Oregon passes ban on parts pairing

Via Ars Technica.

My thoughts on this could arguably be summed up in a Mastodon post (which I’ve already made, kind of) but I had some stuff I wanted to type out that’d go just over the character limits.

As you’d probably guess, my opinion on this is good, Apple and other companies need to cut this hubris out. Parts pairing is evil, full stop. I’m all for serializing parts, but only to inform the consumer of the status of their device. If I’m buying a phone from someone, it would be really nice to be able to jump into settings and get the full service history of the phone and see what parts were replaced over its lifetime. Much like a Carfax.

People weren’t okay with this, and I can see why: Because it’s not a far distance from that to “begin locking out unpaired parts”, which is precisely what Apple did.

I can hear the Apple faithful now, tapping away on their keyboards: “but xodium! Apple does this to look out for us! They care about security!” Yeah, no they don’t. This is 99.999% about control. The security implications (and benefits) are just a convenient side effect they can use to sell the general public on their anti-consumer bullshit. This has been going on far too long, and the buck needs to stop somewhere. Apple has taken away so much in the name of “security”, and much like politicians with ulterior motives screaming “it’s for the children” when wanting to pass some heinous legislation, Apple only did it as a smokescreen to make their garbage practices seem like they were for the greater good.

The App Store is a good example of this; Apple swears up and down that the Digital Markets Act in the EU is going to reduce the security of iPhones and has been vehemently fighting against it. Nevermind the fact that App Store security isn’t perfect, and scam/low quality apps make it through all the time. The only thing App Store review has really seemed to do is piss off developers of reputable apps. But yet, Apple acts like the App Store is perfect, nothing is wrong, no sir.

Is there potential for counterfeit parts as an attack vector? Likely, yes. Is it as widespread of a problem as Apple is making it out to be? I don’t think so. Not to mention that Apple’s parts pairing can be bypassed so long as someone has the right tools. Screen pairing can be bypassed with a specialized programmer (so long as the original screen is intact enough to copy the data from). Battery pairing can be bypassed by swapping the BMS board over to the new battery. Apple’s parts pairing isn’t stopping experienced people. It’s just a barrier and nuisance for regular people who have enough experience to swap components on their own, but lack the specialized tools to bypass said pairing processes.

It’s the electronics equivalent of “locks only keep honest people out”.

It’s only so most people will just admit defeat and go through Apple’s channels for repair, where Apple charges you an arm and a leg for repairs. (but also helpfully nudges you toward the new devices and asks you if it’s really worth it to do a repair?)

As such, Apple gets to become the final word on repairs, too, and if they decide to flip you the bird and tell you to sod off, you’re just screwed.

Make no mistake: Security might be a consideration for these anti-consumer moves, but for Apple, this is about control. Apple doesn’t want some “”unqualified”” tech touching their perfect devices.

Oregon’s legislation is a good first step in putting an end to this garbage, and I hope more states follow suit.

I do also have some bias here because some years ago, I actually had an iPhone X that belonged to my roommate. It got dropped into some water, and this caused the phone to start bootlooping. What was found was that the proximity sensor had failed. The liquid damage indicator in the SIM slot had turned red, but past that there was no sign of water ingress into the phone, amazingly enough.

I was eventually able to get the phone to boot up, but because the proximity sensor had failed, Face ID was no longer functional. I could replace the proximity sensor, as it was a replaceable part, but it was tied to the Face ID system, and replacing it wouldn’t fix Face ID. This problem would easily be fixed via a screen replacement (since the proximity sensor and everything around it gets replaced with the screen), but because the liquid damage indicator was tripped, they flat out refused to touch it short of a full device replacement, out of warranty, full cost.

No amount of negotiation with Apple would convince them to do it, not even agreeing that I would take my L and walk if this didn’t fix the issue. They see possible liquid damage, they want nothing to do with the phone.

Which, to be honest, is entirely fair. But Apple also holds the keys, and I can’t do any repairs, especially the repair this phone needs, without their blessing. And because they won’t give it, the phone essentially becomes a compromised device without functioning Face ID. If it wasn’t for parts pairing, I could do this all myself, and have a functioning spare phone. But because Apple–again–hold the keys, the phone is forever without Face ID (or features that depend on it).

It’s edge cases like that, that make me very much in support of governments forcing Apple to loosen their stranglehold. I’m sure I’m not the only one with a device that was pretty much sent to an early grave because Apple did something much like this.

(For reference, my friend now has this phone and keeps it in his collection of devices and it still works, to this day.)