Anyone who has taken out Apple’s AppleCare+ device insurance or who pays for a repair privately can still get replacement devices for various types of iPhone defects. This can also be refurbished hardware – even if this is very controversial among buyers (including legally). The iPhones issued are usually well-functioning products that Apple has previously put through their paces. However, there are rare cases in which the use of refurbished hardware can also have problematic consequences for the use of software, as is now the case. Irish developer Finn Voorhees reports.
Advertisement
If the “new” device is locked
As an AppleCare member, he had dropped his iPhone down a concrete staircase. The damage – broken rear glass and broken volume button – was to be repaired by an authorized repair service provider (ASP). However, for the price of 99 euros, he was given a “brand new replacement iPhone” because there were still scratches on the front. Voorhees was initially happy with the device. But after a restore and logging into all of his accounts, a problem suddenly arose: the Snapchat app would no longer let him in. Only the error message “SS06: Device Banned” appeared. “That surprised me after I had no problems with another device.”
As it turns out, SS06 means that Snapchat’s parent company Snap Inc. has banned the device due to abuse or repeated violations of Snapchat’s community guidelines. In addition, the device can no longer be “unbanned” once it ends up on this list. As it turned out, Voorhees’ replacement device was a refurbished model that was already in circulation. The developer then called Apple, where he was told that the company had not encountered the problem before. “After about two hours on the phone and some back and forth, they offered to simply replace my phone. While there is a possibility that the new phone could have the same problem, I accepted the offer.”
The DeviceCheck framework was to blame
As it turns out, Snapchat uses a feature that Apple has been offering for several years: the Snapdragon feature that has been available since iOS 11 – and also on iPadOS, macOS, tvOS, visionOS and watchOS – DeviceCheck-FrameworkThis allows individual apps to set a total of two data bits that belong to the respective app and device – and are stored in Apple’s cloud, meaning they cannot be deleted by the user. This makes it possible to persistently identify a device. It is conceivable, for example, that a developer could use this to block devices for free trial periods that they have already completed – or even ban iPhones completely from a service.
Snapchat itself was unable and unwilling to help Voorhees. However, there is at least a way for Apple to fix the problem: The company controls the relevant server called “api.devicecheck.apple.com”. There, the company could reset all the relevant data bits on refurbished devices. “My conclusion from this whole process is an appeal to all app developers: only use DeviceCheck to check whether a request comes from an official Apple device. There is no reliable method to determine whether the same person is still using the phone,” explained Voorhees. Even worse: users themselves cannot currently determine whether their device is on such a “blacklist”.
(bsc)