[SayMyName]

Odd article considering everything is still software locked to the phone. Sure it's easier to repair, but if you get your parts from anywhere else than apple's program directly, a lot of features will stop working.

Hugh Jeffreys made a video interchanging parts on two brand new iphone's and it disabled a lot of things including auto-brightness.

https://www.youtube.com/watch?v=K2WhU77ihw8

[millzlane]

This makes it easier for my technicians when customers lie by omission when they have had their device repaired someplace else and they bring it back to us for repair. It's not until we get into the repair and find out someone has stripped screws that can't be removed without extraction tools and replaced LSI's.

It's also nice for consumers who get their devices stolen strictly for parts. Preventing someone from basically chop shopping phones. I don't use iphone's but it's a nice feature. If the parts are serialized they could prevent your stolen iphone's camera from working in someone else's stolen iphone. Essentially locking the parts to a iphone that locked by an appleid.

[Veliladon]

The other thing is that Apple is trying to make things harder for people with large amounts of resources (think nation states) to exfiltrate data by using pwned components. Like when you take it into a repair shop, how do you know that the replacement part isn't compromised?

If I was replacing the front facing FaceID complex I sure as hell would want verifiable Apple gear and it to be paired to the phone. Why would I want some random person to be able to put something in my phone's biometric authentication path?

[buildbot]

This exactly. To have a more secure device this is one of the trade offs. Can you imagine the articles if you could swap out faceID systems to unlock an encrypted iphone?

[candiddevmike]

AFAIK face ID generates a key used to decrypt the data. Swapping the system wouldn't let you unlock it, unless it was performing a MitM against the user of the phone. Honestly most of the TPM and trusted enclave stuff Apple does is mostly to prevent that kind of MitM situation. For most users, I don't see it as a threat to worry about.

[neilalexander]

It’s even more impressive than that — the infrared dot pattern of every Face ID sensor is also physically unique. You can’t swap out Face ID sensors and keep the same enrolment data as a result because the replacement sensor will produce a slightly different pattern.

[1] https://www.apple.com/business-docs/FaceID_Security_Guide.pd...

[sennight]

> Can you imagine the articles if you could swap out faceID systems to unlock an encrypted iphone?

Yes, the articles would go something like this: "WTF is wrong with Apple, did they intentionally implement 'security' in the worst possible way, by leaving the phone unencrypted and just using faceID as a lock screen?!"

That is what they'd have to do for your statement to make any sense, they'd have to leave the data unencrypted and just use a removable component as a pass or fail doorman. So the system would have always been unsecure, it would just be more obvious in this scenario.

[jorvi]

I mean.. they could just show a pop-up after required passcode unlock: ‘your iPhone recently had its FaceID/brightness/battery/whatever swapped - do you wish to fully enable the replacement part for this iPhone?’

[dylan604]

because the $badGuy doing the swap could just okay that request

[tjoff]

If you give your phone to an adversary with large amounts of resources it is game over.

If you have to worry about that I most certainly would hope that you wouldn't leave your phone to a repair-shop.

[Spivak]

Everyone keeps parroting this like it's 1995 but infinite resources doesn't really help you. In the US FBI case they happened to chain a few now patched exploits in the lightning port that did nothing except allow them the ability to brute force the password. Had the password been strong it would have been game over.

Regular, run of the mill encryption you can download at every corner store can withstand attacks from nation states.

[solardev]

Zero-days are a thing, as well as companies that find them specifically to sell to governments

[chasd00]

well, depending on the adversary, the resources required could be trivial.

https://imgs.xkcd.com/comics/security.png

[mechanical_bear]

Or leave your MacBook at a repair shop with texts and emails to various VIPs, etc on it… oh wait.

[sosull]

It’s a very fair point, but stranger things have happened. Case in point: https://en.wikipedia.org/wiki/Hunter_Biden_laptop_controvers...

[_V_]

How does disabling TrueTone/autobrightness help your security? Or vibration motor? Or battery? Or rear facing camera?

I can answer for you: these are completely unrelated to security. It is just a middle finger from Apple to anyone wanting to repair their device.

edit: typo

[baybal2]

> The other thing is that Apple is trying to make things harder for people with large amounts of resources (think nation states) to exfiltrate data by using pwned components.

Reflashing serial numbers of common i2c chips is routine, and not "harder."

It basically only deters self-taught repair shop owners, without electronics background.

[lofaszvanitt]

Do you actually believe that nation states with shitton level funding can't waltz in and out of an original iPhone?

[jonny_eh]

Maybe? But shouldn't we (and Apple) at least try to make things more secure?

[shuntress]

You are conflating separate concerns.

Tracking serial numbers to black-list stolen parts (too much effort for too little value IMO but I'm not a bean counter for a nation-state-sized corporation so what do I know?) is very different from white-listing ordained parts.

Independent shops should be able to buy broken phones from individuals and part them out for repairs without jumping through Apple's hoops.

[dwaite]

> Independent shops should be able to buy broken phones from individuals and part them out for repairs without jumping through Apple's hoops.

I assume in this scenario that all independent shops are trustworthy entities that won't use stolen, reclaimed, or third-party parts in order to save money, without informing the customer?

[robocat]

Apple could provide a genuine parts and stolen parts tracking tool for the most valuable parts: screen, camera, motherboard.

The goal is to make stolen iPhones worth nearly zero to thieves, which makes iPhones more valuable to all iPhone owners. Otherwise stolen iPhones are worth enough to incentivise a stolen iPhone economy. https://www.ifixit.com/Parts/iPhone_13/Screens Not having your phone stolen is worth your replacement cost to you.

[shuntress]

Nothing exists in a vacuum.

Tracking stolen phones and busting chop shops is probably something that should be handled by law enforcement.

[newtritious]

Until it is, Apple are serving their customers by protecting them from this problem.

[shuntress]

I am much more likely to need a phone serviced than have a phone stolen.

Apple should protect me from a repair monopoly overcharging just enough such that a new device (also sold by said monopoly) looks more appealing than a repair.

[tjoff]

The first part doesn't require functionality to be disabled though.

[buildbot]

Probably a combination of missing calibrations and the software locking. It seems better to fail visibly than to have a device silently phoning home that it is non-genuine.

[bogwog]

> It's also nice for consumers who get their devices stolen strictly for parts. Preventing someone from basically chop shopping phones. I don't use iphone's but it's a nice feature. If the parts are serialized they could prevent your stolen iphone's camera from working in someone else's stolen iphone. Essentially locking the parts to a iphone that locked by an appleid.

A notification that says "this iPhone has stolen parts", some cooperation with the police, etc. could all work without locking down the part. There are a million ways to do it that don't involve destroying the planet and stomping on consumer rights.

Also, getting past the serial number lock isn't that hard. It's hard for the typical random asshole who steals phones, but not for someone knowledgeable enough to buy stolen phones to do repairs. Just search for "iphone screen programmer" on eBay and you'll find them selling for around ~$90.

$90 + an aftermarket screen is still less than what Apple charges for a repair, DIY or not.

[pbhjpbhj]

You can sign things without locking them though. The utility you're speaking of is identification, what's the utility for a user in locking a device against repair?

Apple probably report way more data than a list of part IDs already.

[viktorcode]

> interchanging parts on two brand new iphone's and it disabled a lot of things including auto-brightness.

I think one problem is not being discussed enough is iPhones being stolen for parts (since in most cases they can't be reactivated). I strongly suspect inability to simply switch parts without remote authorisation is Apple's way to address the problem.

[smoldesu]

Okay, let's discuss it then. Why do I need Apple's consent to repair the device I paid for? Why is there no way for me to (even temporarily) disable this feature if I actually want to fix my phone?

[cromka]

> Why is there no way for me to (even temporarily) disable this feature if I actually want to fix my phone?

You want to be able to temporarily disable a feature that Apple introduced to prevent from installing potentially stolen parts in your phone?

[smoldesu]

All parts are 'potentially stolen', that's just a scary thing that John Deere and Apple says to justify their first-party stranglehold on repairs. Louis Rossmann and co. use donor parts for repairs all the time. If they own and can unlock the donor Macbook/iPhone, they should be able to attest that the device is being used for parts/repair and disable the protection. I see no potential for abuse here, and it prevents more iPhones from becoming landfill. Win/win, since Apple cares about the environment so much!

If I own my device and can enter the password on it, I should be able to decide which software features are enabled and disabled. That shouldn't be a controversial opinion.

[saiya-jin]

The amount of uncritical comments in any post around apple on HN is usually quite something, I wouldn't get too excited about that. Its mainly US website so that's to be expected.

That being said, there are some good points raised here by folks. If you don't like how Apple does things overall, there are mighty fine competitors that provide even more in some areas and are not Chinese, but they do charge premium for their quality too. Just expect some similar/other limitations there too.

[smoldesu]

The problem is that we should be able to choose, not Apple. Overriding Apple's software choices should not necessitate leaving the ecosystem, period. Especially considering Apple is the largest company in the world, it shouldn't be a problem for them to add a few toggles. We need regulation to hold them accountable for these simple options, but knowing Apple (and how deep in bed they are with the US government) this won't happen.

I agree though, and I've been moving myself away from Apple products since Catalina. The water is now lukewarm, and this little frog doesn't intend to be around when they put the lid on the pot.

[Gigachad]

You chose to buy it knowing that's how it works. As a user I find this an extremely compelling feature that my phone is close to worthless to anyone who would try to steal it.

[bogwog]

I'm certain that at least 90% of iPhone buyers have no idea Apple does this. I suspect a lot of them would be pissed if they learned.

[Gigachad]

I suspect if you gave most users the choice between theft proof and aftermarket part swapping, they would pick theft proof. Considering you can buy parts from Apple or take the phone in to a store to have it fixed at a very fair price.

[bogwog]

Theft resistant would be more accurate, as it's certainly not theft proof. An iphone screen can be trivially reprogrammed to bypass that serial number check with a ~$90 device on ebay.

> Considering you can buy parts from Apple or take the phone in to a store to have it fixed at a very fair price.

What is a "fair" price? After market screens can be found online for incredibly cheap. I replaced my XS Max display myself in 10 minutes using a kit I bought for ~$50 on Amazon with free 2 day shipping.

Sure, I don't have "true tone" anymore, and the display is an inferior LCD rather than an IPS, but I don't care. It looks great, works great, and it beats paying Apple $329.

[viktorcode]

As a customer you don't need "Apple's consent". Just drop the phone to a repair shop of your choosing. As a repair servicemen, you need Apple's consent presumably because they don't want you buying stolen iPhones for parts.

[devrand]

This does coincide with Apple changing Applecare+ to cover an unlimited number of incidents. Their motivation was simply to streamline their own internal repairs?

[Someone1234]

That "unlimited" thing only impacts a very small number of devices. It is a better headline than reality. Previously you could have two accidental damage incidents PER YEAR, which means four for a standard Applecare+ 24 months plan.

How many people, realistically, had over four accidental damage incidents in a two-year period wherein they benefit from this "unlimited" change? As I said, it is good marketing, a very niche change in reality.

[dkonofalski]

I don't even have a case on my phone (and never have on any phone in the past) and have never had an incident. I know at least 5 people that have broken their phones more than 4 times per year and they all use cases. Some people just do not treat their electronics like the expensive devices they are.

[synaesthesisx]

I do not use cases, and have dropped my naked iPhone 13 Pro Max many many times (with $29 screen replacements via AppleCare, I'm fine taking the risk). This phone has literally hit concrete and has yet to crack, a testament to the durability improvements.

[shuntress]

Some people expect their expensive tools to withstand the rigors of daily use.

[dkonofalski]

Dropping devices on concrete is not "daily use". That's like saying that people should expect cars to be unaffected by randomly crashing into walls.

[joshmanders]

Not to mention I've dropped mine a LOT. scratched up screen, dings in the sides, everything. (No case/protection at all too) It definitely withstands daily use. Dropping it 4-5 times a day every day however probably slowly chips away at the sturdiness of the device.

[shuntress]

> Some people just do not treat their electronics like the expensive devices they are

Phones hit the floor sometimes. It just happens and it is normal in daily use.

You aren't wrong that phones are expensive devices but your comment oozes a toxic elitist "PEBCAK" attitude similar to something like "The antennas are VERY well designed you're just holding it wrong"*

[neon_electro]

That's fair - but "the rigors of daily use" as parent post wrote absolutely include resilience and resistance to physical damage if/when a fall happens.

I agree dropping a phone every day is not accurate, but the risk exists with "the rigors of daily use".

[reaperducer]

How many people, realistically, had over four accidental damage incidents in a two-year period

My wife. Mostly because of the Minnesota State Fair.

[astrange]

Did she fall into the dunk tank?

[unethical_ban]

I've been thinking about a future where deepfakes/AI are more everyday (which is soon).

I can imagine Apple doing some kind of hardware-level signing of camera and video data, so that any image shot by an iPhone/iPad would have a signature declaring that is was not edited by the user in any way. Details on whether RAW or any kind of auto-cleanup could be included.

In other words, a chain-of-custody kind of thing so that images can be asserted as real vs. created by a computer.

Depending on how such a system would be implemented, this would require "real Apple hardware" from the ground up.

[reaperducer]

I can imagine Apple doing some kind of hardware-level signing of camera and video data, so that any image shot by an iPhone/iPad would have a signature declaring that is was not edited by the user in any way.

This exists, and is why the (Canon?) cameras used by police departments at crime scenes are so expensive.

[shuntress]

And "Real Apple Hardware" supporting "Real Apple ID" on every device in the network.

[samatman]

Cryptographic signatures can be decoded by anything which has the public key, that's not how this would work at all.

[illiac786]

Cryptographic signatures are _meant_ to be decoded and verified.

If you want to take a signature you need to extract a secret key from an iPhone in this scenario, which would be probably stored in the secure enclave.

That's how asymmetric cryptography works.

[lukas099]

I think that what you are saying is valid, but this should still be celebrated as a win for consumers. You don't have to see something as all good or all bad.

[agilob]

Rooting even those easily fixable Android, with unlocked bootloader and coming with Android One still voids the warranty and might break cameras. Unlocking more potential of a software, breaks hardware.

Apple is preparing to legislative changes in EU that hardware must be repairable. This law is already a reality in France https://www.ecr-community.org/implementing-the-reparability-...

[buildbot]

Good! I want to know that even a used and repaired iPhone has genuine parts in it

[rasz]

>interchanging parts on two brand new iphone's

[Bilal_io]

Exactly! One important argument for Right to Repair is the environment. If I cannot salvage parts from a dead phone then it'll be e-waste. This doesn't help the consumer nor the environment, but it will definitely affect Apple's pockets in a positive way.

[specialist]

Applying zero trust (or equiv) to a system's internals is pretty cool.

[thepasswordis]

Ah, so there is a way to disable auto brightness! Are there any aftermarket upgrades which will also permanently disable "live photos"?

[reaperducer]

Not aftermarket, but Apple offers something for both of those. It's called The Manual.

You can get one here: https://support.apple.com/manuals/iphone

It's even free!

[incanus77]

Settings > Camera > Preserve Settings > Live Photo

[lostlogin]

OP wants an aftermarket method.

[kube-system]

Ship me the phone and I will click the button for you for only 3 easy payments of $19.95.

[thepasswordis]

Yeah I've done this. It somehow keeps getting turned back on wether it gets grazed by my finger, an update happens and resets the setting, or whatever else.

I'm saying i want a way that disables it and then prevents it from ever being re-enabled.

Also: it's a joke.

[pb7]

Jokes are supposed to be funny.

[laweijfmvo]

The Settings menu