drain.
posted by Mitrovarr at 11:40 AM on February 6, 2016 [6 favorites]

Apple's floorspace is absurdly profitable, and the way they've set up iOS/iCloud means if you have problems with any iOS device, they literally just give you a new one in store and ship the broken off for parts.

To be sure, this is pretty much just how electronics repairs work these days, even when you ship things back to the manufacturer. They pull a finished refurbished item off the shelf, send it to you, and break down your broken device for good parts to put into refurbishing other devices.
posted by kaibutsu at 11:44 AM on February 6, 2016 [1 favorite]

Sigh. The fingerprint reader itself does not store the encryption keys, etc. That is in the secure element. The reader is cryptographically authenticated to the secure element, which is how it detects a change and (now) bricks your phone. Disabling a rogue reader might not even be a bad idea, since it could prevent some timing or fuzz attacks. Bricking the phone entirely, on the other hand, is hostile to the user.

If you think this is a reasonable response to the fingerprint reader being changed, please explain why it is OK to never set up the fingerprint reader and rely solely on a pin or pass code. And why it is OK to authenticate with a pass code after failing the fingerprint read a few times.

For now, I'm going to assume this is unintentional on Apple's part (a bug), and not that the specifically set out to fuck over their users for zero security gain whatsoever.

Thankfully, Google has yet to see fit to brick my phones for modifying the hardware and software. They will prevent Android Pay from running if certain conditions aren't met, but the rest of the phone works fine and continues to be encrypted with a key that is itself secured by my PIN/pattern/whatever lock, so my shit is protected from them and their shit is protected from my potentially nefarious intentions. As it should be.

Of course, given the parade of problems with stagefright and other low level libraries, my shit may well be less protected from malware than I would like.
posted by wierdo at 12:03 PM on February 6, 2016 [10 favorites]

There's also some inherent shittiness in the "sure hope you've been traveling and living only in Apple-approved countries, pardner" attitude there. It strikes me a lot like "We only want first world, relatively wealthy customers."
posted by corb at 12:23 PM on February 6, 2016 [8 favorites]

I have to say it, glad I don't have an iphone anymore... Despite whatever legitimate excuses can be made on security and technical grounds, there is no way this is not just beyond shitty customer service, and there absolutely has to be a better solution. What about all those in various parts of the world who don't have access to authorized repair services? Is Apple really more or less abandoning such a large section of the market?

I have to also say that I don't have time for people who, as soon as anything gets slightly technical or complex, just want to call nerd war or something similar. Their ability to live in their dumbed-down corner of the world while (presumably anyway) enjoying all the benefits of modern life including smartphones is only possible because many others do care about details. Sure, there are people who obsess over minor issues to the point of inanity, but this is far from minor and not one of them.
posted by blue shadows at 12:39 PM on February 6, 2016 [2 favorites]

yeahwhatever: "Also, this is not something unique to Apple. [...] Auto manufacturers as well."

Cite? I'm not aware of any cars being turned into a lawn sculpture by replacement of any part with an aftermarket example. Especially not in an ex post facto manner.
posted by Mitheral at 12:57 PM on February 6, 2016 [4 favorites]

Well one answer would be to say "okay we don't trust this fingerprint module, so we'll completely disable fingerprint functionality, and you can log in with your password like people with older iPhones"

I can confirm that this was the functionality on the 5S. I've repaired several, where the home button cable was damaged by an attempted home repair(or the button itself). When you installed a new button/scanner module it would just grey out the fingerprint menu in settings and you could only use a passcode(including the passcode you HAVE to set as a backup to use the scanner in the first place!)

I have no idea why they'd stop accepting that. Apple pay? This seems like a really stupid ass choice.
posted by emptythought at 12:59 PM on February 6, 2016 [2 favorites]

Does that mean the handset is not actually permanently disabled? There doesn't seem to be any good reason for permanently disabling the phone, if the customer can get it to an Apple-approved technician and prove their identity, why not reactivate it?

Doubling up but, i know for a fact that apple can replace the button/cable at their in house service counter/"genius bar" and still enable touchid functionality. They have a way of resetting what button module is paired. When they replace the screen module they replace the WHOLE screen module, button attached, not just the display/glass and swapping parts and such like independent technicians do. They want to get it done as quickly as possible.

I smell some real bullshit in this article and what it's claiming. This DOES come off as a case of "omg look apple is EVIL" clickbait bs.

If you take your phone to apple and pay them the $109 or whatever to swap the entire display module with the button attached, they will repair it and your scanner will work.

Are there any reports out there of people taking their phones in to apple with this error displayed and being either denied service or asked to pony up for a full device replacement? Otherwise this doesn't seem like it's quite the story it's claimed to be because the device isn't "bricked". There's PLENTY of things out there that need the manufacturer to reset or reprogram a security device(say, chipped car keys until recently). It's just that a lot of it i'm thinking of is commercial grade hardware. Shit, you can get windows into a state where you have to call microsoft and have them re-enable your key on their end.

Could they have written a better description of this error or publicized this better? Yea. Does it make sense for them to be the only ones who can re-key the pairing between the sensor and the security chip? Yea. Is this a super easy cheap shot at "ha! apple wants you to do dealer service only!" because of that which will get certain people online really mad and vocal? ohhhh yea.

The stand up thing for apple to do here would be to add another screen like the "connect to itunes" recovery screen that just has the genius logo and says "an error was detected in your device *error code*, this error can only be corrected by the genius bar or apple service department. *URL* *a couple phone numbers*" and maybe even ye olde "emergency call" button if it's possible to boot the device that far. And you know, a page on apple.com like they did with the imessage issue and several others over the year. Not just a KB page(although that too!) but just a big plain-language nice and helpful support page.

The question i have, is can apple authorized service providers repair buttons, or only the apple service depot/genius bars? Because there could be a deeper story here of apple slowly fucking over AASP's which already seemed to be a bit of A Thing.
posted by emptythought at 1:14 PM on February 6, 2016 [2 favorites]

Yesterday, I walked across the parking lot at work to get some snacks.

Funny, it always feels like I’m in line waiting behind the person trying to pay with their phone and I wish they’d just use a card or cash.

I attribute this to the computer reality distortion field, where people lose track of time and everything seems quick and easy to them when using a device. I think it’s because they’ve been sold that, and the fact that they are engaged in a short puzzle. Outside of the distortion field it doesn’t seem to be so quick and easy. Relativity?

I have watched people search for something on their phone completely oblivious to this, one time a guy seriously spent 30 minutes looking for something to play for everyone (we actually had to wait for it, a work thing), the entire time saying "hang on just a second, it’s right here". That seems to be part of the magical incantation.
posted by bongo_x at 1:18 PM on February 6, 2016 [10 favorites]

Dear Sock Buyer-

We have sewn your credit card into your new pair of socks. If you darn them yourself you will never be able to wear these socks again.

Sincerely,
The iSock Team.

---------------------------------

Honestly, there are clearly reasons why they did this, and as usual there were competing concerns, one was emphasized, and it's had an unexpected outcome. This happens all the time with computer-based products, not just with Apple. But it's with Apple that you get all these people implying that you are stupid for not seeing that this is the Best of All Possible Worlds. I've seen the occasional Windows enthusiast+apologist, but it's been rare.
posted by benito.strauss at 1:42 PM on February 6, 2016 [10 favorites]

I apologize for the derail.

I don't think it is a derail. I think these issues are why Apple Pay exists, and the consequences of that are why the error 53 issue is happening.

The main argument I have about the "phone as wallet" concept is that while the goal of 'convenience' has been achieved for the moment of transaction between the end user and the banks, the current issue at hand shows that they have not fully considered and worked out the issues about the 99.9% of the time you aren't using that feature. Etrigan is not wrong for touting the usefulness of Apple Pay, but that's not the problem we're talking about.

Apple, in it's eagerness to get there first and dominate the market, seems to have dismissed some of the more practical concerns. Their track record of successes (some better than others) in this strategy perhaps made them overconfident in the overall project and misjudged the importance of these things. It's understandable to some extent, and not just in a snarky "Look at the profits! We can't go wrong!" kind of way.

They can easily see and optimize the technical parts of it, as they are tangible things - banks want X specifications to meet PCI and other security requirements, deals with CC processors and equipment manufacturers can be negotiated, Apple's engineers can make something that will meet those security requirements and make it easy to use for anybody. They seem to just have assumed the actual day to day use of a device with these features would not present much of a problem to the end user.

The current situation, which may be the first but I doubt it's the last, could have been avoided, or at least minimized with some design changes to the phone itself. While they may have been difficult and somewhat expensive, if they redesigned the home button and fingerprint reader to be part of the mainboard and kept the screen assembly separate so that the screen, glass, and digitizer could be replaced by anyone, and focused the tamper protection on the mainboard, this whole situation could have been avoided. The security features that carry the risk of bricking the phone if a screen replacement was done ineptly would still remain and perhaps even be extremely sensitive, but bricking would be much more rare of an occurrence.

Smartphones have three main points of failure - the screen, the buttons, and water. The fact that there is a whole industry of independent iPhone repair shops, and the changes to warranty/support contracts over the years make this obvious. Apple's concern about not having total control of the repair market is understandable to a certain degree, and this 'solution' they chose may have been seen as the least harmful to them (legally and financially) out of the options they had, since the fingerprint readers have been in the last three generations of iPhones. It could be that they found themselves backed into a corner, as disabling the feature in existing models or doing some form of recall might wreck the whole ApplePay master plan, and set them back a couple years and might cost them hundreds of millions, if not billions, of dollars.

Apple's greatest weakness in my eyes is that their success has made it more difficult for them to identify what of the multitude of seemingly 'minor concerns' may actually be more important than they appear. If anything, Jobs was really good at detecting those aspects and forcing them to be taken more seriously, at least from the late 90s to about 2007 or so. As his illness progressed from it's first detection in 2003, as time went on he seems to have focused more on the post-Jobs Apple era, which is understandable. That's not to say Apple is doomed, but perhaps Apple needs some failures to re-calibrate themselves, so that they don't eventually fall prey to the "too successful to be wrong" mindset that eroded many mega-corporations in the past.

Look at the error message, and it tells you a lot. "Error 53" is directed not at the user, but the techs. They could have easily put in a clear description for the user, but they chose not to. Why? Partly because error codes to non-tech people are scary, and it drives them right back to Apple (consider how scary the warning messages are for websites that use 'unsigned' or 'untrusted' certificates - even though the encryption works fine and may not be a scam site, the warning is designed to instill fear in the end-user, and make sure people only trust signed certificates, that the NSA had a hand in encouraging (see this Mefi post). I still have the occasional user that thinks the error number is just a count of how many errors they are, and not an ID tag (which was funny in the 90s, as Apple's 'negative number' error codes made their heads almost explode). Cryptic error codes have a lot more subtle uses than just being of use to the IT-savvy.

As much as I am disappointed in many of Apple's decisions over last 10 years, with the right people in the right places, there is still a somewhat decent chance they could realize where they might be failing, and have the wisdom to know when to listen to the beancounters and shareholders, and when to tell them "shut up, I'm driving, and I know where I'm going."
posted by chambers at 1:43 PM on February 6, 2016 [5 favorites]

"Error 53" is directed not at the user, but the techs. They could have easily put in a clear description for the user, but they chose not to.

Errrr having done some end-user bug reports to Apple on software, no. That's 99% a fuckup in their tech writing/UX stuff. At least it's not the one that said "ERROR_CODE_HERE" in a Mac OS dialog box that I sent to them once.
posted by immlass at 1:51 PM on February 6, 2016 [3 favorites]

Apple is worse than me.
posted by HITLERTRON 5000 at 2:38 PM on February 6, 2016 [5 favorites]

It's the computing device that I use the most, by a wide margin. It has voicemails from people who aren't alive anymore, photos from a decade ago, access to every financial account I have, a record of my most meaningful conversations with my friends. It is the first thing I reach for when I wake up, and the last thing I put down when I go to sleep.

You've... you've got that all backed up, right? In more than one place? I don't keep anything permanently on my iPhone because despite the Otterbox I am a prime candidate for one day dropping the damn thing in the ocean/dropping it off a cliff/dropping it in a bad way on the floor.
posted by jokeefe at 2:59 PM on February 6, 2016

It strikes me a lot like "We only want first world, relatively wealthy customers."

I don't think Apple would disagree. People have been asking Apple to make $200 phones and $500 laptops for a while now, and Apple has never obliged. Look where it's gotten them - the majority of profits for phones, and a laptop division that everyone else copies. I have a $40 Motorola smartphone that does everything my iPhone does, great! The company has been sold twice and will likely not exist in a decade.
posted by meowzilla at 3:17 PM on February 6, 2016

Goodness. I really can't think of a single other company where a single careless software bug will invariably explode into millions of page views and the Grar Parade will be out in full force, and it will be somehow considered not totally crackpot to simply assume maliciousness in all ways.

I mean, hell, Flash was a major malware vector for years on the majority of computers out there, yet you don't see people lining up to broadcast their outrage.

It's remarkable to see just how angry Apple still makes otherwise normal people become. It's only marginally when they actually screw something up.
posted by DoctorFedora at 3:27 PM on February 6, 2016 [2 favorites]

Goodness. I really can't think of a single other company where a single careless software bug will invariably explode into millions of page views and the Grar Parade will be out in full force

Really? Microsoft in the 90s and most of the 2000s? Ring a bell? The reaction to this is positively tame compared to what Microsoft got for doing literally anything.
posted by Pyrogenesis at 3:43 PM on February 6, 2016 [7 favorites]

11. Take coin change from change-dispensing machine. ugh that fucking thing
...
13. Take bill change from cashier.

What the hell is this craziness?

I am in the UK and have only just realised that the US don't do chip and PIN/contactless. But here's my routine at the till.

1) Put snack on the counter
2) Total appears on the till screen after they've been run through the scanner
3) I take out my card, tap it to the contactless screen, put back my card
4) Take my receipt.

No need for cash although I like to keep some handy.

I see why using your phone as payment might be considered a good idea if you don't have this "middle-tier" payment system, and I suspect one of the reasons payment-by-phone hasn't really taken off in this country.
posted by urbanwhaleshark at 3:46 PM on February 6, 2016 [4 favorites]

I'm one of those dinosaurs who doesn't have any banking apps on my phone, no financial stuff at all. I use my low-end Samsung smartphone as a phone, for texting, navigating/maps and a little browsing, very unsophisticated. I definitely wouldn't use it as a payment method.

I haven't even got my travel pass loaded on my phone or a credit card (which London Transport now lets you do). I prefer to keep them safe zipped up in my bag out of the reach of pickpockets, not loose in a pocket just so I can scan it quickly. If my Oyster card is taken out of my pocket, it can only be used by a thief for very limited travel until I stop the card, and I wouldn't be at risk of losing money.

I embrace some payment technology. I use contactless payment, it takes a matter of seconds to get my card out and put it away again. I particularly like the self-scanning system in Waitrose where you scan and pack your shopping as you go round the supermarket with your own barcode reader. But I don't get this need to have one's entire life stored on a phone.
posted by essexjan at 3:50 PM on February 6, 2016

Really are we holding up Adobe of all companies as tech companies that people don't grar about? Because based on the numerous threads I have seen about flash and CC Adobe is hated almost as much as Comcast.
posted by vuron at 3:53 PM on February 6, 2016 [3 favorites]

I really can't think of a single other company where a single careless software bug will invariably explode into millions of page views and the Grar Parade will be out in full force

It's a bit disingenuous to call this "a single careless software bug", seeing as it destroys the device whenever it pops up. Everyone who encounters this bug is out several hundred dollars, or local equivalent.
posted by kafziel at 3:56 PM on February 6, 2016 [2 favorites]

Apple says iPhone 'Error 53' is to protect customers' security. (Guardian)
posted by urbanwhaleshark at 4:03 PM on February 6, 2016

"Several hundred dollars" is really $109 or $129 for an out-of-warranty screen repair for most models of iPhone, and probably nothing, if covered.
posted by a lungful of dragon at 4:06 PM on February 6, 2016

Depends on where you are. It's C$140-C$200 plus 10.44 shipping in Canada.
posted by Mitheral at 4:12 PM on February 6, 2016

"Several hundred dollars" is really $109 or $129 for an out-of-warranty screen repair for most models of iPhone, and probably nothing, if covered.

... ? No, as it says in TFA, it's 270 pounds - $400ish - for a brand new phone, because this error code means you're bricked.
posted by kafziel at 4:13 PM on February 6, 2016 [1 favorite]

It seems like a significant, but less sexy part of the story has been left out, so let's start from the first link in the causal chain of this story, which is needing to fix a damaged sensor.

If you choose to get the sensor repair done somewhere else, then Apple has no way to know what other parts of your phone that involve security have been compromised, which increases its liability with merchants and with you. So this requires a more expensive repair.

If you do the initial repair through a trusted shop, then you're not out "several hundred dollars", but whatever the flat rate is in your local venue, which is much less, or nothing, if you're covered, which is much, much less.

It seems like The Grauniad's story leaves out the part where security hardware components get compromised by third parties, anyway, which changes the actual costs and risks in question. I am really curious why their editors are okay with taking this tack. Maybe the GCHQ really got their claws in them after Rusbridger left?
posted by a lungful of dragon at 4:25 PM on February 6, 2016 [1 favorite]

Clearly not that furious, or he wouldn't have bought another. When the typical user's response to having his $400 iPhone bricked by Apple is to go right out and buy another brand new $400 iPhone, there is little incentive for Apple to change their support model.

Well, if you have your phone backed up to iTunes, the only way to get access to that stuff in that configuration again is to buy another iPhone and restore to that, right? So I wouldn't chalk that decision up to a lack of caring about the price—for accessing your backups and other reasons, buying an iPhone again might make the most sense. That's even more reason to be mad.
posted by limeonaire at 6:25 PM on February 6, 2016 [2 favorites]

It seems like a significant, but less sexy part of the story has been left out, so let's start from the first link in the causal chain of this story, which is needing to fix a damaged sensor.

Except in the cases mentioned in TFA where the phones were damaged but not repaired at all, because they remained functional until this software update. So no, going to the Apple store for all your repairs (which is not feasible everywhere, as already mentioned in the thread) is not a panacea.
posted by Dysk at 6:39 PM on February 6, 2016

Except in the cases mentioned in TFA where the phones were damaged but not repaired at all, because they remained functional until this software update. So no, going to the Apple store for all your repairs (which is not feasible everywhere, as already mentioned in the thread) is not a panacea.

And, of course, that for the months up until this update that suddenly started bricking phones, there was no communication or indication that there was any difference between the two choices.

And there's not a choice now, either. Going to an approved third-party repair shop will brick your phone, you have to send it directly to Apple instead.
posted by kafziel at 8:11 PM on February 6, 2016

It seems like The Grauniad's story leaves out the part where security hardware components get compromised by third parties

Having the home button replaced with another genuine part is not compromising the security of any hardware components whatsoever. The earlier analogy of burning down a house because someone rekeyed the door lock is apt. If Apple's response was to verify that the part is genuine and charge a nominal fee for pairing the button with the secure element, that would be somewhat reasonable. But instead they are telling people they need a new phone.

I mean, it's still unreasonable to brick the phone rather than just disabling the fingerprint reader and possibly Apple Pay functionality, but at least if Apple offered some repair option it would be less blatantly terrible. Unless the home button was such a terrible knockoff that it caused physical damage to other hardware components, there is no reason whatsoever that it can't just be replaced if Apple feels the need to be dickishly over the top about it.
posted by wierdo at 8:29 PM on February 6, 2016 [1 favorite]

You've... you've got that all backed up, right? In more than one place?

Yes? You have to work pretty hard to get the iPhone to not automatically back itself up to either the cloud, or your computer. I have it going to both.

Owning an iPhone means if it is ever lost I can remotely brick it myself, without losing any data (or track it down, or send it a message, etc.). It now also means that if someone steals it and tries to physically break the security that has made it such a pain in the ass for phone thieves, it will destroy itself.

No matter how abhorrent this sounds to the average metafilter user, this is an overall benefit to iPhone users.
posted by danny the boy at 9:03 PM on February 6, 2016 [1 favorite]

No, not knowing your pass code/PIN/whatever is as much a deterrent as bricking your phone if you replace the home button. It isn't as if the button itself can send some magic data to the secure element that then unlocks your phone, unless that magic data is the fingerprint you have registered previously. There is literally zero security benefit to this, which is why I'm convinced it is a bug.

If not, this comic is apropos.
posted by wierdo at 9:15 PM on February 6, 2016

Having the home button replaced with another genuine part is not compromising the security of any hardware components whatsoever.

No one knows with any measurable certainty that a part is genuine, and, more importantly, that it isn't doing anything other than its intended job, unless there is some kind of process for vetting it and the people installing it.

Even then, there are few guarantees, but an audited process is better than just letting a potentially malicious stranger install anything into a device that grants increasingly broader and deeper access to a lifetime of sensitive financial and other personal data.
posted by a lungful of dragon at 10:16 PM on February 6, 2016

Yeah until you have a customer who backs up to iCloud, except they're using the 5gb plan and it ran out of space months ago because they're backing up an iPad and an iPhone to the same account, ignoring iCloud space warnings along the way because they apparently "didn't apply to me, I thought it was an Apple thing". Dear God. Asking them if they realize the problem inherent in backing up 25 gb worth of selfies and pictures of their fancy lunches to a 5 gb space results in a glazed, confused stare followed by "you can get it back, right?" in a trembling voice. No, idiot, I can't, Apple can't, God can't. Put the iPhone down, here's a flip phone more suited to your brain pan size.

My experience is that most iPhone users (and a good chunk of Android users) are in fact pathetically uneducated about where their data is backed up, if at all. Most expect it to just magically be somewhere else without them having to do anything, you know, to verify the backups actually work. I'm sure the number of users I've personally worked with who have lost or destroyed their phones is over a hundred by now. And I've only been working in the smartphone space for a couple of years.
A really disturbing and sizable chunk of those users had the only pictures of their vacations and dying relatives and graduations and weddings in their phones. Let alone critical passwords stored in their "notes" app, phone numbers, what have you, all kept in this one, single device that they beat the crap out of, dip in their dinners, drop in toilets, throw at each other, and however else they abuse them. And for a great many of these highly educated people, the most predictable answer to my asking "could you put in your Apple Store password so I can check your iCloud settings?" is "what do you mean?"

MAKE SURE YOUR SHIT IS BACKED UP, PEOPLE! But please, for all that you hold so dear in that single point of failure in your pocket, test the backups. Back up your phone and then do a restore to make sure the backups are actually there.

Sorry for the derail but goddamn it
posted by disclaimer at 10:26 PM on February 6, 2016 [4 favorites]

...and I'm not talking about flighty kids or dippy people here. I work with business owners, lawyers, highly skilled camera operators, video editors - smart, successful people, who can't wrap their heads around the idea that someday, that phone might be gone, just gone, with no warning. I mean Jesus Christ
posted by disclaimer at 10:36 PM on February 6, 2016 [1 favorite]

No one takes back up seriously until they've been burned at least once.
posted by Mitheral at 10:45 PM on February 6, 2016 [6 favorites]

Back up your phone and then do a restore to make sure the backups are actually there.

Please don't actually test your unproven backups in a way that might potentially overwrite the one known good copy of your data.
posted by Dysk at 2:25 AM on February 7, 2016

You should buy a second iPhone for the purposes of testing your backups.
posted by urbanwhaleshark at 4:20 AM on February 7, 2016 [1 favorite]

Dysk: if the backup is bad the restore won't proceed, it will stop before it overwrites the phone. You should be careful and read every screen carefully as you go, but taking a backup and then immediately restoring from it should not lead to problems.
posted by disclaimer at 6:07 AM on February 7, 2016

So, I'm currently in Mexico, which I believe has no Apple Store anywhere in the country, and ordinarily I live in Alaska, which does have an Apple Store, but it's 350 miles from me. What is Apple's suggested approach if my phone gets busted? I do have an apple-approved retailer/repairer near me. Is that good enough? Or am I supposed to send it away for a month by mail (ugh)?
posted by leahwrenn at 7:25 AM on February 7, 2016 [2 favorites]

No one takes back up seriously until they've been burned at least once.

There are two kinds of computer users: those who have lost data and those who will lose data.
posted by Johnny Wallflower at 9:19 AM on February 7, 2016 [1 favorite]

I hate to break it to you Johnny Wallflower, but there's really only one kind of computer user...
posted by Nelson at 9:38 AM on February 7, 2016 [4 favorites]

I am actually somewhat on the side of manufacturers wanting to keep people out, for warranty control. I'm a factory trained tech for several brands of printers and MFPs, and particularly with the SOHO and consumer market, we get a lot of printers in for warranty service that were crippled by third-party toner/ink cartridges. Sometimes the bad toner is still in the printer when they bring it in, sometimes the user has swapped it out for an OEM cartridge first, but many of these printers keep fairly detailed logs when consumables are replaced, and if they were OEM or not.

So after having to do so many cleanups from leaky third-party cartridges, replacing drive blocks because a third-party toner seized up and broke some gears, and on and on, I can understand why a manufacturer would not want to have to repair under warranty issues that were caused by a competitor's product. That sort of extends to unlicensed third-party repair shops. Do they know what they're doing? If they dive in and bust things up because they weren't trained on the product, why should the manufacturer have to cover that as a warranty claim? Or worse, if some malicious third-party repair shop installs a fingerprint sensor that collects data and starts leaking it back home, the fingers are going to point to Apple. I can't really fault Apple for taking the nuclear option here, especially when we as users entrust so much sensitive data to our phones.
posted by xedrik at 9:54 AM on February 7, 2016 [2 favorites]

Jesus Christ. The home button can't exfiltrate data or compromise device security by magic. If the only wires that are connected are the ones that are supposed to be connected, the button can't do anything to the phone it isn't supposed to. (Unless there is a really, really bad bug or hardware misdesign somewhere) That is just paranoiac BS. Even if it isn't, disabling touch ID and only accepting button clicks from an unknown button solves the problem relative to the phone.

I have much more sympathy for the "repair of unknown quality" argument, but Magnusson-Moss says fuck off unless you can prove the repair is the cause of the damage. (Assuming you are in the US)
posted by wierdo at 10:37 AM on February 7, 2016 [2 favorites]

Oh, and if you want to verify the button isn't trying to exfiltrate your fingerprint data wirelessly, attach an ammeter for a while. It takes power to send a signal. Power that is in addition to that necessary for the normal functioning of the device. When it sends, you will see the spike. If you want to go belt-and-suspenders, get an SDR dongle and monitor for rogue wireless signals. Barring terrible engineering, the home button can't tell the phone to send data over the normal channels. I am willing to believe that Apple isn't full of extreme incompetence.
posted by wierdo at 10:41 AM on February 7, 2016

So how hard would it have been to have the upgrade program check that the phone had fallen from grace, and that installing the upgrade would brick it, and having the installer give a warning or prompt or some advice?

I know it would have made the upgrade program a lot more complicated, and writing and testing the new code would add work and expense to the whole maintenance program, but my understanding of Apple is that you pay more but they are going to go the extra mile to make your computer stuff work.

This next bit is a bit nerdy, so you've been warned: You know how the C language standard declares some situations to be "undefined behavior", and if your code enters undefined behavior territory, the compiler is allowed to produce a program that can do anything, even launch missiles or delete your entire hard drive, and still be considered to be behaving correctly? It feels like Apple considers "having anyone other than Apple work on your hardware" to be undefined behavior, and so they consider launching the missiles to be okay. But they've violated another programming ethos, the principle of least surprise. Having a phone that is in a forbidden state should result in something like the upgrade failing, not complete loss of all your data. People rightly get mad when least surprise is violated.
posted by benito.strauss at 10:43 AM on February 7, 2016 [2 favorites]

If the phone, before breaking, was set up to unlock via either passcode or Touch ID, and the Touch ID breaks, the phone should be able to be unlocked via the passcode. I'm not enough of a cryptonerd to understand why that is apparently Bad or Impossible. Maybe Apple found an exploit that allows for easy passcode decryption via a broken TouchID mechanism. I'm just guessing here. But what I do know is that Apple seems to take customer data safety more seriously than just about any other company on the planet (with maybe the exception of Open Whisper Systems), and I really, really appreciate it.

Every other company you do business with will happily unlock everything you've said, everything you've written, everywhere you've been, every photo you took, and hand it over to the government with or without a subpoena. Apple won't. They've made it so they can't. And that's why - even if I have to pay an absurd premium for a brand new phone in the case of damage - I'll be a loyal customer until that changes.
posted by Awful Peice of Crap at 11:35 AM on February 7, 2016 [2 favorites]

"which just starts enumerating all fingerprints at an absurdly fast rate."

The blindingly obvious answer to this is to throttle login attempts at the OS level, just like virtually every Unix login prompt in the world.

The decision to encrypt the phone against a key stored on the home button is another can of worms, and is certainly not immune to being compromised.

I'll join the chorus and state that while this might raise some concern, Apple had several decent options for handling this better. Odds are, this was a mistake, but Apple's obnoxiously obtuse PR strategy has us all reading the tea leaves about what their actual intent was.

Apple are getting far too big to be fumbling through affairs like this. There's a very clear lack of planning and communication, which is troubling for the supposed market leader.
posted by schmod at 3:33 PM on February 7, 2016 [1 favorite]

Agree about the clear lack of planning. Apple has shamefully neglected its software for far too long, and really needs to get a handle on quality control and ease-of-use.
posted by Johnny Wallflower at 4:13 PM on February 7, 2016 [3 favorites]

The sock example, while on point, doesn't capture the most aggravating aspect of this whole business.

Me: "What the fuck? This sock doesn't work."
Sock: "GRGBKHSLLSKKPhbbt"
Me: "What??"
[Hours of increasingly disbelieving googling and many weeks later.]
iSock: " Dear Sock Buyer-

As you may know, we long ago sewed your credit card into your socks. If you previously darned them yourself, you are naturally now unable to wear your socks ever again. This has been for your own protection, as you should have known despite the fact that sock self-destruct was an unannounced retroactive new feature.

Sincerely,
The iSock Team."
Me: I will never update my socks again.
posted by chortly at 5:10 PM on February 7, 2016

The blindingly obvious answer to this is to throttle login attempts at the OS level, just like virtually every Unix login prompt in the world.

This does actually happen. After five failed attempts the Data Protection keys that are encrypted by the Secure Enclave on behalf of the Touch ID sensor are discarded. At that point you need to put in your PIN for the Secure Enclave to provide the key unlock the OS.

The decision to encrypt the phone against a key stored on the home button is another can of worms, and is certainly not immune to being compromised.

It's not. The phone is encrypted by a 256-bit AES key laid down in the Secure Enclave during fabrication. There's an AES engine put in the DMA path of the flash which uses a key derived from the AES key and from your passcode called the class key. From that class key you have other per-file keys wrapped up with their specific permission sets. The CPU never sees any of the keys. When you choose to turn on TouchID the TouchID sensor wraps the class key in another key from the Secure Enclave. Once the fingerprint is authenticated the class key is unwrapped and provided to the OS to log in.
posted by Talez at 5:17 PM on February 7, 2016 [2 favorites]

I can understand why a manufacturer would not want to have to repair under warranty issues that were caused by a competitor's product. That sort of extends to unlicensed third-party repair shops. Do they know what they're doing? If they dive in and bust things up because they weren't trained on the product, why should the manufacturer have to cover that as a warranty claim? Or worse, if some malicious third-party repair shop installs a fingerprint sensor that collects data and starts leaking it back home, the fingers are going to point to Apple.

I get where you're coming from, but I'm generally opposed to idea of using the repair restrictions/requirements that one might expect to see for $100k-$200k luxury sports car for a $700 phone. For example, IIRC, if any uncertified mechanic works on a Ferrari, at worst it can easily void the entire warranty or at the least, reduce the resale price of it by $30k to $80k due to having an inaccurate repair log. However, none of Ferrari's reaction to warranty violations include the chance of 'bricking' your car at some random point in the future. Even Tesla motors had to change their warranty policy about batteries after the furor that came from people finding that that the battery would be bricked if left unplugged for a week or more, and the $40k replacement cost was not covered. Just because it is 'only' $700 is not a defensible reason for supporting a "we fix or we brick" policy that could kick in at anytime.

While this incident is hopefully a one-time thing, I hope there is enough negative reaction from users that it can be an example to help to limit the overall trend of companies increasingly punishing people for doing repairs on things that they have purchased and own. I am generally OK with having a list of things that will void my warranty. In regards to printers, I have no problem with paying for a repair that would have been covered if I had not chose the cheapest third party toner I could find, AND that was the cause of the problem. I could even see myself being unhappy, but at least understanding of having a feature disabled due to a serious security risk outside of the phone itself (such as being unable to use ApplePay).

However, I'm NOT OK with the idea of suddenly finding myself retroactively punished by outright bricking my device for something that should only have voided my warranty. I find it extremely hard to believe that Apple found themselves entirely unable to simply restrict those phone's access to OS-based fanatical transactions to only the iTunes and App stores (making them no different than an iPhone 5 or earlier as far as security goes) and "nuking them from orbit" was the only feasible option. Talez's comment above about the authentication process seems to indicate that if the phone detects it's compromised, it should be possible for it to go into a lockdown mode, clear the keys, maybe even immediately wipe all the data on the phone, and require it to be unlocked by an Apple tech but with ApplePay and TouchID permanently disabled on that device. Inconvenient and irritating, but at least you still have a phone. Instead, they chose to go with bricking it.

Companies will continue to do everything they can get away with to control the devices they own, because, well, why not? It's in their interests to do so to the best of their ability and pretty much limited only by the law and what the market will accept. As it is right now, there seems to be little opposition to the increasing level of control companies have over how their products are used long after they were purchased and "owned" by the customer.

Ideally, there needs to be and entire overhaul of the legal definitions of things like 'own/owner,' 'purchased,' 'subscriber,' 'leased,' etc. and limits placed on what companies can or cannot do to devices they sell. You may 'own' the hardware of an iPhone, but the software is 'licensed' in several different ways, and you need to have a 'subscription' to a third party to use the cell phone features. The problem lies in how they are so entangled with each other, that 'owning' an iPhone is worthless without simultaneously 'not owning' the OS and firmware that makes it work (at least you can still use most of the features of an iPhone without the 'cell phone' part). The only solution I can see that could reasonably resolve this is a decade-long or more legal/legislative fight to require manufacturers to provide a separate, stripped down OS/firmware version that could be 'owned' (or as close to it as possible) by the end user, or at least a process where the phone is formally registered as 'deactivated,' where the OS is removed, the firmware replaced with an open version, and given back to the user. At that point, the ties between Apple and the end user are cut. Apple's legal responsibilities and liabilities concerning that device would end, and going after them at that point if the device is somehow involved in a legal problem should be as silly as going after a cardboard box company for making the box that another company used to contain and ship an unsafe or defective product.

There's all sorts of features that will need to have open-source solutions to be able to make the iPhone at that point anything more than a fancy palm pilot, but it's the user's problem now. That camera will need to use a different codec to encode video, video playback that uses both hardware and software decoding will need to be added in for example, because many of those codecs are paid for an licensed by Apple in a bulk user agreement (see here and here). There's plenty of people that would jump on such a project.

Such an overhaul is a pipe dream, I know. Perhaps some progress towards that might be possible in the EU over time, but any chance of that happening in the US is laughable. Disappointing, but laughable. Look at how easy it is for people to immediately categorize anyone who might want to customize, modify, or even do something as basic as a screen or battery replacement on their own is labeled 'hacker,' which somehow is a logical basis for dismissing complaints, questions, or concerns, or just more hater/fanboy/brandwar nonsense, and to top it off, the same word being used as a generic term for 'techno-criminals.' Just do a search on this page for 'hacker' for examples. Until the words "open source" start invoking images in the population of something good for people, in the vein of things like 'consumer safety' or even simply 'volunteering,' and not just some image of a stereotypical bearded UNIX admin that has idealistic, hippie-like notions about 'sharing stuff' while talking all sorts of gobbledygook and opponents of the idea increasingly associating it with being some kind of subversive communist, not much is going to happen over here.
posted by chambers at 7:34 PM on February 7, 2016 [4 favorites]

Here's an article from today's Guardian. They quote a UK lawyer who suggests Apple are probably breaking UK consumer law and may also be committing criminal damage under UK law, if they do this to iphones in the UK.
posted by biffa at 12:06 PM on February 8, 2016 [2 favorites]

They are likely violating a (40 year old) US consumer protection law as well, if they refuse to fix a phone that is still under warranty solely because the home button was replaced by someone other than themselves or an authorized repair service.
posted by wierdo at 1:57 PM on February 8, 2016 [1 favorite]

I've been wondering if this failure also violates the US rules around all phones being able to dial 911 whether or not they're activated, password locked, etc. I assume there's some leeway built into the rules for mistakes and failures. But if Apple is saying they deliberately crippled some phones so they can't even dial 911, that may be a problem for them.

I wish Apple would just come clean and say it's a bug, with some sort of software rescue option for people who are screwed. They would be forgiven. It's the arrogance of Apple (and its fans) claiming that a firmware upgrade bricking your phone is a good thing that galls me.
posted by Nelson at 2:21 PM on February 8, 2016 [5 favorites]

They quote a UK lawyer who suggests Apple are probably breaking UK consumer law and may also be committing criminal damage under UK law, if they do this to iphones in the UK.

They are likely violating a (40 year old) US consumer protection law as well,

I'm just conjecturing here, but there seems to be two possibilities. The less likely one is that they did not consider all the possible ramifications of the bricking issue, and decided that protecting the ApplePay/digital wallet project trumps any negative PR or a segment of upset users, with the small incidental side bonus of keeping more service and repairs in-house. The more likely one is that they ran the numbers for the total cost of possible class action suits, fines, and possible costs of refunding some of the users still under warranty, and compared that to the cost of a major setback to the entire ApplePay/digital wallet project. So they decided the costs of any legal infraction is an acceptable price for protecting the overall project.

Even if just a tiny fraction of phones were found to have been compromised by an exploited replacement touchscreen, it would significantly damage the overall trust level of banks and processors (moreso than the end user) in Apple's system and would take years to get back to where they were. As long as the banks trust it, the average end user, even if initially wary, will eventually follow. If the banks start to back out or decide to delay things, the project might be derailed for years.

Perhaps this rather extreme action they've taken is much more about Apple demonstrating to the banks how serious they are about this technology than it ever was about shutting out the independent repair market in the name of security.
posted by chambers at 3:37 PM on February 8, 2016 [1 favorite]

-A Kind of Magic
-A New Advocacy Group Is Lobbying for the Right to Repair Everything
posted by kliuless at 5:32 PM on February 8, 2016 [2 favorites]

Perhaps this rather extreme action they've taken is much more about Apple demonstrating to the banks how serious they are about this technology than it ever was about shutting out the independent repair market in the name of security.

Achieving goal x by doing action y doesn't mean you're doing action y any less, or make your attitude to y any less odious. Like, they might not being going after the third party repair market for the sake of it as such, but they're still going after the third party repair market and that fucking sucks. Whether they're doing it to impress their banker mates is kind of neither here nor there if you own a repair shop or a broken iPhone.
posted by Dysk at 11:59 PM on February 8, 2016

Achieving goal x by doing action y doesn't mean you're doing action y any less, or make your attitude to y any less odious.

Oh, for sure. But the goal is a good predictor of how intransigent they will be about it.
posted by Mental Wimp at 9:38 AM on February 9, 2016

Perhaps this rather extreme action they've taken is much more about Apple demonstrating to the banks how serious they are about this technology than it ever was about shutting out the independent repair market in the name of security.

As noted upthread, I'm sure this was the intention. I don't think they care vary much about third-party repairs so much as convincing the financial companies that they're sufficiently trustworthy to let Apple into that clubhouse.

However, as Nelson stated upthread as well, total bricking is almost certainly not the intended out-come by Apple. I think Apple is faffing about now because they don't know how to fix this properly, not because they don't want to. This has all the characteristics of one part of the company not talking to another, and no one at the top properly understanding what was going on. This looks to me like a management failure, specifically a failure to QC their design.
posted by bonehead at 9:55 AM on February 9, 2016 [1 favorite]

However, as Nelson stated upthread as well, total bricking is almost certainly not the intended out-come by Apple. I think Apple is faffing about now because they don't know how to fix this properly, not because they don't want to. This has all the characteristics of one part of the company not talking to another, and no one at the top properly understanding what was going on. This looks to me like a management failure, specifically a failure to QC their design.

If bricking weren't the intent, surely the replacements would be free, not full price.
posted by kafziel at 4:58 PM on February 9, 2016

This test was designed to check whether Touch ID works properly before the device leaves the factory, and wasn’t intended to affect customers ... For anyone who experienced error 53, Apple has released an update to iOS 9.2.1 to allow you to successfully restore your device using iTunes on your Mac or PC.

So much for the "bricking the phone with an obscure error message was a security feature!" argument.
posted by Nelson at 12:24 PM on February 18, 2016 [5 favorites]

TechCrunch: Apple Apologizes And Updates iOS To Restore iPhones Disabled By Error 53

Note: "... the update will NOT re-enable Touch ID."
posted by RedOrGreen at 2:34 PM on February 18, 2016

So much for the "bricking the phone with an obscure error message was a security feature!" argument.

This just proves how Apple don't take security seriously. I mean, we've had long and detailed explanations in thread of how doing anything other than bricking the phone in circumstances that cause error 53 would be insufficient security, and how being able to unbrick it would be even worse.
posted by Dysk at 2:42 AM on February 19, 2016 [7 favorites]

"This just proves how Apple don't take security seriously. I mean, we've had long and detailed explanations in thread of how doing anything other than bricking the phone in circumstances that cause error 53 would be insufficient security, and how being able to unbrick it would be even worse."

How? All it checks is to see if the fingerprint reader hasn't been tampered with. The fingerprint reader doesn't store any data, it just reads the fingerprint and passes it on. A tampered fingerprint reader could be theoretically used to capture people's fingerprints and relay it to some third party or something so the secure way of avoiding this is to disable the fingerprint reader.
posted by I-baLL at 8:18 AM on February 19, 2016

This just proves how Apple don't take security software seriously.

So it's a bug, not a feature, and they're reimbursing folks who paid for a repair, but damn, Apple really needs to get its shit together in the software department. Not just QC, but UX and Cloud issues, too. It's embarrassing, y'all.
posted by Johnny Wallflower at 9:25 AM on February 19, 2016 [2 favorites]

It may be that Apple is *choke* just another computer company...
posted by Mental Wimp at 10:04 AM on February 19, 2016 [2 favorites]

They were a really good computer company, and seeing so much slipping the last few years is disheartening. 'Attention to detail' is their product.
posted by bongo_x at 10:54 AM on February 19, 2016 [1 favorite]

I'm willing to give Apple a pass on "software update doesn't work on phones with modified hardware". I mean yeah ideally it wouldn't happen, but software's complicated and you can't test every scenario. It's the way they handle this stuff afterwards that's so maddening. Days of silence, fanboys declaring Apple can do no wrong, etc etc. Just own up to the mistake and fix it. Which they finally did, but not before it became Teh BIg Dramaz for a week.
posted by Nelson at 12:19 PM on February 19, 2016 [4 favorites]