Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Why does Apple want me to expose my iPhone password to repair my screen?
56 points by dsrtslnd23 on Sept 24, 2023 | hide | past | favorite | 70 comments
I went to the Apple "Genius Bar" today to get my iphone screen repaired (it shows only a white screen). They told me I need to disable the "find my iphone feature" before they can start the repair. This requires me to confirm it on the phone itself - which does not work due to the broken screen. So the apple staff handed me a "Showcase iPhone" of the apple store which had a "apple support" app on which I need to enter the password of my phone. I have no idea what this apple support app is doing or if it is legitimate at all (ass this is a show phone where many people have access to). I ended up leaving without repairing the phone and now consider to go to an unofficial screen repair shop. From a security point of view that does not look like a very good approach. Any thought on this?


Samsung phones have a feature for this specific scenario. Maintenance Mode creates a temporary user account, allowing a service technician to test all of the functionality of your device without exposing any user data. Given Apple's stated commitment to privacy and security, I'm surprised that there's no equivalent feature.

https://www.samsung.com/uk/support/mobile-devices/what-is-ma...


Lots of people seem to be misunderstanding this post. Apple is not asking for the posters password, they are asking for the poster to disable a function, which can be disabled online and offered a device to do this. They were not offering the device to capture the password in order to perform maintenance.

Poster is concerned about entering password on a device used by many. Poster could go home log on to iCloud on a device they own and disable Find my from there. No passcodes handed over. No access to device data, remains encrypted.


I think that’s because it seems like the OP misunderstood what was being asked of them. I think you’re 100% right here (having gone through this exact process and choosing, exactly as stated, to remove Activation Lock/Find My via my personal machine rather than a store machine) but OP seems to think they were asking for his phone passcode. That doesn’t make sense to me but it looks like that’s what he’s stating - phone passcode, not iCloud login - and I think that’s causing the misunderstanding.


It is double-edged sword. Adds new attack vector to compromise the whole phone. Is the user data encrypted when the maintenance mode is on? Can thiefs access it and make phone usable?


The user partition is encrypted by default, so a Maintenance Mode user has no access to user data. Maintenance Mode can only be enabled if the device is unlocked, so a thief could only enable it if they have your device password or they grab your device while it's unlocked; obviously that's a more general attack vector. The device can still be remotely located, locked or erased while in Maintenance Mode.


>Is the user data encrypted when the maintenance mode is on?

Yes, the primary device user data remains encrypted. The temporary user functions in a sandboxed state.

>Can thiefs access it and make phone usable?

The expected functionality prohibits access to the primary user data. Even if they were able to break from the sandboxed space somehow, the primary user data maintains an encrypted state.


> The expected functionality prohibits access to the primary user data. Even if they were able to break from the sandboxed space somehow, the primary user data maintains an encrypted state

That was not my point.. just thinking if that would add resell value for the phone. Currently it is zero for iPhones.


One of the main reasons I pay for AppleCare is to use the Express Replacement Service[0]. They will overnight a new iPhone to you while you keep the old one, then you can transfer your data to the new one and safely wipe the old one before mailing it back.

This avoids a lot of hassle with the store’s repair team and is the same price as most repairs. (The front glass only repair is slightly cheaper than ERS but wouldn’t you rather get a new phone, battery, etc for slightly more?)

[0] https://support.apple.com/iphone/repair/express-replacement


FYI, if you do this option they’ll likely still ask you to disable find my iirc


How would the transfer work with a completely dead screen on the old phone?


Wait for it to do a fresh backup then nab it on the new phone would be my first try

E: no wait I'd just plug it into a computer


and enter passcode how?


Fair point. I'm back to waiting for it to do a backup itself then


That cannot work for all the payment cards etc you have right? That data never leaves the secure chip on your phone, I hope?


The iPhone transfers card details to Apple Watch automatically, so no, that data is not stored in a non-exportable fashion.

The data-storage capacity of things like a TPM or Apple's secure enclave is absolutely tiny (e.g. the TPM specification[1] only requires ~7KiB) - which makes sense considering it only needs to store a handful of encryption keys and other stored-secrets.

[1]https://trustedcomputinggroup.org/resource/pc-client-platfor...


Cards on an Apple Watch are provisioned separately from those on a paired phone. They have different card numbers, and are provisioned as two separate passes, each with its own fraud control. Once a pass has been added to one Apple device, a reference token to that physical card is added to your iCloud account, which can be used to initiate the provisioning flow on other devices. Usually that token requires at least a CVV to prove possession, but may also require bank-issued OTP or phone call verification as well.

The Secure Enclave is small, but supported between 8 and 16 cards, depending on hardware. As of iOS 17, the atorage is based on actual space available and can store upwards of 30 cards on an iPhone 14.


Ah, so that's how it works, thank you for the clarification.


The actual TPM storage may be tiny, but you can use it to encrypt and decrypt arbitrary amounts of data. All the TPM needs to hold is the key.

That you can actively ask it to transfer data to the Watch or Cloud doesn't automatically mean that it is not using the TPM for storing that data at rest, requiring the phone to be unlocked for any such transfer.


Payment cards aren’t transferred to Apple Watch automatically. The enrollment process occurs again and the watch receives its own unique card number.

The iPhone does allow you to initiate the enrollment for your Apple Watch without entering the card number again, you just need to re-enter the CVV.


FWIW, I've had the unofficial repair shops try to insist I needed to tell them my PIN ahead of a screen repair so they could "test everything works."

I'm sure plenty fall for it. All those nudes don't leak themselves.

Doesn't answer your question, but be careful that your distrust doesn't lead you into worse trouble.


> All those nudes don't leak themselves.

No need to hack devices, anymore: https://www.cnn.com/2023/09/20/europe/spain-deepfake-images-...


I was asked to do this for my MacBook repair and I asked them why. The technician said they had to run their diagnostic tool to make sure everything is in order. But he simply asked me to create a new limited access user rather than give out my password.

Unfortunately this doesn’t help your situation, so I’d recommend taking a full offline backup using iTunes, erasing the phone and restoring your backup once you get the device back.


You can't create a backup in iTunes (or wipe the phone) without entering the passcode on your device, right? And that's the issue that OP has in the first place. Is it still possible to enter your password via an HID device (e.g. a keyboard with lighting cable)?


If the phone is semi-functional, then you should backup and factory reset the device before handing it off to be repaired.


I did that in December 2022, and then set it up on a different Apple ID, with a simple password and PIN, so if the repair place wanted any of (Apple ID, password, PIN) I could go ahead and give it to them. After the repair I did another reset, and restored the latest backup from the original Apple ID.

Worked fine, except it is now very confused about my "Longest Move Streak" record in Apple Fitness. Here's what it has said at various times this year:

2023-02-04: "You earned this award for your longest daily Move streak. 39 days, ending on 2023-02-03. Your current streak is 1,368 days".

2023-02-21: "You earned this award for your longest daily Move streak. 41 days, ending on 2023-02-20. Your current streak is 1,385 days".

2023-09-24: "You earned this award for your longest daily Move streak. 37 days, ending on 2023-09-23. Your current streak is 1,600 days".

The current streak numbers are correct. The longest streak numbers are now nonsensical and inconsistent.


While I agree it’s not best practice to enter your password on a random device, turning off find my is pretty standard for Apple repairs. I think one of the reasons why is that Find My enables activation lock which will prevent them from fully restoring the iPhone if they need to for any reason. Also, if they decide to replace it with a new unit then you need activation lock disabled so the old one can still be usable. With it still enabled, the old iPhone would essentially be bricked for life otherwise since it’s linked to your account.

As far as the Apple support app, I think that Apple does have a legitimate app under that name. However, usually find my is disabled under the find my app, not the Apple support app (unless Apple stores use a custom version with it in there or it’s hidden in the regular app where I can’t find it). It’s also possible the support app just redirected you to the find my app. Either way, if you don’t trust the app, you could just go to a web browser at home and disable it via the web app for find my so they can proceed with the repair. I don’t know if third party repair shops will also make you disable find my, but I know Apple usually asks you to disable find my first


Strange that they didn’t bother create diagnostics software to be in guest user space accessible via some code 9t dongle.


Had the same experience when getting my non-iPhone repaired. They said they need it to verify the new screen works properly. I said, I will not give them my PIN. That apparently removed some warranty that it's working? It's very very weird, but it's probably just to test each area of the screen (can't be done when locked). I just tested it in the store myself.


last time I had an issue they asked me to disable filevault which really freaked me out... I wouldn't trust all of their guidance.


You should delete all your personal data and then leave a mobile in the support store, I won't leave my phone unblocked to anyone.


I get why you’re being careful, but following on from your logic there… there’s nothing from them also adding in some root kit.

Depending on your level of carefulness… I would consider your phone not secure if it’s confiscated and you’re not in the same room as it.


Following the same logic, you should never buy a phone used in case the previous owner installed a rootkit, and may also want to worry about rogue factory workers installing a rootkit before packaging the phone.

I think running a system restore should make the phone reasonably safe?


How do you know they didn't install a hardware rootkit while they were repairing your phone?

(btw, this is partially the logic of why Apple wants to forbid uncertified third party repairs)


Yeah exactly. Ultimately we have to trust someone in the supply chain, otherwise you're destined to live a life like rms.


FYI: you can do that on device you used to type this post. They need you to disable Find My in order to confirm that you're the legit owner of the device. The problem is that diagnosis refuses to start on devices with Find My enabled. Their diagnostic tools work in a pre-boot environment so that they don't have access to any of your data.


I’m pretty sure this has to do with phone theft. When you get your phone stolen, the thieves disassembling your phone is China will send you hundreds of texts asking you to disable find my iPhone. I’m hoping it’s because you can’t even used the pieces for parts if that was enabled.


I think this is related to the way the Apple links different Apple devices? If I change my apple password, or if I have a new device, I need to enter my phone passcode on that new device to properly link them.

Maybe the apple support app uses a similar mechanism to disable find my?


I couldn't schedule a repair at the genius bar and to go in person I could only find apple stores in malls (which I can't stand), going through all that for them to ask me the same shit in person possibly and deny repair is not worth it.

So I just went to a nearby repair guy who only asked for my phone number to update me on the repair status.


At some point you need to trust your vendor or why are you even buying their products in the first place


I trust the vendor to want to keep their name out of the papers. I don't trust an unknown individual possibly in their first job with no privacy training.

The amount of sensitive information I've seen in my circles alone being posted to Instagram in the background of a cheeky work selfie.. don't even start on the deliberate stuff like "hehehe this guy has a silly name" "hehehe aye he does (I wonder if anyone screenshots my private info and shares it with their friends?)"


I trust my vendor to supply me with genuine parts. I don't give the keys away to my vendors to fix issues. If you must, offload data from the phone and wipe it, then have it serviced. Just like you would remove precious cargo from the trunk of your car when you give it to a dealership service center.


>offload data from the phone and wipe it

which is something Apple makes easier than any other smartphone manufacturer and which also tells you to do in case you don't feel like giving them your code


How do you do when you drop your car at a mechanic ?


My car doesn't have access to my emails.


It has your location history though, since you apparently all face presidential level threat in this forum I guess that would be very important. They could also plant microphones and cameras !!


Remove the bricks from the trunk first


Thats a good analogy. Or simply take my personal diary out of the glove box.


I won't trust anyone, I would delete my personal data before leaving my device in the store.


https://www.businessinsider.com/apple-settled-lawsuit-womans...


Vendor != some repair guy in vendor's shop.


Plot twist, Mr Apple never fixes your phone himself, it's always a guy in a vendor's shop. Same for the components, they're made by guys in vendor's factories. And the software is made by guys in vendor's offices


ifixit.com and replace the screen yourself, its cheaper since you only pay for the replacement screen and its a good learning experience.


I just don't understand the meaning of this, and thus I have a hard time not seeing malice in this.

I manage RMA for consumer electronics, and we don't do any shit like that.

We just have a factory test firmware that is signed by us, that can be booted from a USB storage, boots in RAM (so it doesn't need anything from local storage except first stage bootloader, and we disable secure enclave in first stage boot in that mode).

It's still a bit of a security tradeoff since that gives attacker an extra surface area to execute code on Application Processor, but still nowhere near giving your password to strangers?


Have you tried google ?

https://discussions.apple.com/thread/6762585

https://support.apple.com/en-us/HT201557

https://www.reddit.com/r/apple/comments/xise5n/are_apple_gen...

https://discussions.apple.com/thread/8036163

&c.


You are needlessly paranoid.

It's common to ask for the password and I don't think they'd touch your private files.

After the screen is fixed they'd need to do QA that it works correctly. Some things you just have to trust in life, too much paranoia won't lead you to good places. Trust me, I've been there.


Having worked in a mobile manufacturer in the past close to the tech service responsible colleague, I can tell you that you should have NO trust to the service center agents with your personal data. At the same time - disclaimer my personal experience only - for repairs like screen replacement, unless the agent has really f* up there is non need for any repairs extensive tests that require full device access. Since then and while I’ve been away fro the field for too many years, in such repairs I ask that they don’t reset the device and get no complaints, maybe some typical “we might not be able to ensure proper operation otherwise” which I dismiss without issues. Again my personal experience AND no iPhones so I don’t know what apple does like maybe parts pairing that needs full access or something


Better off wiping your phone before sending it in for repair - incidents like this are not worth the hassle:

> Legal filings, first reported on by the Telegraph, revealed the unnamed woman sent her iPhone for repair on 14 January 2016 to an Apple-approved repair contractor called Pegatron Technology Service in California. Technicians there then uploaded “extremely personal and private material” to the woman’s Facebook account and other internet locations, the documents said.

https://www.theguardian.com/technology/2021/jun/07/apple-set...


> You are needlessly paranoid.

> It's common to ask for the password

Haha, good one. I got a chortle combining this attitude with a site called hacker news.

... it was satire, right?

I'd be up for them wiping the phone and I'll restore from backup later. Giving out my password defeats the point of me having a password. Them nudes don't leak themselves.

Not to mention you're on the hook for any any sensitive work stuff or whatever that leaks out, having willingly given the person the keys.


It doesn't defeat the purpose you'd know immediately if something went wrong. Like I said this is a routine.

If you fly, you are basically trusting your life to 2 people in the cockpit that you don't know.

How come sharing password for data recovery is too great of a risk and flying is not.


I'd rather prevent the bad thing from happening than react to it when it does though. Much less effort.

If I fly I assume the pilots don't want to lose their high paying jobs and/or their lives. Min wage can be swapped out for min wage without much of a life disruption.

Also if a flight goes wrong chances are I won't be intact enough to care about the repercussions.

Unfortunately too I've only been on a plane twice in my life, bad example haha (In fairness that's not fear based, just never really been able to afford holidays)


Because some 17 year old kid with his first job in the repair shop is not the same thing as a trained pilot.


I might trust Apple in this specific situation but not their workers. They can cause me a lot of trouble with an unlocked iPhone. Like temporarily supplant my identity or steal pictures


What would they do with your nudes?

Not like you wouldn't know if something went wrong. You'd literally have a cause for suing them.

Like if I was working at AppleGenius or whatever, this would probably be a routine thing.


Would you like to give me your house key? I'll just check if there are any parasites there, while you're gone. Trust me.


Let's say your laptop's broken and you have important data in there.

How would you recover it if you don't have the expertise?

I also regular give my apartment's keys to maintence workers or landlord.

If something goes missing I'd know who took it

From one angle, I get where you're coming from. In the US people are really defensive for their homes.

Where I live if I behave a bit closed off they'll think I'm growing drugs at home or something sinister like that. So it's a great privilege if you can be super paranoid about things like that.


It's common to normalisation or deviance is how you blow up space planes.


Considering Apple's history of working with intelligence agencies the paranoia is warranted. We can debate if OP is enough of a target for it to matter, though.


Sure, they'll wait for you to break your screen, go to an apple store, and steal your password there, to look at your pictures and texts ...

That's a very very very convoluted attack vector, unless you're very high value target they don't care about you enough to go through that. If apple were that corrupted they'd set a backdoor in all the phones, they wouldn't wait for John Doe to break his screen


All companies are required by law to be fair, in the U.S.


That's right. But Apple goes a step further and actively collaborates. Look up the secret ipad menu for the geiger counter.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: