As explained by Apple, iOS performs routine Touch ID module checks to ensure that the hardware "matches" other components installed on an iPhone and iPad. To maintain a high level of security, and thwart fraudulent hardware, Touch ID sensors that fail these tests are automatically disabled.
Except that's not what happened - the whole device is rendered inoperable not just the faulty bit.
That's a very strange argument. "The faulty bit" happens to be the bit that is needed to make the thing work. What you are saying is that Apple should all access to the phone even if they know the security system is compromised? I'm not buying a phone that allows that!
So if my car comes back from the dealer with a broken security system, then it should just allow any key fob to open the door and start the car?
Because the iPhone has no other security protection other than TouchID, right?
iPhones were completely insecure until apple introduced TouchID with the 5S, right?
Come on man, use your head.
Yes, the usual problem with forum folk: flat-file thinking.
This isn't about stopping you from using your own phone. It's about stopping third parties accessing your stuff. Yes, the could just deactivate the TouchID, but since they do not know how the compromised device works because they have never seen it, then how can they be sure that their attempt would be successful? How do they know what else has been altered in the phone that might thwart their effort to shut it down.
Never assume you're the smartest person in the room. It really is that simple.
If I buy an Apple product, then it is MY device not Apples. If I have it repaired by a non-Apple service, or even do it myself, then it is STILL MINE! This case is not about the warranty. It is about Apple wanting to remain in control of MY device after they sold it to me. If the repair means that the device doesn't work properly, then that is my issue, but Apple is not entitled to STOP THE DEVICE WORKING ENTIRELY. That is illegal under Australian law and should be illegal everywhere.
I like Apple. I was an early user, I owned an Apple 2C, several original Macintoshes, an original iMac, and still have a working 10 year old MacBook. However I will not have an iPhone or any other mobile device that could behave like this. Apple deserve to lose this case.
You can have your car serviced with anyone as long as it's done to the standard prescribed in the service manual.
Which is called - authorized repair center, because in the case of cars, you can't just get that manual for free. You have to pay Toyota or whatever company you think about, to give you access to their system with blueprints, schematics and other stuff, in order to properly service a car. On top of that, you also need to have a bunch of special (and very pricy) tools. You can refuse to buy those tools and do everything with a screwdriver, but it would be very easy for that manufacture NOT to honor the warranty based on improperly serviced/damaged components.
Theres a BIG difference between honouring a warranty/guarantee and bricking the device. BMW don't disable the car if you go to a back street garage to service it, it might not run perfectly on OEM parts, but it still runs.
But if you go to a back alley garage and have them install a cheaply made 3rd-party ECM to run that engine, it probably won't and BMW will not help you make it run again for free. The issue isn't the repair, it's with using cheap 3rd-party Touch ID hardware that doesn't match the rest of the phone. The liability falls on the repair person, who didn't complete the repairs properly or did not have the capability to do so.
rhinotuff said: The issue isn't the repair, it's with using cheap 3rd-party Touch ID hardware that doesn't match the rest of the phone.
To clarify, my understanding is it doesn't matter whether the repair facility used "cheap 3rd-party Touch ID hardware" or genuine Apple parts. The phone will shut down as a result of it being changed, period. The rest of the phone recognizes that the Touch ID sensor is not the one that was in it when it left the factory and shuts down. It does this because changing the sensor would allow a thief to reactivate a stolen phone.
I assume that means Apple is able to "approve" a new sensor when it's installed, but third-party repair facilities can't. If that's the case, it may be argued that it's protecting the user by making theft an unprofitable venture.
It's possible I've misunderstood the particulars, so if anyone has information that contradicts anything I've written I'd be glad to see it.
As explained by Apple, iOS performs routine Touch ID module checks to ensure that the hardware "matches" other components installed on an iPhone and iPad. To maintain a high level of security, and thwart fraudulent hardware, Touch ID sensors that fail these tests are automatically disabled
on the other hand, our law is quite clear that you're not forced to go back to a seller for service or maintenance. You can have your car serviced with anyone as long as it's done to the standard prescribed in the service manual.
"the standard described in the service manual"
Not true at all. Automotive manufacturers lay out specific requirements for repairs. Simple ones would be the type of oil your engine needs. More complex ones would be the proper torque sequence for cylinder head bolts. One is in your manual, the other isn't yet both are valid.
Manfacturers are allowed to set their own standards for repairs. Repairs not done to these standards can void your warranty (on the specific component, not the entire vehicle). You put the wrong oil in your engine and it seizes you're not getting it replaced under warranty. The rest of your vehicle is still covered.
The only thing I can see Apple having to do is provide a list of standards for repairs so third party shops know "the torque sequence for a cylinder head" or "screens replaced without transferring the Touch ID sensor over will render it inoperative".
To be honest, I don't see where you're in disagreement. By "anyone" I do mean a licensed mechanic.
"Any
suggestion by car manufacturers or dealers that motor vehicles need to be
serviced at a licensed dealer to maintain the owner's consumer guarantee rights
is not correct."
There is a separation here about the warranty that is offered by the seller of a product and the consumer guarantees which cannot be traded away. Your consumer guarantees clearly state you are not required to seek repair from the manufacturer of an item. Doing so may void your manufacturer warranty, but will not necessarily erode your consumer guarantee. It's as simple as that.
From your linked article:
"Warranties
against defects may set out requirements that consumers must comply with. For
example, a warranty against defects on a motor vehicle may require the consumer
to ensure any servicing is carried out:
by qualified staff
according to the manufacturer's
specification
using appropriate quality parts
where required."
Sounds a lot like what I said where manufacturers are allowed to set specifications that repairs must adhere to. Qualified staff doesn't mean the dealer - third party repair shops can also have qualified staff (licensed technicians).
What apple could and should have done was simply disable TouchID and have a message pop-up stating that "unauthorised parts were used during a repair or a repair was done incorrectly - contact apple support for further information". Then the customer can pay again to have it done properly or continue to use the device without the TouchID, as if it were a iPhone 5 or earlier. Disabling the entire device is a step too far.
Uh, that's what Apple does now. When this first came out iPhones wouldn't boot because the Touch ID sensor didn't pass initial security checks. Apple made changes to iOS such that if it detects a bad Touch ID sensor it will still boot, but Touch ID is completely disabled.
All these people talking about bricked phones seem to forget that they no longer get bricked. That only happened for a short period of time until Apple issued the update.
You can have your car serviced with anyone as long as it's done to the standard prescribed in the service manual.
Which is called - authorized repair center, because in the case of cars, you can't just get that manual for free. You have to pay Toyota or whatever company you think about, to give you access to their system with blueprints, schematics and other stuff, in order to properly service a car. On top of that, you also need to have a bunch of special (and very pricy) tools. You can refuse to buy those tools and do everything with a screwdriver, but it would be very easy for that manufacture NOT to honor the warranty based on improperly serviced/damaged components.
Theres a BIG difference between honouring a warranty/guarantee and bricking the device. BMW don't disable the car if you go to a back street garage to service it, it might not run perfectly on OEM parts, but it still runs.
If you tamper with any security features your car will be a brick. As in your engine will refuse to start. Until you tow it back to BMW and pay them to fix whatever you or your shop did.
Sorry guys, you really need to understand both Australian consumer law and what the issue really was. The two points at issue are the third party repair and the Error 53 and what caused it.
As I understand it Australian consumer law allows repairs to be carried out by any qualified person, and that qualification is not limited to those the manufacturer deems as qualified. So in effect any qualified technician should be able to carry out a repair and not invalidate the warranty. The error 53 was as a result of the secure keys not matching in the OS and the FP reader. The fix takes about 30 seconds and simply reverifies the keys to enable secure comms between the sensor and the OS. In effect Apple was penalising people for not getting the phone repaired by Apple. What the ACCC is contending that this was unreasonable and indeed violated Australian consumer law.
I suspect that the ACCC will succeed.
So in this case, what is a 'qualified person'?
As far as I understand it, you don't need to have the phone repaired by Apple, so it seems the law is really saying that anyone should be allowed to tamper with the phone whether they are qualified or not. Correct?
This whole error 53 issue was fixed by Apple a long time ago. Anyone can replace the TouchID button. In fact I did it myself for someone on their iPhone 5S. Of course the TouchID no longer works because of the security, but the Home button works for everything else and no error 53.
You can't have 3rd party people access in reprogramming the TouchID security. Because that alone creates a huge security issue. I've also swapped out screens on a number of different iPhones over the years without any issue. While Apple should allow Warranty work still for anything not touched by a 3rd party unless something failed because of what some 3rd party did. If your phone is under warranty, why wouldn't your just bring your phone to Apple?
Sorry guys, you really need to understand both Australian consumer law and what the issue really was. The two points at issue are the third party repair and the Error 53 and what caused it.
As I understand it Australian consumer law allows repairs to be carried out by any qualified person, and that qualification is not limited to those the manufacturer deems as qualified. So in effect any qualified technician should be able to carry out a repair and not invalidate the warranty. The error 53 was as a result of the secure keys not matching in the OS and the FP reader. The fix takes about 30 seconds and simply reverifies the keys to enable secure comms between the sensor and the OS. In effect Apple was penalising people for not getting the phone repaired by Apple. What the ACCC is contending that this was unreasonable and indeed violated Australian consumer law.
I suspect that the ACCC will succeed.
So in this case, what is a 'qualified person'?
As far as I understand it, you don't need to have the phone repaired by Apple, so it seems the law is really saying that anyone should be allowed to tamper with the phone whether they are qualified or not. Correct?
If your phone is under warranty, why wouldn't your just bring your phone to Apple?
People who smash their screen and are too cheap to get Apple to replace it for them.
As explained by Apple, iOS performs routine Touch ID module checks to ensure that the hardware "matches" other components installed on an iPhone and iPad. To maintain a high level of security, and thwart fraudulent hardware, Touch ID sensors that fail these tests are automatically disabled
on the other hand, our law is quite clear that you're not forced to go back to a seller for service or maintenance. You can have your car serviced with anyone as long as it's done to the standard prescribed in the service manual.
"the standard described in the service manual"
Not true at all. Automotive manufacturers lay out specific requirements for repairs. Simple ones would be the type of oil your engine needs. More complex ones would be the proper torque sequence for cylinder head bolts. One is in your manual, the other isn't yet both are valid.
Manfacturers are allowed to set their own standards for repairs. Repairs not done to these standards can void your warranty (on the specific component, not the entire vehicle). You put the wrong oil in your engine and it seizes you're not getting it replaced under warranty. The rest of your vehicle is still covered.
The only thing I can see Apple having to do is provide a list of standards for repairs so third party shops know "the torque sequence for a cylinder head" or "screens replaced without transferring the Touch ID sensor over will render it inoperative".
To be honest, I don't see where you're in disagreement. By "anyone" I do mean a licensed mechanic.
"Any
suggestion by car manufacturers or dealers that motor vehicles need to be
serviced at a licensed dealer to maintain the owner's consumer guarantee rights
is not correct."
There is a separation here about the warranty that is offered by the seller of a product and the consumer guarantees which cannot be traded away. Your consumer guarantees clearly state you are not required to seek repair from the manufacturer of an item. Doing so may void your manufacturer warranty, but will not necessarily erode your consumer guarantee. It's as simple as that.
From your linked article:
"Warranties
against defects may set out requirements that consumers must comply with. For
example, a warranty against defects on a motor vehicle may require the consumer
to ensure any servicing is carried out:
by qualified staff
according to the manufacturer's
specification
using appropriate quality parts
where required."
Sounds a lot like what I said where manufacturers are allowed to set specifications that repairs must adhere to. Qualified staff doesn't mean the dealer - third party repair shops can also have qualified staff (licensed technicians).
Are you just trying to be argumentative for its sake? We're saying the same thing.
As explained by Apple, iOS performs routine Touch ID module checks to ensure that the hardware "matches" other components installed on an iPhone and iPad. To maintain a high level of security, and thwart fraudulent hardware, Touch ID sensors that fail these tests are automatically disabled.
Except that's not what happened - the whole device is rendered inoperable not just the faulty bit.
That's a very strange argument. "The faulty bit" happens to be the bit that is needed to make the thing work. What you are saying is that Apple should all access to the phone even if they know the security system is compromised? I'm not buying a phone that allows that!
So if my car comes back from the dealer with a broken security system, then it should just allow any key fob to open the door and start the car?
Because the iPhone has no other security protection other than TouchID, right?
iPhones were completely insecure until apple introduced TouchID with the 5S, right?
Come on man, use your head.
Yes, the usual problem with forum folk: flat-file thinking.
This isn't about stopping you from using your own phone. It's about stopping third parties accessing your stuff. Yes, the could just deactivate the TouchID, but since they do not know how the compromised device works because they have never seen it, then how can they be sure that their attempt would be successful? How do they know what else has been altered in the phone that might thwart their effort to shut it down.
Never assume you're the smartest person in the room. It really is that simple.
the software now detects Touch ID sensors that aren't paired and disables them so you can basically just go back and delete the second paragraph of your response, then tell us more about who is the smartest person in the room.
As explained by Apple, iOS performs routine Touch ID module checks to ensure that the hardware "matches" other components installed on an iPhone and iPad. To maintain a high level of security, and thwart fraudulent hardware, Touch ID sensors that fail these tests are automatically disabled.
Except that's not what happened - the whole device is rendered inoperable not just the faulty bit.
That's a very strange argument. "The faulty bit" happens to be the bit that is needed to make the thing work. What you are saying is that Apple should all access to the phone even if they know the security system is compromised? I'm not buying a phone that allows that!
So if my car comes back from the dealer with a broken security system, then it should just allow any key fob to open the door and start the car?
Because the iPhone has no other security protection other than TouchID, right?
iPhones were completely insecure until apple introduced TouchID with the 5S, right?
Come on man, use your head.
Yes, the usual problem with forum folk: flat-file thinking.
This isn't about stopping you from using your own phone. It's about stopping third parties accessing your stuff. Yes, the could just deactivate the TouchID, but since they do not know how the compromised device works because they have never seen it, then how can they be sure that their attempt would be successful? How do they know what else has been altered in the phone that might thwart their effort to shut it down.
Never assume you're the smartest person in the room. It really is that simple.
With that line of logic then any security breach should result in a complete wipe, not an error.
A detected hardware issue need not result in a software lock out.
As explained by Apple, iOS performs routine Touch ID module checks to ensure that the hardware "matches" other components installed on an iPhone and iPad. To maintain a high level of security, and thwart fraudulent hardware, Touch ID sensors that fail these tests are automatically disabled.
Except that's not what happened - the whole device is rendered inoperable not just the faulty bit.
That's a very strange argument. "The faulty bit" happens to be the bit that is needed to make the thing work. What you are saying is that Apple should all access to the phone even if they know the security system is compromised? I'm not buying a phone that allows that!
So if my car comes back from the dealer with a broken security system, then it should just allow any key fob to open the door and start the car?
Because the iPhone has no other security protection other than TouchID, right?
iPhones were completely insecure until apple introduced TouchID with the 5S, right?
Come on man, use your head.
Yes, the usual problem with forum folk: flat-file thinking.
This isn't about stopping you from using your own phone. It's about stopping third parties accessing your stuff. Yes, the could just deactivate the TouchID, but since they do not know how the compromised device works because they have never seen it, then how can they be sure that their attempt would be successful? How do they know what else has been altered in the phone that might thwart their effort to shut it down.
Never assume you're the smartest person in the room. It really is that simple.
All security, even password security., goes through the secure enclave, and if touchID is compromised, how could you trust that too?
The thing if someones to replace a key border security device without any oversight, then the whole network may be compromised (and possibly most nodes too); continuing to use it would be irresponsible (unless you don't give a crap who sees or uses your stuff).
As explained by Apple, iOS performs routine Touch ID module checks to ensure that the hardware "matches" other components installed on an iPhone and iPad. To maintain a high level of security, and thwart fraudulent hardware, Touch ID sensors that fail these tests are automatically disabled.
Except that's not what happened - the whole device is rendered inoperable not just the faulty bit.
That's a very strange argument. "The faulty bit" happens to be the bit that is needed to make the thing work. What you are saying is that Apple should all access to the phone even if they know the security system is compromised? I'm not buying a phone that allows that!
So if my car comes back from the dealer with a broken security system, then it should just allow any key fob to open the door and start the car?
Because the iPhone has no other security protection other than TouchID, right?
iPhones were completely insecure until apple introduced TouchID with the 5S, right?
Come on man, use your head.
Yes, the usual problem with forum folk: flat-file thinking.
This isn't about stopping you from using your own phone. It's about stopping third parties accessing your stuff. Yes, the could just deactivate the TouchID, but since they do not know how the compromised device works because they have never seen it, then how can they be sure that their attempt would be successful? How do they know what else has been altered in the phone that might thwart their effort to shut it down.
Never assume you're the smartest person in the room. It really is that simple.
With that line of logic then any security breach should result in a complete wipe, not an error.
A detected hardware issue need not result in a software lock out.
It does from the user point of view, especially since the user may be the one compromising the system in the first place! All security goes through the secure enclave, if the device cannot trust what's in there then it must assume it had been breached and in that case, any use may be from the breacher (it cannot know).
The answer to that is not, more use, but should be, send it to be looked at to see if its actually secured by someone competent.
As explained by Apple, iOS performs routine Touch ID module checks to ensure that the hardware "matches" other components installed on an iPhone and iPad. To maintain a high level of security, and thwart fraudulent hardware, Touch ID sensors that fail these tests are automatically disabled.
Except that's not what happened - the whole device is rendered inoperable not just the faulty bit.
That's a very strange argument. "The faulty bit" happens to be the bit that is needed to make the thing work. What you are saying is that Apple should all access to the phone even if they know the security system is compromised? I'm not buying a phone that allows that!
So if my car comes back from the dealer with a broken security system, then it should just allow any key fob to open the door and start the car?
Because the iPhone has no other security protection other than TouchID, right?
iPhones were completely insecure until apple introduced TouchID with the 5S, right?
Come on man, use your head.
Yes, the usual problem with forum folk: flat-file thinking.
This isn't about stopping you from using your own phone. It's about stopping third parties accessing your stuff. Yes, the could just deactivate the TouchID, but since they do not know how the compromised device works because they have never seen it, then how can they be sure that their attempt would be successful? How do they know what else has been altered in the phone that might thwart their effort to shut it down.
Never assume you're the smartest person in the room. It really is that simple.
With that line of logic then any security breach should result in a complete wipe, not an error.
A detected hardware issue need not result in a software lock out.
It does from the user point of view, especially since the user may be the one compromising the system in the first place! All security goes through the secure enclave, if the device cannot trust what's in there then it must assume it had been breached and in that case, any use may be from the breacher (it cannot know).
The answer to that is not, more use, but should be, send it to be looked at to see if its actually secured by someone competent.
No, the Secure Enclave and the TouchID button are hardware functions to support fingerprint unlock, which bypasses the need to use the password set by the user. If the secure enclave or TouchID button experience a problem then the password is there as a backup. This is the design, evidenced by the reboot and TouchID failure policy - always offer password entry as backup. The only exception is this hardware error, which is clearly an unforseen consequence that results in users being locked out of the phones for no decent reason - they have the password.
The answer is to throw an alert that TouchID is not available, and may need servicing ("Error 53" alone is not useful)... and then offer password entry.
Comments
Yes, the usual problem with forum folk: flat-file thinking.
This isn't about stopping you from using your own phone. It's about stopping third parties accessing your stuff. Yes, the could just deactivate the TouchID, but since they do not know how the compromised device works because they have never seen it, then how can they be sure that their attempt would be successful? How do they know what else has been altered in the phone that might thwart their effort to shut it down.
Never assume you're the smartest person in the room. It really is that simple.
I assume that means Apple is able to "approve" a new sensor when it's installed, but third-party repair facilities can't. If that's the case, it may be argued that it's protecting the user by making theft an unprofitable venture.
It's possible I've misunderstood the particulars, so if anyone has information that contradicts anything I've written I'd be glad to see it.
From your linked article:
"Warranties against defects may set out requirements that consumers must comply with. For example, a warranty against defects on a motor vehicle may require the consumer to ensure any servicing is carried out:
Sounds a lot like what I said where manufacturers are allowed to set specifications that repairs must adhere to. Qualified staff doesn't mean the dealer - third party repair shops can also have qualified staff (licensed technicians).
Uh, that's what Apple does now. When this first came out iPhones wouldn't boot because the Touch ID sensor didn't pass initial security checks. Apple made changes to iOS such that if it detects a bad Touch ID sensor it will still boot, but Touch ID is completely disabled.
All these people talking about bricked phones seem to forget that they no longer get bricked. That only happened for a short period of time until Apple issued the update.
If you tamper with any security features your car will be a brick. As in your engine will refuse to start. Until you tow it back to BMW and pay them to fix whatever you or your shop did.
People who smash their screen and are too cheap to get Apple to replace it for them.
A detected hardware issue need not result in a software lock out.
The thing if someones to replace a key border security device without any oversight, then the whole network may be compromised (and possibly most nodes too); continuing to use it would be irresponsible (unless you don't give a crap who sees or uses your stuff).
All security goes through the secure enclave, if the device cannot trust what's in there then it must assume it had been breached and in that case, any use may be from the breacher (it cannot know).
The answer to that is not, more use, but should be, send it to be looked at to see if its actually secured by someone competent.
The answer is to throw an alert that TouchID is not available, and may need servicing ("Error 53" alone is not useful)... and then offer password entry.