I went to the Apple “Genius Bar” today to get my iphone screen repaired (it shows only a white screen). They told me I need to disable the “find my iphone feature” before they can start the repair. This requires me to confirm it on the phone itself - which does not work due to the broken screen. So the apple staff handed me a “Showcase iPhone” of the apple store which had a “apple support” app on which I need to enter the password of my phone. I have no idea what this apple support app is doing or if it is legitimate at all (ass this is a show phone where many people have access to). I ended up leaving without repairing the phone and now consider to go to an unofficial screen repair shop. From a security point of view that does not look like a very good approach. Any thought on this?


There is a discussion on Hacker News, but feel free to comment here as well.

  • Vent@lemm.ee
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I had my Samsung phone repaired at an authorized shop recently. They required the password for my phone in order to run tests that Samsung requires as part of the authorized repair process. Likely the same for Apple?

    I made a quick backup of everything important and wiped my phone before handing it over. Give anyone 30 seconds with your phone and they can drain your bank account and get you fired from your job. Not gonna trust anyone with that level of power, but everyone else at the shop was fine with it.

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    If your data is sensitive, and unencrypted, you can’t give up physical custody of your data for repair. For Apple products that means you can’t give up your device cuz you can’t remove the data.

    For other manufacturers, like laptops, you would just remove the hard drive, the SSD, the NVMe, whatever, and then send the main board in for repair. No problems.

    For integrated storage solutions, basically all Apple products, you have to make the choice is the data sensitive, or is it not? If it is sensitive you can’t repair it, unless you can have full custody and observe the process in real time…

    Not a great answer I know.

    Maybe with Apple products, you could use find my iPhone to wipe the phone remotely? Once it’s wiped then you could unlock it for the repair people.

    • acockworkorange
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      That’s not the question posted though. The person accepts that their data is in their custody, with a degree of protection offered by the password. We can debate how flimsy that protection is, but that point is never raised because the store asked for their password, without telling them why.

      What sort of bullshit excuse would there be to require an unlocked, untraced phone to fix a broken screen? Replace the screen, boot the phone. Does the new screen show all the pixels? Call the customer in and have them look at it. Done.

      It’s beyond me how one can defend the store behavior.

        • acockworkorange
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Oh I didn’t mean to imply you were. I was referring to the majority of comments on Hacker News. Re reading my comment I can see that was not clear at all, sorry. I get too much in my own head sometimes.

  • mreiner@beehaw.org
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Do you own another Apple device from which you could remove your phone from your account (instead of using the store’s phone)?