¶ On Privacy and Servicing Apple Devices
/Yesterday my friend Adam asked me for advice on what he should do when taking his Mac in for service at the Apple Store.
@chrisdejabet, what say you? https://t.co/qsSnoP97vQ
— Adam Stahr (@adamstahr) August 7, 2017
The question is simple: Should the drive be wiped for privacy reasons?
The answer is equally simple: Yes.
That said, Apple shouldn't even be making a person consider this question. The problem in this entire situation is Apple requiring the admin password in order to service a device.
And it is indeed a requirement. I've been asked for my admin password on a Mac or the device unlock code on an iPhone by Apple Store employees before. And I have tried to refuse in the past, at which point the Apple employee will promptly cease helping you.
This is wrong. Apple should not require me to write down my password on a piece of paper and then take my device into another room for hours on end. Also, they do not inform you what happens to that piece of paper containing the password when service is finished. For all I know my encrypted drive could have been cloned and the admin password is now known in order to decrypt it.
Now, I'm the type that knows this dance with servicing devices, and I make a backup and wipe the device prior to service, using a simple generic password for the device during the service period. After I receive the device back, I need to spend a great deal of time restoring the device from backup.
It's inconvenient and unnecessary.
I have a proposed solution for this and Apple could build into every device they make. Create a service partition. A service partition of the device's storage would allow Apple to boot up and test the functions of the device without having access to user data. This partition would not have admin rights to the system, but would provide only the access necessary to run tests to ensure service was successful.
I imagine this being similar to booting up a Mac into Apple Diagnostics or macOS Recovery. With a Service Partition, core functions for testing would exist, without providing access to user data. No password is needed. Privacy is maintained.
Apple should build this into macOS, iOS, watchOS, and tvOS to protect their users and make servicing devices more efficient.