[lukeschlather]

The article pretty well lays out why this doesn't work. We're talking about recyclers here. The people sending in these devices have literally thrown them away into a trash bin. There's no return address.

Creating a backdoor might not be the answer, but it sounds like there's no way to send a message to the phone's iCloud account saying "Hey I have your phone, it was recycled. Please remote-wipe and unlock it or give me an address to return it."

[zozbot234]

> it sounds like there's no way to send a message to the phone's iCloud account saying "Hey I have your phone, it was recycled. Please remote-wipe and unlock it or give me an address to return it."

Apple (and Google, with the Android equivalent) could do this easily, couldn't they? Wouldn't this also be useful for the case of devices that are lost and found, so that they can be returned to the owner?

[filleokus]

At least on Apple's side (Find my iPhone), the owner can mark the device as lost [0], which will lock it and display a custom message on the lock screen. But a "pull" solution where a finder of the phone can contact the owner would be nice.

[0]: https://support.apple.com/library/content/dam/edam/applecare...

[skywhopper]

This is already easy to do using Find My Devices in iCloud. You can have the devices put up any message you want.

[zozbot234]

The owner can arrange for this, but not whoever finds the device. It would be nice to make this possible - perhaps with some appropriate policy around it, so that the feature can't be abused.

[GhettoMaestro]

> The article pretty well lays out why this doesn't work. We're talking about recyclers here. The people sending in these devices have literally thrown them away into a trash bin. There's no return address.

It sounds like the system works as designed. Steal a locked-iPhone? Congrats, you just stole a worthless brick. Please illustrate to me how this mechanism "doesn't work" when it seems to defeat 99%+ of folks from re-selling the illegitimately-obtained device for any meaningful amount of money, contrasted to its worth in an unlocked state.

[wlesieutre]

Parent comment knows it works as designed as an anti-theft feature.

They're arguing that it's not designed well because it should accommodate recovering parts from phones that were knowingly disposed of without the owner releasing the activation lock first.

As parent comment points out, this could be a simple matter of the refurbisher requesting a release of the lock, sending a request through Apple, and Apple requesting permission of the phone's owner via the account it's locked to. If the phone was stolen, they click no. If the phone was given for recycling and has parts that can still be used, they click yes.

If Apple really wants to reduce waste (their next big environmental goal after meeting the renewable energy one), they could offer a $5 gift certificate to incentivize people to bother with releasing their old phone's motherboard if it's still usable, but implementing this in the first place would already cost them time and money so I'm not holding my breath.

[GhettoMaestro]

> They're arguing that it's not designed well because it should accommodate recovering parts from phones that were knowingly disposed of without the owner releasing the activation lock first.

> As parent comment points out, this could be a simple matter of the refurbisher requesting a release of the lock, sending a request through Apple, and Apple requesting permission of the phone's owner via their account. If the phone was stolen, they click no. If the phone was given for recycling and has parts that can still be used, they click yes.

Is that even possible? (Legitimately curious) My understanding is in the current design certain expensive things, like the SoC+Security-Enclave are certed/secure-booted, and I imagine other parts are just generic / "off the shelf" plug in and power up and go.

If it is possible to allow more component level re-use without violating the security goal (deter theft), I'm all for it. The more I think about this I honestly think this is active design decision by Apple to avoid a number of long tail permutations they would otherwise need to test and support.

[wlesieutre]

I think it's possible? The activation lock doesn't happen at the hardware level, it's when you're setting up and activating the phone. It has to ask Apple's servers "can I activate this?" and Apple makes you sign in with the Apple ID that it's locked to before authorizing it. Doesn't seem like there should be any technical reason that a "Request permission from registered owner" option wouldn't work as well.

[wlesieutre]

Missed the edit window, but a potential hiccup with this is wiping of user data off of the storage. Once Apple says "yeah you can activate it" I'm not sure if they could enforce a disk wipe. Maybe the data is encrypted with something linked to your Apple ID, and reactivation means the data is junked? Not sure how that works.