In information technology, there’s almost always a tradeoff between security and convenience. The more convenient something is to use, the less secure it is. Otherwise, you could leave your front door unlocked, leave your car running, and have
123456 be your password for everything. However, as you know, that is far from secure. You need to lock your front door, you need to turn off the ignition, and you need to have unique, strong passwords for each of your online accounts. This inconvenience yields some measure of security.
The Guardian reported last week about a “fury” from iPhone users against Apple for bricking iPhones that have had their screens replaced by an unauthorized, third-party repair outfit, which inadvertently tampered with the Touch ID sensors during the repair process. Thereafter, the phones stopped working altogether.
According to various users quoted in the article, an iPhone 6 or later will report an “Error 53” and not function if a third-party repair person has replaced the screen or the home button and if the user has upgraded the phone’s operating system to iOS 9. The issue is prevalent enough that iFixit reports over 180,000 queries to their user forums about “Error 53.” The maligned users and Miles Brignall, the Guardian author who reported on the “fury,” all but accuse Apple of bricking these repaired iPhones in order to force users to only repair their phones through Apple or to buy a new replacement.
Could Apple’s move, which appears to be designed to squeeze out independent repairers, contravene competition rules? Car manufacturers, for example, are not allowed to insist that buyers only get their car serviced by them. Apple charges £236 for a repair to the home button on an iPhone 6 in the UK, while an independent repairer would demand a fraction of that.
Pointing to an economic motive is all too simplistic. Although Apple is certainly concerned with being profitable, these accusations always surface when Apple does something to “brick” someone’s computing device or peripheral. It happened when Apple…
- replaced the serial port with USB and rendered a lot of printers obsolete,
- eliminated the floppy disk drive in favor of optical drives on the iMac,
- replaced SCSI with FireWire,
- eliminated swappable batteries in their notebooks,
- and, most recently, replaced the 30-pin connector with Lightning.
And when these changes occurred, critics accused Apple of doing so in order to sell expensive adapters.
Instead, these are moves to destined improve the product and the experience. USB and FireWire were far superior to the serial port, ADB, and SCSI, as Lightning has been over the previous 2001-era iPod connector. Similarly, the only reason anyone ever needed a swappable notebook battery was to work longer than two hours, and the built-in batteries in the newer notebooks far exceeded that runtime, making toting those bulky batteries obsolete.
In this case, “Error 53” is to protect the security of the device. An Apple spokeswomen, quoted in the article, says as much:
We protect fingerprint data using a secure enclave, which is uniquely paired to the touch ID sensor. When iPhone is serviced by an authorised Apple service provider or Apple retail store for changes that affect the touch ID sensor, the pairing is re-validated. This check ensures the device and the iOS features related to touch ID remain secure. Without this unique pairing, a malicious touch ID sensor could be substituted, thereby gaining access to the secure enclave. When iOS detects that the pairing fails, touch ID, including Apple Pay, is disabled so the device remains secure.
However, Brignall scoffs at this explanation, labelling it overloaded with “jargon.”
But, to any reasonable technologically competent person, this explanation is certainly sound. Apple’s own philosophy is that iPhone users store all kinds of private information on their devices, and that is Apple’s responsibility to prioritize the security of that device, even at the expense of user’s going to the corner repair shop to fix a cracked screen.