[bengoodger]

Funny story. I wanted to buy a cheap iPad for my son. I could have got one from Amazon but after hearing so many stories about scams or refurb devices or devices with someone else's state on it I decided not to deal with that headache and ordered direct from the Apple website.

Upon turning on the device for the first time it showed a screen saying it was controlled by the LDS Church and wouldn't proceed through guided setup until I acknowledged that. After some time on the phone with customer service, we determined there was no way to remove this configuration. I ended up having to return it to an Apple store. The rep there said "yeah that happens sometimes" (someone pulled from the wrong pile in fulfillment most likely). So sometimes you're damned if you do, and damned if you don't.

If anything Amazon's customer service is better - to resolve an issue like this for items they ship I don't have to drive anywhere, just put the box back on my front doorstep. I wish they would make it clearer when you're buying things from them, and would do a better job of associating compatible products. This seems like data they should be able to have, and UI they should be able to build.

[jon-wood]

Annoyingly in places it looks like data they have and turns out but to be. I once bought a desk lamp which below it included the "people buy these together" box, which showed the llano and a bulb.

Frustratingly it wasn't the right bulb, but I just fed a further data point into Amazon's model, and reinforced their belief that its useful to list those two items as a pair.

[scintill76]

Am I correct in assuming this is some kind of enterprise managed provisioning? I am surprised that they both ship it that way, and that it can't be removed. I guess Apple doesn't care about killing resale value (in the case of it being unremovable), but you'd think these kind of screw-ups would be a reason not to ship it this way. Do the restrictions extend deep into the hardware, or are they just saving the enterprise customer like 3 minutes per device pushing a profile over USB?

[EvanAnderson]

It's the Apple Device Enrollment Program (http://www.apple.com/business/dep/) and it allows enterprises to exercise "mobile device management" at the time of device activation. Apple says that once devices are enrolled they can't be removed (because, presumably, rows cannot be deleted from a database after being added... >sigh<).

[giovannibajo1]

It's not that easy. DEP is meant to also protect private property, so it piggy backs on activation lock to bind a device to a certain (company) Apple ID. Obviously, there must also be no way for any person to social engineer an Apple Care representative over the phone to get DEP lifted from a device, and this is why Apple Care can't do that, period. The only possible way to remove that is going through the private key bound to the MDM for that decide, the same MDM that requested DEP while buying the device in the first place.

(Obviously, much like for activation lock, it is indeed possible that someone with "root access" - so to speak - to Apple systems would be able to manually disable DEP; but the point is that this possibility isn't exposed on any user-level user interface)

[Dylan16807]

>Obviously, there must also be no way for any person to social engineer an Apple Care representative over the phone to get DEP lifted from a device, and this is why Apple Care can't do that, period.

That's not obvious to me. Those same people can be social engineered into giving someone access to your data, which is an order of magnitude worse than a device wrongfully moving accounts.

[EvanAnderson]

I was not aware that there was any mechanism, even for the rightful owner, to have DEP membership removed from a device once it's enrolled. I'll have to look into that.