>The article only mentions the employees posted it from her Facebook account. Protocols have likely changed significantly since this happened in 2016.
Right — presumably directly from her phone, which is also where the photos and video were stored.
Hence, since they don't ask for the device passcode during service, I'm suggesting that the owner may well have not had a passcode on it at all, allowing the repair facility unfettered access to its content, including the ability to post as her from her Facebook account.
It shouldn't matter if she did or not, surely. You have an (entirely reasonable) expectation that sending your device in to an official repair place does not involve technicians going through your content.
I don't see how that's a straw man argument when your prior comment was clearly implying that she should not just assume that a hired technician won't sift through her personal data.
You're also assuming that she did not just disable her lock code prior to giving the phone for repair. For a non-tech person, it's a reasonable assumption that somebody might have trouble fixing a device that they're locked out of.
>I don't see how that's a straw man argument when your prior comment was clearly implying that she should not just assume that a hired technician won't sift through her personal data.
I maintain that, while what happened is terrible and indefensible, that's not a safe assumption to make.
>You're also assuming that she did not just disable her lock code prior to giving the phone for repair. For a non-tech person, it's a reasonable assumption that somebody might have trouble fixing a device that they're locked out of.
Apple instructs you during the service booking process to back up the device and erase it before sending it in for service, which is also documented elsewhere [0].
I feel like you're veering dangerously close to victim blaming here. Them asking the customer to erase their devices to "protect their data" seems like a thinly veiled attempt to cover their asses if one of their apparently not well vetted technicians decide to violate somebody's privacy illegally. It also sounds like a major pain in the ass especially for people who don't own a computer to backup that data to.
I have no sympathy for Apple here especially considering the level of FUD they spread about the Right to Repair movement exposing your Apple device to allegedly dangerous third party technicians.
It has nothing to do with people owning a PC; that's absolutely irrelevant. I also never even implied either Apple or the subcontractor should be held in sympathy.
The default on iOS is a 6-digit PIN for which you get ten attempts, with an increasing penalty after the first few. iOS really really pushes you to set a passcode. If you bypass that, then that's on you, even more so when your device contains anything you wouldn't like others to see, be it lost or stolen or submitted for service.
Sorry, I think this might have been my bad since I forgot that PC is synonymous with Windows computer in the US. I just mean you obviously need something to backup that data to. It could be a Mac or whatever but there many iOS users who don't own a laptop or desktop computer. I'll edit my prior comment for better clarity.
Assuming she didn't have something to backup the data to, then it would make some sense for her to disable the passcode so somebody could perform the repair without requiring the erasure of her data.
You can back it up to iCloud. In fact, iCloud Backup is even on by default. If you have more than 5 GB of stuff to back up (as most do), the next tier is 50 GB for a buck a month, or 200 GB for three bucks (and so on). It's very cheap insurance in case of catastrophe such as accidental deletion or a lost/stolen/damaged device (and a nice revenue source for Apple, of course, but that doesn't mean it's not worth it for a safety net for a lot of people's most important stuff nowadays).
With iCloud Backup enabled, your device automatically backs itself up overnight when the display is off and it's connected to power and Wi-Fi; manual backups can also be triggered any time — such as just before you wipe it to send it in for service.
Apple includes these instructions in their servicing kit (the box they send you to send in your phone), and also provides them in person if you drop off the phone at a store; you are specifically asked if you have a backup.
I do see that they can ask for a passcode or have you turn it off, especially for 'screen calibration' [0]. I see similar discussions on the Apple forum. The official guidelines don't mention it explicitly.
>I refused to provide mine just now. Genius consulted with someone else and was advised the password is not necessary after iOS 10.3. Weird.
Apple also doesn't mention the need for the passcode at all, only that you'll need your Apple ID's password to disable Find My iPhone (to prove the device is yours).
In fact, Apple specifically instructs you to back up your device and wipe it before sending it in for service [0].
Indeed, so it seems you can do without giving your password but apparently with a bit of pushing back.
I saw the instruction of Apple to wipe your phone. It is solid advice, but not sure what conclusion to draw from this.
On one hand this is something you always want to do, no matter the security you have on your machine, in order to reduce potential attack vectors. This advice you will give even if your repair people have no access to the device.
But I can also interpret is as advice because they will have access to your phone so better clean it before handing it in.
I had the keyboard replaced on a MacBook under warranty at an authorized repair facility. I had to continually decline to give them my FDE password. They fist wanted it written down on a sticky when I dropped it off.
Then they asked for it several other times to “verify” it was working. I kept telling them that you can test a keyboard just fine at the login prompt.
> Please report this to Apple; the AASP was not following the rules.
Which rules exactly? I wouldn't be surprised if a rule like you imply indeed exists, but it seems that it's inconsequential if it exists, judging by the experiences of many customers.
If Apple's legal team would not have tried to recover the money from the authorized repair place this would still be under NDA and no one would have known. Of course the authorized resellers' insurance will try to avoid paying anything.
I wonder if Apple legal now thinks the 5 million would have been worth eating to avoid this PR disaster.
19 comments
[ 2.9 ms ] story [ 60.6 ms ] threadRight — presumably directly from her phone, which is also where the photos and video were stored.
Hence, since they don't ask for the device passcode during service, I'm suggesting that the owner may well have not had a passcode on it at all, allowing the repair facility unfettered access to its content, including the ability to post as her from her Facebook account.
It shouldn't matter if she did or not, surely. You have an (entirely reasonable) expectation that sending your device in to an official repair place does not involve technicians going through your content.
You're also assuming that she did not just disable her lock code prior to giving the phone for repair. For a non-tech person, it's a reasonable assumption that somebody might have trouble fixing a device that they're locked out of.
I maintain that, while what happened is terrible and indefensible, that's not a safe assumption to make.
>You're also assuming that she did not just disable her lock code prior to giving the phone for repair. For a non-tech person, it's a reasonable assumption that somebody might have trouble fixing a device that they're locked out of.
Apple instructs you during the service booking process to back up the device and erase it before sending it in for service, which is also documented elsewhere [0].
[0] https://support.apple.com/en-us/HT201557
I feel like you're veering dangerously close to victim blaming here. Them asking the customer to erase their devices to "protect their data" seems like a thinly veiled attempt to cover their asses if one of their apparently not well vetted technicians decide to violate somebody's privacy illegally. It also sounds like a major pain in the ass especially for people who don't own a computer to backup that data to.
I have no sympathy for Apple here especially considering the level of FUD they spread about the Right to Repair movement exposing your Apple device to allegedly dangerous third party technicians.
The default on iOS is a 6-digit PIN for which you get ten attempts, with an increasing penalty after the first few. iOS really really pushes you to set a passcode. If you bypass that, then that's on you, even more so when your device contains anything you wouldn't like others to see, be it lost or stolen or submitted for service.
Assuming she didn't have something to backup the data to, then it would make some sense for her to disable the passcode so somebody could perform the repair without requiring the erasure of her data.
With iCloud Backup enabled, your device automatically backs itself up overnight when the display is off and it's connected to power and Wi-Fi; manual backups can also be triggered any time — such as just before you wipe it to send it in for service.
Apple includes these instructions in their servicing kit (the box they send you to send in your phone), and also provides them in person if you drop off the phone at a store; you are specifically asked if you have a backup.
[0] https://discussions.apple.com/thread/6762585
>I refused to provide mine just now. Genius consulted with someone else and was advised the password is not necessary after iOS 10.3. Weird.
Apple also doesn't mention the need for the passcode at all, only that you'll need your Apple ID's password to disable Find My iPhone (to prove the device is yours).
In fact, Apple specifically instructs you to back up your device and wipe it before sending it in for service [0].
[0] https://support.apple.com/en-us/HT201557
I saw the instruction of Apple to wipe your phone. It is solid advice, but not sure what conclusion to draw from this.
On one hand this is something you always want to do, no matter the security you have on your machine, in order to reduce potential attack vectors. This advice you will give even if your repair people have no access to the device.
But I can also interpret is as advice because they will have access to your phone so better clean it before handing it in.
Good to know we can refuse.
Then they asked for it several other times to “verify” it was working. I kept telling them that you can test a keyboard just fine at the login prompt.
The whole experience was pretty shocking.
Which rules exactly? I wouldn't be surprised if a rule like you imply indeed exists, but it seems that it's inconsequential if it exists, judging by the experiences of many customers.
I wonder if Apple legal now thinks the 5 million would have been worth eating to avoid this PR disaster.