[nickik]

You attack the weakest aspect of a system and with traditional phones that was not the interface to the state.

Apple having a well such a key now is problematic but it is necessary. As long as apple only signs individuel versions that is hardcoded to one perticular phone, the danger is not that large. These keys are protected with lots of effort and access to it is limited.

If apple is forced to unlock hundreds of phones they will not sign a version for each phone individually, the will have a version that runs on all phones. This software is way more problematic then the key itself.

This is by the way exactly what the securty expert said in front of the house:

https://judiciary.house.gov/hearing/the-encryption-tightrope...

[dogma1138]

Apple doesn't and as far as I can tell cannot sign a version for an individual phone a signed binary by apple that removes the security settings for a phone lock/wipe will be valid for any other apple phone as long as you can trigger an update which you can using iTunes you should be able to deploy it on any device you want.

There are no individual singing keys for phones that would be unmanageable there are probably a handful (or even a single one) singing keys that apple has which are valid on their devices and that's it.

[nickik]

That is wrong. The phones have hardware ids and those can be checked in code. They can sign a binary blob that runs on one phone only.

[dogma1138]

No its not, phones have hardware ID's that are used to generate the encryption key (on phones with a secure enclave, this isn't even one) I have seen no evidence that there is any specific per phone signing of apple software.