Every month, thousands of perfectly good iPhones are shredded instead of being put into the hands of people who could really use them. Why? Two words: Activation Lock. And Macs are its next victim.
“We receive four to six thousand locked iPhones per month,” laments Peter Schindler, founder and owner of The Wireless Alliance, a Colorado-based electronics recycler and refurbisher. Those iPhones, which could easily be refurbished and put back into circulation, “have to get parted out or scrapped,” all because of this anti-theft feature.
With the release of macOS Catalina earlier this fall, any Mac that’s equipped with Apple’s new T2 security chip now comes with Activation Lock—meaning we’re about to see a lot of otherwise usable Macs heading to shredders, too.
While I understand the need for security features such as these – who doesn’t – it should definitely be possible to save these devices from the shredder. It’s such a waste of perfectly good hardware that could make a lot of less-privileged people around the world a whole lot happier.
I’m positive these can be hacked, even if it requires a hardware mode, but at what expense?
Google’s FRP does the same thing, and even as a legit owner I was locked out of my own phone because I didn’t have access to the google account (I don’t use a google account for anything, however android forces you to create one to install apps and unbeknownst to me, google simultaneously installed it’s FRP lock on my phone without my knowledge or consent) Fortunately I found a vulnerability in FRP and was able to bypass it at the time. But for a recycler, they’re not going to be able to put the time and energy into hacking phones, they’ll get tossed into the scrap pile immediately.
I’m afraid the planet’s going to hell, and these companies really don’t give a crap about the damages they’re doing. The only thing they care about is profits, which is why governments need to get involved to provide economic incentives to do a better job. Only problem is many of our government leaders don’t give a crap either and are eager to trade the long term health of our planet for short term wealth in their pockets. Mark my words, this will be the downfall of our civilization. 🙁
I am a little confused and have some questions about your comment…
You were the legit owner of the phone but didn’t have access to the Google account on it? Huh? That’s ironically the same situation a person who bought a stolen phone find themselves in. LOL More perplexing is a person who can’t figure out how to get into their Google account was able to “hack” FRP. Amazing!
I can understand not wanting to use Gmail and other Google services but just having a Google account is not really that much of a burden. How do you expect to use any modern Internet/cloud connected device without some sort of account? You needed an “account” to just post on OSNews. LOL If you are that distrustful of Google maybe you should not be using an Android phone to begin with.
I think FRP is a good idea security wise but we certainly need more education out there. I just recycled my old phone and it’s not that hard to do a factory reset.
MJ,
You laugh, but think about a site you may have needed to register on before being able to download a piece of software, are you going to remember a username and password you used only one time after a couple of years have passed? Most probably not.
I never used or cared about the google account after initial setup. However ~2 years in the phone was acting up and I needed to do a firmware reset on it, which is reasonable. I never had problems resetting older versions of android. However this time when I reset my phone I became locked out. I did not have the account name or password (it doesn’t help that billions of google account names are already taken and after dozens of registration attempts you end up with a gibberish username).
Why is that perplexing? It’s easier to hack FRP on your own device than it is to hack into a google account on google’s servers.
It’s an artificial requirement though. Most of the phones I’ve owned have never required a google account. You naturally need an account with the telephone company, but not google. Privacy is a really good reason to not have a google account, but google has a strong incentive not to give you that privacy though.
Comparing osnews to google…LOL.
For my next phone I made sure that I could install a google-free firmware. I installed a microg build of lineage os, which is not only google free, but emulates the google services that so many apps depend on just to work at all. I couldn’t be more pleased with it:
https://lineage.microg.org/
It is hard if you don’t have access to the account, which makes me wonder just how many people there are using their phones just fine on a daily basis but would not be able to recover from FRP lock if their phone were factory reset. Statistically it’s probably millions of people. Most likely they’d end up throwing their phones away if they couldn’t find the tools to break into their own phones.
But somebody working at a recycling center will happily stolen phones for their friend for a small fee.
The permanent lockouts do help with stolen phones, which is important, but being able to refurbish them is also important.
Not sure how to fix this. Maybe making it much easier to report stolen phones, and much easier for refurbishing centers to both discover stolen phones, and unlock ones that aren’t, along with some sort of mandatory waiting period?
Drumhellar,
There’s a lot to consider here. For starters, these recyclers already have an abundance of used phones coming in every day that they didn’t have to steal. I don’t really see all that much motivation for them to open a risky side business in stolen phones when they could literally just take one from one of their own bins. Maybe I need to be more cynical though, haha.
A second point is the effectiveness of these anti-theft functions against determined hackers is somewhat exaggerated.
http://checkm8.info/
It’s conceivable that anti-theft mechanisms could end up impeding recyclers more than determined thieves, which would be the worst of both worlds.
Thirdly, corporate attempts to reduce the number of phones in the secondhand market and increase the demand for new phones actually increases the economic viability for stolen phones. It’s not in apple’s interests to make the secondhand market more plentiful, however the law of supply and demand technically dictates that an increase in the supply of legitimately used phones is detrimental to the value of stolen phones.
I think you’re on the right track. Nobody wants to buy a stolen phone (for the most part), so ideally it should be possible for buyers of secondhand phones themselves to lookup the status of the phone they just bought. If vendors were forced to refund buyers of stolen phones, the market for stolen phones wouldn’t be profitable. But the database itself needs to be robust and tamper-proof, which could be a challenge in and of itself.
iPhones for the Underprivileged.
What does Apple’s Marketing Team think about that?
It’s pretty obvious. The anti-theft feature is great, but having a mechanism in your Apple account to “release” your phone from it wouldn’t be too hard to do for Apple (with two-factor auth etc. in place).
Except that Apple already has a record for hating repairs and refurbishment of their hardware. This is just one of many known examples that fit into the picture. See their ifixit scores, the right to repair movement and how Apple relates to it, the stories about Apple preventing import of authentic replacement batteries on shady legal grounds, etc. pp.
They already have that. If you’re the owner of the device or know the password for the Apple ID, just sign out. Activation lock gone. The problem is when these devices are dropped off at these centers, and they don’t know who the original user is and have no way to release the device without the original Apple ID holder.
I don’t know what the compromise would be here. I’d say a way for a licensed refurbishing or recycling center to have the devices unlocked, however then people will complain that Apple’s not fair if a license is denied. They can’t just unlock a device for anyone who asks, or they might as well disable all security features permanently. Note though that this suggestion assumes that Apple have a way to unlock the device without the Apple ID. I’d think they must, however I do not know if they do.
darknexus,
Assuming the apple account is still in use by the original owner, apple could get confirmation from the owner that the device was recycled. For prompt response, the user could get an automated text message or telephone call telling them to login to apple account whenever an unlock is requested.
If the phone was reset by the owner, the notification is redundant/expected.
If the phone was in fact recycled, presumably the user would get the notification on their new phone and could tell apple to release the lock.
If the phone was in fact stolen, the data associated with the unlock request could help apple/owner/law enforcement track down the thief.
I don’t know that apple has a financial incentive to do this, but I would think it could technically do it and it would be beneficial for both users and recyclers.
I get where you’re coming from, but again, I’m talking about cases where the original user is not able to unlock the device. It is these instances that cause the real problems for recycling and other refurbishing centers. If the user can access their Apple ID, they can remove the activation lock already and nothing need be done otherwise.
darknexus,
I get where you are coming from as well, but I imagine that for many of the cases where phones come in locked, the donators are still alive and well, only the recycling company has no way to reach them. Apple could fix that.
This activation for iphones and ipads are one of the most annoying and obnoxious things I’ve ever seen. We had an iPad here in the office that was given to us when one of the coworkers left. When we tried to use it, no one remembered the appleid password and nothing, not even a hidden factory reset, could remove the association of the ipad with that apple id. So it just laid there gathering dust.
Imagine if you will, a serviceable computer, where the harddrive could simply be replaced. I will not buy a mac which has a soldered SSD. I understand that will never be a mass movement, since most people don’t have a clue how these components go together, but really, where’s the outrage?! I NEED OUTRAGE!!!
There is a market for used/stolen/damaged iPhones that are also locked. They get sent overseas where it is cheap enough for the work to be done to bypass the lock and get the phone working again. Next, they’re re-sold.
I think one of the benefits of the activation lock is that it does make theft a lot less appealing for all but the most organised groups of criminals who can make a profit with scale.
Stolen Phones and Laptops aside,
I’m worried about legit owners who get locked out of their devices or computers because of Activation Lock.This happened to my company years ago with M$ and Product activation sort of… while it didnt lock us all out of our PCs, it hampered productivity greatly even though we had a site license and all machines were certified. When the tide turns again to Apple (post steve jobs), I believe This would be very foreboding.
It would be super-easy to make a wipe function that completely wipes all info from the phone and leaves it unlocked. Apple isn’t about to do that as it means more sales to not do so. It’s basically the same issue with them not wanting to allow 3rd parties to repair their stuff.
This is such a bizarre debate, everyone knows poor people only get Apple products by stealing them!
At least that is what the Apple policy seems to indicate, and that recycling is bad for the planet!
Oh, I’m completely wrong and take it all back, Apple is actually saving us from terrorists who tune stolen iPhones into iBombs!
Yes, but imagine how much money in *new* iPhone sales Apple loses every day with “the poors” turning to eBay or Craigslist to buy a used phone. If more of those used phones and Macbooks couldn’t be re-sold due to activation lock, that would boost the price of unlocked used iPhones (which usually have to be paid for in one lump-sum purchase). That would make the option of buying a new iPhone through a carrier’s “discount” program much more appealing. That’s a win-win for Apple and cellular carriers, not so much a win for “the poors.”
Wouldn’t removing the idevice from the associated Apple account do the trick?
dark scizor
I don’t know how apple’s locks work in terms of whether it can be unlocked from the apple account or if it has to be done locally.
On android, google installs it’s FRP lock on your phone until you remove the account, but even on android I don’t know what would happen if you tried removing a device from within your google account instead of on the phone.
https://www.epcusa.com/blog/2019/06/20/how-to-remove-a-google-account-frp-from-an-android/
FRP is designed to prevent a new user from using the phone without getting permission from google’s servers first. Under normal circumstances, google’s servers are programmed to release the FRP lock when the previous user logs in with credentials to remove the google account. If you don’t have the google account credentials you can’t use the phone even if you were the previous user on the phone and have the correct login pin!!! Google technically has a backdoor to unlock FRP on every android phone, the lock is entirely under google’s control and they could certainly give recyclers a means to disable it, but my searches failed to find a program where google does so. Without a google authorized way to disable FRP, they’d be forced to find the FRP vulnerabilities/tool to bypass it just like criminals even if they’re legit.
If anyone has specific knowledge about whether and how apple’s activation lock differs, I’d like to hear it.
Apple’s lock works much the same as what you describe, though going in and removing the device from your Apple ID will remove the activation lock *unless* you’ve locked it first by initiating a remote lock and wipe. This doesn’t help the recycling centers though.