Why Tens of Thousands of Perfectly Good, Donated iPhones Are Shredded Every Year

An anonymous reader quotes a report from Motherboard: Tens of thousands of perfectly usable iPhones are scrapped each year by electronics recyclers because of the iPhone's "activation lock," according to a new analysis paper published Thursday. Earlier this year, we published a lengthy feature about the iPhone's activation lock (also called iCloud lock informally), an anti-theft feature that prevents new accounts from logging into iOS without the original user's iCloud password. This means that stolen phones can't be used by the person who stole it without the original owner's iCloud password (this lock can also be remotely enabled using Find My iPhone.) The feature makes the iPhone a less valuable theft target, but it has had unintended consequences, as well. iCloud lock has led to the proliferation of an underground community of hackers who use phishing and other techniques to steal iCloud passwords from the original owner and unlock phones. It's also impacted the iPhone repair, refurbishing, and recycling industry, because phones that are legitimately obtained often still have iCloud enabled, making that phone useless except for parts.

Between 2015 and 2018, the Wireless Alliance, the recycling company in question, collected roughly 6 million cell phones in donation boxes it set up around the country. Of those, 333,519 of them were iPhones deemed by the company to be "reusable." And of those, 33,000 of them were iCloud locked and had to be stripped for parts and scrap metal. Last year, a quarter of all reusable iPhones it collected were activation locked. Allison Conwell, a coauthor of the CoPIRG report, told me in a phone call that the Wireless Alliance's findings show that many people donate their devices intending for them to be reused, but they're scrapped instead. In her paper, Conwell suggests that Apple should work with certified recyclers to unlock phones that have been legitimately donated (a survey of random devices conducted by the Wireless Alliance found that more than 90 percent of them had not been reported lost or stolen.) The paper suggests that Apple could either unlock phones that have not been reported lost or stolen for 30 days, or affirmatively ask users whether they had donated their previous phone and unlock it that way.

Re:Apple doesn't care

[dissy]

Apple refuses to unlock them even though they belong to the company. I'm surprised they are allowed to get away with this in a corporate environment

Er, if they are company owned, why are they not linked to the company Apple ID?

What you describe isn't company owned phones, but the company handing out money for employees to purchase employee owned phones.

For our company all iOS and Android devices the company purchases are delivered directly to IT (me) and the first things I do to iPhones/iPads are link it to our company apple ID followed by enrolling it to the corporate MDM. Only after that are they issued to employees.

Apple even has an "enterprise" setup where phones come pre-linked to an MDM/AppleID from the factory. Then they can ship them straight to the end user, and the new device shows up in the MDM inventory for provisioning before it is delivered.

Unfortunately the "enterprise" setup has a per-device / per-month fee to use it.
But the normal way of provisioning doesn't have any such fee, the only real costs are related to the devices coming through IT first.

Re:Apple doesn't care

[93+Escort+Wagon]

We have hundreds of iPhones returned by former employees that are unusable because of this. Apple refuses to unlock them even though they belong to the company.

Sounds like the company needs to learn how to properly deploy corporate-managed iPhones.

That's just 3 cubic meters of waste

[GlobalEcho]

The number of iPhones discarded due to this problem, 33,000, works out to 3.1 cubic meters of waste (assuming they are all modern size).

There may be a fair bit of value there, with exotic elements and whatnot, but it's hardly an environmental disaster. It's way less waste volume than you would get from, say, demolishing a Blockbuster Video store and replacing it with a Mattress Firm.

Re:Factory reset before donation?

[GrandCow]

An iCloud lock associates the serial number of an iPhone to an iCloud account.

No matter which way you erase the device, as soon as the device connects to the internet (this cannot be skipped, either through cellular, wifi, or wired to a computer), the first thing that happens is the device connects to the Apple servers and sends the serial number and checks if it's locked or not.

There are videos showing iCloud lock removals by reprogramming the chips that have the serial to a different number, but that involves completely disassembling the device and desoldering a specific chip from the logic board, then reprogramming it with a very specific piece of hardware. I'm not sure if that still works, the last video I saw of it was an iPhone 6S from years ago.

Re:Samsung phones have a similar feature

[swillden]

Do a factory reset and you have to log into the original owners samsung account

Not just Samsung... all Android phones. Though usually it's your Google account, not your Samsung account, that you need to authenticate to prove ownership after a factory reset. (In fact, even Samsung says it's your Google account; so I think maybe you're confused about that.)

This feature, called Factory Reset Protection (FRP) by the Android team, was implemented in both iOS and Android 4-5 years ago,, to comply with a California state law that mandated it. For Android, it was launched in May 2016, in Android 5.1. Although it is only legally required for devices sold in California (AFAIK), it's generally a very good idea. Device theft was rapidly ballooning into a huge problem, but thanks to FRP has ceased to be a significant issue. If you set a password on your phone, thieves get no value from it.

However, there's no reason that FRP-locked devices have to be destroyed. At least in the Android world, device makers install keys on the devices which can be used to bypass FRP. These keys are only accessible to authorized refurbishing centers, of course, because if they leak to phone thieves then the purpose of the feature is defeated.

I'd hesitate to say this burden is on Apple

[carlhaagen]

The function serves its purpose in terms of reducing theft of people's property. The problem is that people don't know that they need to unregister their iPhone from their iCloud account before they sell the phone. Really, that's all you have to do - log in on your iCloud account and remove the device from there, and it's no longer tied to your account and can be repurposed by someone else and their iCloud account without any hassle.

Re:Factory reset before donation?

[carlhaagen]

Any eventual lock the owner has enabled is removed and deleted in entirety when they unregister the device from their iCloud account. That's all you have to do to prevent this problem when giving/selling the phone to someone. Nothing more. It's that simple.