[faitswulff]

I feel like most posters here aren't reading the full article, specifically this paragraph:

> When asked what could be done, Schindler suggests Apple implement a bypass that would allow certified recyclers and refurbishers to unlock donated devices if they’re not reported lost or stolen. And Shindler says 99% of the locked devices his facility receives aren’t lost or stolen. “People don’t steal a phone to then go run and drop it off at their local recycling center,” he quips.

Allowing certified (by Apple) refurbishers and recyclers to unlock the phones - iff it's not reported lost or stolen - doesn't seem like an open invitation to theft to me.

[jedberg]

How hard would it be for a minimum wage employee of a "certified" recycler to steal the key necessary to unlock locked phones?

A security feature with a backdoor isn't a security feature anymore.

[faitswulff]

Users can already unlock devices themselves over iCloud, correct? What if it just pinged the previous owner to ask if it was legitimate?

[StillBored]

The problem is that a certain percentage of users set-up the icloud account with a password, then promptly forget it exists until they need it. Which tends to be when they have also forgotten their pin, because the pin is now similar to the icloud password and not required for every unlock.

[faitswulff]

Still, it would allow for some devices to be properly recycled and resold while maintaining security for the rest.

[mvanbaak]

> Apple implement a bypass that would allow certified recyclers and refurbishers to unlock donated devices

Sure, and now please tell me how long it will take for the non certified 'recyclers' to also know how to bypass this activation lock? This bypass will render the whole feature useless, and can be removed the moment this bypass is implemented.

[shkkmo]

Not if the bypass requires a cryptographicly signed verification by Apple that the device was not reported stolen.

[mvanbaak]

This still leaves a window where it can be abused. If i get robbed it will take some time before i can enter another system to login to icloud and mark my phone/macbook as stolen.

[shkkmo]

Obviously there can be a delay, are you commenting in a charitable manner or merely being obtuse for fun?

[faitswulff]

Apple already allows remote unlocks through iCloud.

[saagarjha]

I don't trust Apple refurbishers and recyclers to not sell their services to third parties. We know they were already doing this for firmware unlocks.

[scarface74]

There are plenty of reports that most SIM hijacks are done by employees of the carriers who are doing it for money not social engineering. How can low level Apple employees be more trusted?

[kstrauser]

So now the mugger has a reason to beat me senseless so they can sell my phone before I wake up and report it stolen. I really don't want to incentivize a crackhead physically attacking me.