Hacker News new | ask | show | jobs
by scintill76 3877 days ago
Am I correct in assuming this is some kind of enterprise managed provisioning? I am surprised that they both ship it that way, and that it can't be removed. I guess Apple doesn't care about killing resale value (in the case of it being unremovable), but you'd think these kind of screw-ups would be a reason not to ship it this way. Do the restrictions extend deep into the hardware, or are they just saving the enterprise customer like 3 minutes per device pushing a profile over USB?
1 comments
EvanAnderson 3877 days ago
It's the Apple Device Enrollment Program (http://www.apple.com/business/dep/) and it allows enterprises to exercise "mobile device management" at the time of device activation. Apple says that once devices are enrolled they can't be removed (because, presumably, rows cannot be deleted from a database after being added... >sigh<).
link
giovannibajo1 3877 days ago
It's not that easy. DEP is meant to also protect private property, so it piggy backs on activation lock to bind a device to a certain (company) Apple ID. Obviously, there must also be no way for any person to social engineer an Apple Care representative over the phone to get DEP lifted from a device, and this is why Apple Care can't do that, period. The only possible way to remove that is going through the private key bound to the MDM for that decide, the same MDM that requested DEP while buying the device in the first place.

(Obviously, much like for activation lock, it is indeed possible that someone with "root access" - so to speak - to Apple systems would be able to manually disable DEP; but the point is that this possibility isn't exposed on any user-level user interface)

link
Dylan16807 3877 days ago
>Obviously, there must also be no way for any person to social engineer an Apple Care representative over the phone to get DEP lifted from a device, and this is why Apple Care can't do that, period.

That's not obvious to me. Those same people can be social engineered into giving someone access to your data, which is an order of magnitude worse than a device wrongfully moving accounts.

link
EvanAnderson 3877 days ago
I was not aware that there was any mechanism, even for the rightful owner, to have DEP membership removed from a device once it's enrolled. I'll have to look into that.
link