Pixel Envy

Written by Nick Heer.

Two Angles on Apple Product Repairs

Joe Rossignol, MacRumors:

Due to advanced security features of the Apple T2 chip, iMac Pro and 2018 MacBook Pro models must pass Apple diagnostics for certain repairs to be completed, according to an internal document from Apple obtained by MacRumors.

For the 2018 MacBook Pro, the requirement applies to repairs involving the display, logic board, Touch ID, and top case, which includes the keyboard, battery, trackpad, and speakers, according to the document. For the iMac Pro, the requirement only applies to logic board and flash storage repairs.

If any of these parts are repaired in an iMac Pro or 2018 MacBook Pro, and the Apple diagnostics are not run, this will result in an inoperative system and an incomplete repair, according to Apple’s directive to service providers.

Apple’s diagnostic suite is limited to internal use by Apple Stores and Apple Authorized Service Providers, as part of what is called the Apple Service Toolkit. As a result, independent repair shops without Apple certification may be unable to repair certain parts on the iMac Pro and 2018 MacBook Pro.

Adam O’Camb of iFixit:

This service document certainly paints a grim picture, but ever the optimists, we headed down to our friendly local Apple Store and bought a brand new 2018 13” MacBook Pro Touch Bar unit. Then we disassembled it and traded displays with our teardown unit from this summer. To our surprise, the displays and MacBooks functioned normally in every combination we tried. We also updated to Mojave and swapped logic boards with the same results.

That’s a promising sign, and it means the sky isn’t quite falling — yet. But as we’ve learned, nothing is certain. Apple has a string of software-blocked repair scandals under its belt, including the device-disabling Error 53, a functionality-throttling Batterygate, and repeated feature-disabling incidents. It’s very possible that a future software update could render these “incomplete repairs” inoperative, and who knows when, or if, a fix will follow.

FUD aside, this is pretty good reporting: Apple’s repair guides say that, for security reasons, many of the components of the iMac Pro and 2018 MacBook Pro must pass a software diagnostics check after replacement; iFixit tested this and found it not to be the case that the product becomes inoperable, even though Apple’s guidance suggests that it will.

Maintaining the security of components like the keyboard, Touch ID sensor, and logic board seems completely fair to me. Even if Bloomberg’s recent report on compromised Supermicro servers from China turns out not to be exactly as described, it’s completely plausible for cheap parts to contain malicious components — HP’s laptops had a keylogger preinstalled, and there were reports last year that inexpensive replacement phone screens could track a user’s touch input.

But I also completely understand the value of right-to-repair legislation. Sometimes, a Genius Bar appointment is difficult to make either because they’re fully booked or there isn’t an Apple or Apple-certified store in your area. Other times, Apple’s retail staff may suggest needlessly expensive replacements when a simpler fix could be found by more experienced independent technicians.

Rather than compromising the security and privacy of their products, I’d like to see more progress made on certifying independent technicians and making Apple’s official tools more accessible. The security threat model isn’t the same as it once was; your phone probably has a lot more information on it than your computer of ten years ago. Yes, it’s more complicated to replace parts now, but it’s not entirely because companies like Apple want to lock out independent repair shops. Apple’s diagnostic tools could play a great role in this: imagine if you could take a printed report of a successful repair and type in a serial number on Apple’s website to verify that your device was serviced with genuine parts and passed Apple’s testing.

For a different story, Wayne Ma at the Information has a look inside the world of iPhone repair fraud in China. It’s paywalled, but Benjamin Mayo of 9to5Mac has a good summary. Ma:

Five years ago, Apple was forced to temporarily close what was then its only retail store in Shenzhen, China, after it was besieged by lines of hundreds of customers waiting to swap broken iPhones for new devices, according to two former Apple employees who were briefed about the matter. In May 2013, the Shenzhen store logged more than 2,000 warranty claims a week, more than any other Apple retail store in the world, one of those people said.

After some investigation, Apple discovered the skyrocketing requests for replacements was due to a highly sophisticated fraud scheme run by organized teams. Rings of thieves were buying or stealing iPhones and removing valuable components like CPUs, screens and logic boards, replacing them with fake components or even chewing gum wrappers, more than a half-dozen former employees familiar with the fraud said. The thieves would then return the iPhones, claiming they were broken, and receive replacements they could then resell, according to three of those people. The stolen components, meanwhile, were used in refurbished iPhones sold in smaller cities across China, two of the people said.

These criminals were so sophisticated that they resorted to bribing employees and acquiring the serial numbers of iPhones in China to support this scheme.

Ma’s report also helps explain my frustrating support experience at my local Apple Store:

To slow down fraud at its retail stores — a main point of vulnerability — Apple developed a reservation system, which required customers to make appointments online with proof of ownership before they could file claims, according to more than 10 former Apple employees. However, the system was soon swamped with hackers who exploited vulnerabilities in its website to snap up the time slots, one of the people said.

It’s unfortunate that many of the things that used to make Apple’s stores a completely different retail experience — the virtually untethered demo units, easy-to-access support, “surprise and delight”, and a comparatively relaxed staff presence — is being watered down either by crime or for what can often feel like financial reasons.