If you crack the screen of your iPhone and take it to a third-party repair company, a technician can swap your broken screen for a new one. This screen may have been salvaged from another phone, or it might be an aftermarket part bought from any number of factories in China. These aftermarket parts are of varying quality—some are as good as Apple's original parts, others are less good. Regardless of the quality of the part, however, the repair tech never replaces the actual Touch ID button. Instead, they will swap it from your old screen onto your new one.The Touch ID sensor is paired with the "Secure Enclave" chip inside of the phone, which you may remember from the Apple vs. FBI encryption debate from last year. The Secure Enclave stores your fingerprint data, passcode, and other cryptographic information using a built-in random number generator. The security features that have to do with preventing repair, it should be noted, have nothing to do with the overall encryption of data on the iPhone. For the purposes of this article, accessing the data stored within the Secure Enclave is functionally impossible without entering your passcode to unlock the phone.
Apple notes in a white paper that the Secure Enclave and Touch ID are given a "device's shared key," which is a unique cryptographic signature shared between the Touch ID and Secure Enclave. This means that replacement Touch ID sensors will not work if swapped onto your phone, because they aren't paired with the existing Secure Enclave in your phone. This was a big problem on the iPhone 5S, because the cable that connects the Touch ID sensor to the phone's logic board broke easily during standard repairs. Replacement buttons worked as a home button only; Touch ID would be forever broken on that device, meaning the user had to enter a passcode whenever they wanted to unlock the phone. This is what it looks like when you put a new Touch ID sensor on an iPhone:Taken as a whole, companies that repair iPhones employ skilled people. They know to be careful with the Touch ID sensor, and they know that the old sensor must be transferred to the new phone when doing a screen repair. It's a system that's annoying, but that works for the vast majority of cases.How iPhone screen repair at the Apple Store works today
"There's never a moment when you're not with somebody else, and there's cameras everywhere but the bathroom"
If you take a phone with a cracked screen to the Apple Store, the Geniuses there don't have to swap the button from your old screen to the new one. According to one current and two former Apple Store employees, there is a "Calibration Machine" in the back room of every Apple store that is able to reset the pairing between Touch ID buttons and the Secure Enclave. So when Apple replaces your screen, it simply recalibrates the new button to work with your existing phone.
Though we don't know exactly how Apple recalibrates phones, Apple Geniuses told me that the machine is unable to bypass what's known as "iCloud Activation Lock," a security measure that bricks phones that have been reported as stolen. The recalibration can only occur if the phone has been unlocked by a customer using their passcode, meaning they are the owner of the phone. This is an extremely important point: All three Apple Geniuses told me that the calibration machine can currently only be used on phones that have been unlocked by their owners using their passcodes. The calibration machine also cannot extract any data from the phone.The mere existence of this machine, however, is hugely important to the future of iPhone repair.
"Apple is going to see it as an opportunity to cut off the aftermarket, to require software to do glass repair, which would be the end"
This brings us to the next model of the iPhone. If Touch ID is integrated into the screen and the home button is removed entirely from the device, then any phone that has a cracked screen will have to be recalibrated with the Secure Enclave in order to function properly. And if Apple controls the only machine that can perform recalibration, that spells doom for independent repair.iFixit, a company that posts electronics repair guides on its website and sells iPhone replacement parts, says that roughly 15,000 companies have signed up for its wholesale parts sale program; most of those companies would struggle to survive if Apple makes this change to the iPhone."If Apple integrates a component that has cryptography on it into a critical repair failure component, then we're going to have a problem," Kyle Wiens, CEO of iFixit, told me. "A substantial number of people who have bought a smartphone have broken their screens. It's a very common repair, and doing those repairs is a really important part of the economy.""You've got 15,000 repair shops across the country that are fixing these things," he added. "If there's a cryptographic element to fixing the glass, then our ability to do repairs could completely go away."Touch ID integration, then, is quite literally an existential threat to independent repair companies, and if Apple suddenly becomes the only company that is able to fix your phone if you break it, then do you really own it?
For the last several years, Apple has been lobbying against "Right to Repair" legislation that has been proposed in several states around the country. The legislation would require manufacturers to sell repair parts and diagnostic machines and tools to third party repair companies and the general public. Bills are being considered in Nebraska, New York, Massachusetts, Illinois, Tennessee, Wyoming, Minnesota, and Kansas.Specifically, legislation in these states notes that manufacturers "shall make available for purchase by owners and independent repair providers all diagnostic repair tools incorporating the same diagnostic, repair, and remote communications capabilities that such original equipment manufacturer makes available to its own repair or engineering staff." It also says that manufacturers "may not exclude diagnostic, service, and repair documentation necessary to reset a security-related electronic function from information provided to an owner or independent repair provider." Manufacturers must also allow owners to reset security systems back to their original state.
If the legislation passes, Apple will be required to sell its calibration machines on the open market. Not every mom-and-pop shop is going to buy a $20,000 calibration machine to fix a few iPhones, but many of the larger operations already shell out tens of thousands of dollars for top-of-the-line microscopes, and would surely buy the machine if it were made available.
"We've only got a one or two year window to get this done or it could be game over. So let's get it done."
Apple has never been specific about the types of security vulnerabilities it's worried right to repair will introduce, but it seems likely that Apple is lobbying at least in part to keep its calibration machine a secret and out of the hands of independent repair professionals. So, does Apple have a legitimate gripe with the legislation that is more compelling than the idea of a megacorporation losing a slice of the repair market?
"Apple has no problem inventing fear-based rhetoric that is not based in facts"
- Allow stolen, iCloud-locked phones to be unlocked
- Allow anyone to unlock the phone without the passcode
- Allow anyone to access the data within the phone without the passcode
The repair community, for its part, is not buying Apple's arguments. Apple has in the past introduced artificial software barriers to repair under the guise of protecting users' security, and has not earned the benefit of the doubt on the security issues (if any) of right to repair legislation.Apple spontaneously bricked thousands of user- and third-party repaired phones with a software update that caused a problem known as "Error 53" that affected any phone that had its home button replaced (Touch ID did not work on these devices but they could be used with a passcode). At the time, Apple noted that it was "the result of security checks designed to protect our customers … this security measure is necessary to protect your device and prevent a fraudulent Touch ID sensor from being used."Later, however, Apple pushed out an iOS update that fixed Error 53 and said the original error was a mistake and was "not intended to affect customers.""The real gateway to the secure boot chain of the device is always the passcode lock [and not Touch ID]," Jessa Jones, one of the world's best iPhone repair and data recovery experts, wrote to the Nebraska lawmaker who is sponsoring right to repair legislation. The letter was obtained by Motherboard, and Jones will be speaking to legislators at Thursday's right to repair hearing in Lincoln."Without the passcode, no data recovery in the world can access data on any modern iOS device," she wrote. "Apple chose to do nothing about [Error 53], then they lied about it to inspire fear about device security, even though they knew this was not in the consumer's best interest and there was no security risk. This tells us that at least Apple has no problem inventing fear-based rhetoric that is not based in facts."One of the central question that legislators must grapple with, then, is whether manufacturers should be able to maintain such extreme control over their devices even after they've sold them. Apple has taken many steps to protect the security of their customers, but in doing so, has worked to monopolize the repair business. Apple thus far hasn't been willing to be honest and public about the specific security concerns it has with repair, and yet legislators have continued to allow it to kill legislation that is aimed at benefiting its consumers."In other security-based industries such as locksmithing, there is no protective regulation in place to protect consumers from criminal intent," Jones wrote. "Consumers enjoy the freedom to employ any locksmith they choose. Criminal acts are criminal. It is counter to the freedom of our citizens to continue to ask consumers to throw away repairable devices over fear of potential criminal acts, especially when there is no evidence to support that there is a bona fide security risk from any aspect of independent repair."If Apple kills right to repair legislation and integrates Touch ID into the glass, Todesco jokingly imagines a future in which the world's best hackers partner with the repair community."Worst case scenario," he said, "we see Cellebrite in the repair business."Update: One sentence of this article has been edited to be more specific about the relationship between Touch ID, Secure Enclave, and repair.
"Worst case scenario, we see Cellebrite in the repair business"