Clickbait, clickbait everywhere, and not a byte to think
Clickbait is everywhere. It could be argued, of course, that anything posted by any of us who blog or tweet or comment is clickbait. We post it because we want it to be read, right? But when I say “clickbait” I mean headlines that are intentionally provocative and sensational, usually misleading, or at least failing to deliver what is promised. Neil Gaiman tweeted a particularly amusing clickbait headline that uses both him and George R.R. Martin to lure you to the web site: Is Neil Gaiman in town to help GRRM with edits on THE WINDS OF WINTER? And the opening paragraph of the story (which absolutely does not tell you anything about either Neil, George, nor the next Game of Thrones book) even admits that the story is nothing but clickbait. As Neil’s tweet observed, “At least it’s a clickbait headline that has the decency to squirm and grin and admit it…”
Other clickbait is less honest. Such as just about any headline about Apple. A lot of people have been griping about how underhanded Apple is being, or how they’re punishing users for going to cheaper alternatives with the “Error 53” stories. Some of the headlines cram entire editorials and a half dozen inaccuracies in the one headline, such as “Apple remotely bricks phones to punish customers for getting independent repairs.” Only one word in that headline is not an outright lie. Yes, only one.
But why are phones from Apple giving some users an Error 53 and refusing to work? What could possibly be the cause? Oh, if only there was some explanation… oh wait, there is:
“We protect fingerprint data using a Secure Enclave, which is uniquely paired to the Touch ID sensor,” said an Apple spokesperson in response to complaints from users. “When [an] iPhone is serviced by an authorized Apple service provider or Apple retail store for changes that affect the Touch ID sensor, the pairing is re-validated. This check ensures the device and the iOS features related to Touch ID remain secure. Without this unique pairing, a malicious Touch ID sensor could be substituted, thereby gaining access to the secure enclave. When iOS detects that the pairing fails, Touch ID, including Apple Pay, is disabled so the device remains secure.”
I tracked down this information, but I didn’t have to, because I already knew the answer as soon as I saw the first headline. I knew because I actually read about the new features of my phone when they added Touch ID two years ago. They described the security feature, and how the Touch ID sensor was paired with the security chip. And this information wasn’t buried in fine print somewhere. They actually talked about it in the keynote speech where they introduced the iPhone 5s, for goodness sake! Plus it is on the iPhone section of the Apple web site. They have videos about the Touch ID feature up that include all of that information.
It was obvious immediately when I read the first Error 53 story what was going on: if you change the home button, it isn’t the same one that was paired with the security chip, so it will stop working.
This is not Apple punishing third party vendors or being underhanded. Even iFixIt, a site infamous (and very disliked by Apple Corporate) for putting up detailed instructions on how to fix things yourself without going to Apple says it makes sense that the phone’s operating system should try to detect tampering and react in some way to protect the users’ data. They don’t think completely disabling the phone is the best outcome, but admit that something along this line should happen.
I do agree with the suggestions some have made that what the phone should do is simply disable Apple Pay and the TouchID features when this mismatch is detected, rather than disable the whole phone.
To get back to that sample headline, here are the inaccuracies: Apple isn’t remotely bricking any phones. One of the events that will trigger the phone to do a self-diagnostic is upgrading the iOS software, which is why some of the phones aren’t getting the error right away. It’s all happening internally, not a remote command being issued by Apple. The error isn’t just happening when unauthorized dealers do the work. iFixIt reports a couple of cases of this happening after authorized dealers made the repair, and in some of those cases it was subsequently fixed by the authorized repair place re-doing the repair. There is a very clear and understandable security reason why the system should check for any tampering related to Touch ID in general (since most users use that to protect all their personal data on their phone), and Apple Pay in particular (since the user’s money and banking information are involved).
What would deserve outrage was if the iPhone didn’t do anything in these circumstances. Not the other way around.
But writing accurate headlines about Apple doesn’t generate the clicks.