The story that an iPhone owner’s personal data was leaked online while in the hands of an Apple Authorized Repair Center should give any owner of Apple hardware chills.
And Apple’s response to this is even more disturbing.
This incident occurred in 2016 at a Pegatron facility in California.
It is quite shocking.
Our devices contain a wide range of private and personal data, ranging from health and financial data to our communications, movements and personal photos and videos.
The idea of someone going through that when a device is being repaired and going so far as to share that information is appalling.
Must read: I just found my lost AirTag … you will never guess where it went
Apple is a company that claims to put privacy at the heart of everything it does. And yet, everything about how he handled this, until his inaction since, suggests that Apple cares more about its image than user privacy.
The fact that Apple’s involvement in this case was kept confidential, only becoming public following a legal dispute between Pegatron and its insurer over the cost, does not look good.
Now, there will always be people who find themselves in positions of trust that shouldn’t be trusted. It is a fact of life. But Apple is supposed to lead the way when it comes to user privacy, and that should include the privacy of users who want their devices fixed.
It is not clear here if the repair center requested access to the iPhone in question or if the device was unprotected, but in any case, the best way to prevent this from happening is to happen is to ensure that it cannot happen.
Just as some cars, such as Tesla, have a valet mode that secures access to certain vehicle features, Apple needs to implement a similar feature for its devices. This “repair mode” feature would allow repairers to access the device but no access to any data on the device.
It would be a great addition to new devices, filling a privacy gap.
I would also expect authorized repair centers to provide an environment where it would be difficult to spy on the data and be able to copy or share it. I have seen secure repair facilities where CCTV is used, test networks do not have internet access and are managed, and employees are not allowed to bring their own technology to repair areas.
It’s somewhat extreme, but as users are urged to trust Apple with more and more of their data, there must be a barrier between repair agents and the user’s personal data.
An alternative is a secure backup followed by erasure before a device is returned for repair, with the data being reloaded after the repair.
I know companies are trying to cut costs when it comes to repairing, especially when it comes to warranty work, but for a business that rolls in cash, that’s a bad excuse.
Additionally, while taking control of the privacy and security of user data during the repair seems costly, privacy breaches are costly, both in monetary terms and in bad publicity.
Apple provides advice to users on how to prepare their device for service, which transfers the responsibility to the user. The problem is, depending on what’s wrong with a device or how damaged it is, that isn’t always possible. For example, on an iPhone with a dead screen, suffering from water intrusion, or stuck in a boot loop, this will not be possible.
Owners need to be sure that they can send their hardware in for repair without this data being spied on, even if it cannot be securely erased.
You might also think that’s a lot for Apple in response to a single case from 2016, but given that Apple wanted to keep this quiet, we have to keep in mind that this might be the only case we have. knew among many others that we know. no.
Removing its involvement in these things does not help secure end users. It just allows Apple to pretend it’s not a problem.
And this is clearly a problem.