Apple Takes Heat For Software Lock That Prevents iPhone 7 Home Button Replacement By Third-Party Vendors
from the right-to-repair dept
We've been discussing for some time how John Deere, Apple, Sony and Microsoft are among a laundry list of companies fighting against so-called "right to repair" bills. The bills, currently being pushed in a handful of different states, make it easier for consumers to repair their own products and find replacement parts and tools. The bills are an organic consumer response to the attempts of many of these companies to monopolize repair, driven in large part by John Deere's draconian lockdown on "unauthorized repairs" -- forcing tractor owners to pirate tractor firmware and maintenance tools just to repair products they thought they owned.
Apple's been notably vocal on this subject, recently trying to shut down a Nebraska right to repair bill by proclaiming that it would turn the state into a dangerous hacker playground. Of course, propped up by the DMCA's anti-circumvention rules, Apple has utilized a rotating crop of tools to try and protect this repair monopoly. Last year, for example, Apple caused a bit of a shitstorm due to "Error 53", part of an iOS update that bricked phones that had their screens replaced by third party repair vendors.
Having apparently learned no lessons from the backlash from that use of repair locks, Apple is once again taking heat for new software locks cooked into the iPhone 7, which prevent the device's home button from working after it has been replaced. Unless, that is, the replacement is performed by a certified Apple technician with the proper "re-calibration" software. The home button is used to unlock the phone, and to return the user to the home screen when pressed.
In previous iPhone versions (iPhone 5S, 6, and 6S) if you replaced the home button you lost the security function, but users could still login via pin -- and the button still worked to bring users "home." But with the iPhone 7, replacing the home button via third-party vendor results in the button not working at all -- unless you take the device to Apple's Genius bar. This is, independent repair shops claim, just part of Apple's overall strategy of monopolizing repair, hampering third-party repair vendors, and restricting consumer choice:
"In a video demonstrating the block, Michael Oberdick, owner of the independent iPhone repair shop iOutlet, swapped the front displays (and home buttons) of two iPhone 7 devices. When swapped, the phone displays an error message that says "The Home Button May Need Service." Its functionality is disabled and "Assistive Touch" automatically pops up on the device, creating an onscreen, software-based home button."
This is, Oberdick argues, little more than a vindictive, anti-consumer move on the part of Apple:
"Not supporting that menu function makes no sense," Justin Carroll, owner of FruitFixed, an independent iPhone repair shop, told me. "Just a sad and petulant move on their part that will directly affect consumers especially after their one year manufacturer warranty is up."...This may sound like an esoteric issue, and to some extent it is—screen replacements can still be done so long as the original home button is carefully removed and moved to the new screen. But software locks specifically designed to prevent repair are a monopolistic, anti-consumer move that attempts to "tie" an electronic to the manufacturer even after it's already been sold.
Whether coming from Apple, Sony, or Microsoft, opposition to "right to repair" bills usually focuses on the three (false) ideas: the bills will make users less safe, somehow "compromise" intellectual property, and open the door to cybersecurity theft. Apple will be sure to breathlessly insist that they're only making the iPhone 7's home button impossible to repair to protect consumer security, hoping you'll ignore the entire practice of such software locks simply allows the company to monopolize repair, drive up the cost of overall ownership for all of its customers, and make life harder for third-party repair vendors.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: digital locks, home button, iphone, right to repair, software lock
Companies: apple
Reader Comments
Subscribe: RSS
View by: Time | Thread
That said, this is not the ownership sky-is-falling moment people are making it out to be. The button functions as the fingerprint reader for the device, and by linking the device to the motherboard it ensures that the device is secure even if it leaves your possession.
Maybe there's a secure way that a new fingerprint reader could be synchronized with the phone regardless of who installs it, but I'm not sure what that would be.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
When they had to release the keys to their windows so others like firefox and chrome could install their browsers on the windows platform.. I can't remember the name of it,, but I am sure that this falls in the same...
[ link to this | view in thread ]
Re:
In this instance it's a security choice, not an anti-consumer move.
http://www.imore.com/apple-took-touch-id-security-one-step-further-secure-enclave-heres-how-and -what-it-means
[ link to this | view in thread ]
Re:
That legal battle - this was before Firefox or Chrome - was about Netscape wanting access to unpublished internal Windows APIs. At the time Netscape had more of a monopoly* on browsers than Microsoft had on OS's. Microsoft didn't want to give them access because Netscape was trying to expand its browser into a competing OS.
* That is, a larger market share. Which some still declare a monopoly despite viable alternatives.
[ link to this | view in thread ]
It looks like a reasonable security measure to disable a suspect authentication method.
The button serves the purpose of a regular button and a fingerprint sensor for authenticating the user. The button interacts as the button and the as fingerprint sensor with the phone through a single cable that has been effectively paired with the device. They are disabling the device entirely as soon as they detect anything that could be a man-in-the-middle attack.
While it may make some sense to only disable the authentication communication and not disable the "button click" communication, that may have actually introduced a security risk as for every bit of communication you receive, you have to do some processing to see if the type of communication was disabled.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re:
No.
Windows is an open platform; there are no "keys" required to install programs on it.
Microsoft did get in trouble for contractually obligating hardware vendors to put Internet Explorer on the desktop if they shipped their hardware with Windows. This did not technically prevent the hardware vendors from including other browsers (we're talking about Netscape and Opera here; Firefox and Chrome did not exist yet), but most vendors opted not to put two web browsers on the desktop.
In the US, Microsoft was fined for this, monitored by the courts for several years, and forced to change the language in its contracts with vendors, and to include a program that easily allows Windows users to change their default browser.
The EU went farther, and (IIRC) forced Microsoft to bundle competing browsers and allow users to choose a default browser at first login. But that never happened in the US.
They're really not the same thing at all, except that they're both anticompetitive behavior by large computer companies.
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
Now who can get hold of your phone long enough to attack its security, I will give you a hint, they all have three letter acronyms.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re:
The get the phone, give it back, and now get hold pf it
again after it has been used is an unlikely scenario.
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re:
HOWEVER, the way the iPhone 6s and earlier handles this is that it lets the home button function as a home button (no security issues there) and just won't let the fingerprint reader work. I see no reason why they couldn't have continued this with iPhone 7 -- there's not too much that could be done here (maybe have circuitry embedded that monitors the circuits used by the print reader and also by Apple Pay? That's about the only issue I could see).
[ link to this | view in thread ]
Re:
That's the one where the BIOS had to be cryptographically signed against the hardware, and any OS not signed would not boot. This of course was a problem for Linux, which is open source and doesn't have an individual who could oversee the master key for each piece of hardware out there.
So MS and Intel figured out a way to create a bypass to the TPM check, and also agreed to hold signing keys for known trusted Linux distributions so that they could run in signed mode.
[ link to this | view in thread ]
Re:
For a device for hobby development? I'll get something with Android on it, strip out the stuff I don't want, and assume it's compromised from the get-go. No financial activity or other sensitive data goes on that phone, but emulators and personalized UI elements do.
[ link to this | view in thread ]
Re: MSFT
[ link to this | view in thread ]
Re: Re:
On the 7 and 7+, there's no button that I know of right? I thought it was solid with a force Touch thing to give you a virtual feel of pushing a button. How would it go bad? Can't you just swap the button to the new screen? I haven't looked into the iphone 7 and see how things are done.
I just didn't think it was any kind of a wear device at this point and you could swap it like buttons in the past.
[ link to this | view in thread ]
It's about power and control guised as security
Apple has enough people drinking their Koolaid that they can get away with crap like this.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Apple - for people who can't make decisions
When using a PC "do I click the right mouse button or the left?!?! PCs are so confusing!"
When using an Apple they find it simple "No button to choose, I just push the mouse down! Simple!"
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Off course it will be a non-replacable alkaline battery...
[ link to this | view in thread ]
They don't want to rapair stuff anyway.
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re:
If Richard Stallman were here, I am 100% certain that he would correct you and ask that you refer to him as an advocate for free software, not open source.
[ link to this | view in thread ]
Re: Re: MSFT
And on 56K dialup, it kinda was.
Downloading a new browser in those days wasn't a one-minute process like it is now; it was a hassle. The vast majority of users used the browser that came with their computer. MS engaged in anticompetitive behavior to ensure that OEMs would not include other browsers.
[ link to this | view in thread ]
Re: Re:
Which is exactly what you get when you buy apple, no need to assume.
[ link to this | view in thread ]
iPhone 7 now a brick after update
I sent the phone into Apple and they said it could not be repaired as it had been tampered with by a third party. They sent it back unprepared or said I could buy a new one for $700.
As I have searched the internet, it seems that many iPhone 7 users are in the same boat.
Once again, I feel used and cheated by Apple. No options! Looking for legal recourse
[ link to this | view in thread ]