19 comments

[ 3.1 ms ] story [ 44.3 ms ] thread
I never understood why the repair techs need my passcode to repair my iPhone (like replacing display or battery) and they suggest it as a first option unapologetically without even explaining privacy risks.
It's crazy that a repair shop needs your passcode. I can't think of any case where it would be necessary.

I'm glad this person won the lawsuit though; getting your nudes leaked is a really shitty situation to be in. Apple needs to do a better job vetting their repair shops.

Did anyone from Apple went to jail? This is clear case of revenge porn and online sexual abuse!
There is a long and shameful history of repair techs and computer shops doing this to people. From the stories I've heard from people who've been in that industry, looking for nudes on customer devices has been almost an expected and tacitly tolerated norm for decades. Its not going to stop on it's own, so we need to start throwing the book at these people. Very long prison sentences are in order. It's a form of sexual abuse and should be considered a very severe felony.
There is a research paper on the subject "No Privacy in the Electronics Repair Industry" from 2023 https://ieeexplore.ieee.org/document/10179413

TLDR:

Researchers visited 11 service providers in Canada to replace a laptop battery. 10 out of 11 service providers requested OS passwords, 8 stored the password in their database and 5 printed the password on a sticky note and attached it to the device. In the second part of the study, the researchers prepared laptops with an easy-to-fix problem, some revealing pictures on the disk and custom logging software. In 6 out of 16 cases, the photos were opened and viewed and in 2 cases, logs were missing.

This is weird. On one side, why would you give your passcode to a device that contains a lot of stuff, usually financial apps, message history, in a lot of cases access to corporate information... and eventually nudes.

On other side, as a technician, how retarded you must be to have access to all this data and to take nudes and post them online. Like whats the end game? What sort of outcome do you expect?

This is just like the story that happened few weeks ago, when someone gained access to a popular npm packages and uploaded the most obviously visible crypto stealer.

> This case shows how, even when Apple tightly controls its repair infrastructure, it cannot prevent disastrous cases like this

Customers should be able to choose where to repair their device, or even be able to repair it themselves. Just because it's an "official" repair shop doesn't mean its the best and the safest. Louis Rossmann has been saying this for years.

My Samsung mode has a repair mode where it sort of creates like a user that doesn't have my files or personal stuff
Why doesnt apple add a repair mode? Access to most settings but not data? Then train users to never give their password to Apple (like banks say never say even to us your PIN or online password)
Unfortunately this occurred in 2016, long before they added "repair mode" in iOS 17.

But I should mention, I was in the middle of writing a comment along the lines of "apple really needs to add a repair mode to iOS" before going to look it up and realizing that it's actually been there since iOS 17.

For me this highlights another issue with iOS which is it has many awesome features that you just won't know about unless you're a techie that keeps up with the news. One great example is the "hidden folder" feature that allows you to hide sensitive apps in an unmarked folder that when set to it's most secure setting, can only be opened with FaceID and no passcode backup. Along with some other features like preventing the app from showing up in your app switcher.

This is a genius feature but I see very few people with it enabled, mostly because they just don't know it's a thing. Something like this should be front and center when you first setup your device but instead it's a feature so buried that I had to lookup a guide on how to enable it.

And repair mode is equally buried, I had to lookup a guide on how to enable it as well. IMHO Apple really needs to tweak iOS to better surface these features.

>Unfortunately this occurred in 2016, long before they added "repair mode" in iOS 17.

Why isn't showing the user how to enable "repair mode" one of the first things the "genius" does if such a feature exists? In the same spirit as us turning away when a user enters their password.

Date article posted: June 8th, 2021

Date Apple announced self-repair kits program: November 17, 2021

I had been wondering what inspired that program — sure, it’s a good idea, but it’s an odd investment for a corporation. Three months is about their usual turnaround from “okay, this is humiliating” to “okay, we’ve announced our intent to fix”. Thanks, Vice!

A "privacy first" company would never ask for passcodes. They still do in 2025. Just goes to show that Apple's privacy claims are theater.
Somewhere in the 2013-14's or something my MBP had a faulty GPU and I brought it in for free repair (that they put in another faulty GPU which failed after the same time as the first one, but it did get them over of the warranty period is besides the point), and they asked me for my root password. I gave it, and felt incredibly dirty. I would never do that again.
This is pretty bad. Surprised they got away with it for so long
Oh if you only knew what was happening in the back room when you transferred your device from one computer to another...