As a user, that’s what I’d want it to do. If someone is trying to bypass the fingerprint sensor by replacing it because they know that’s where the authorization is stored, that’s exactly what I’d want the phone to do.
The fingerprint scanner is just a scanner, it doesn't handle authorization, that's what the security chip does. The scanner has two ways of communicating with the security chip. It can authenticate itself with the chip, and it can send the chip images of fingerprints.
If a compromised scanner fails to authenticate, then the security chip can just ignore the scanner. Not much it can do if its only avenue of communication is cut off. A warning message telling users to not touch their compromised fingerprint scanner would have been sufficient.
You are assuming it is fine to swap authentification hardware for incompatible parts? I guess this is from the spirit of "right t repair". While I get the idea in princple, I still think going dark is the best option you have if essential hardware was apparently tampered with. Find a back-alley smartphone shop which at least swaps your FP reader with compatible hardware. But if someone gained access to my phone, and put a piece of hardware in which is not recognized by the OS, I want it to stop right there. That doesn't feel like bricking, more like a security feature.
This attack scenario doesn't make any sense. If your phone is out of your sight and unsecured for long enough to take it apart and replace the fingerprint sensor, it's unsecured and out of sight long enough to be entirely replaced by a clone that will steal all your credentials and send everything to whatever bad guy you are imagining
And it won’t work anyway because the phone will detect and reject the sensor and just fall back to PIN authentication which is how it worked before the update
Ah, I see the use case now-where you get it replaced by a 3rd party or buy a stolen phone, do you want it bricked by a software update? I don't know. I don't know that I care much about that use case TBH.
What I don't want is this: someone steals my phone and then replaces the fingerprint sensor and has access to everything, including the ability to reset and resell the phone.
That’s not possible anyway because the phone can detect and reject the replacement sensor. If it couldn’t then how would it know to brick itself? Instead it should just fall back to PIN authentication, which is actually more secure and how it worked before the update
You want your own phone that you paid money for wiped and bricked remotely at random without your permission while you’re using it for no security advantage whatsoever (since it can just fall back to PIN authentication which is actually more secure than a fingerprint) until you give Apple money to “repair” it?
If a compromised scanner fails to authenticate, then the security chip can just ignore the scanner. Not much it can do if its only avenue of communication is cut off. A warning message telling users to not touch their compromised fingerprint scanner would have been sufficient.