> I can tell you for certain this is what they're trying to combat.
> There are ways to implement this without the need to do per-device pairing, but doing so in a secure way is quite difficult.
Is this based on first-hand knowledge? I'm skeptical on both fronts because I neither see any evidence this is what's being combatted, nor do I see the technical difficulty of being able to self-authorize your phone's parts to be used in repairs.
Sure it takes some engineering effort to get there, but I wouldn't expect it to be particularly challenging from a technical point of view. The phone is already linked to a user account, and the phone's parts are apparently already linked to the phone that's currently using them.
So, the technical challenge is related to managing the following things (all simultaneously):
* Apple wants to make sure components in an authentic phone are not capable of being stolen and resold (this is a problem today, even with the pairing, although it is less valuable due to pairing)
* Apple wants to make sure that if you change components, that the replacement component is authentic
* Apple wants to make sure that if you change components, that the replacement component is not stolen
I can't comment on specific implementations, but allowing users to just re-pair devices in the current state would not allow the above 3 goals to be met. By restricting who has access to the pairing tools, they can achieve those 3 with the downside being obviously it leads to a crappy user experience for repair.
If you send a permanent unlock code for parts being re-used in a repair, then that fully accomplishes 2 and 3 and almost entirely accomplishes 1. With no need to know anything about the host device.
And brand new parts could lock themselves to the first device they're put into.
It wouldn't be ideal for repair but it would be much better.
My point is that Apple currently does not appear to have tight control over the serial numbering or whatever on the external components (display, etc) in a truly secure way. If you let anyone re-pair devices, then that opens the floodgates to 3rd party vendors being able to make devices that appear as 'authentic' components, which does not accomplish #2.
As it stands today, you can already use any random components, you'll just get a pop-up telling you it can't be authenticated.
> There are ways to implement this without the need to do per-device pairing, but doing so in a secure way is quite difficult.
Is this based on first-hand knowledge? I'm skeptical on both fronts because I neither see any evidence this is what's being combatted, nor do I see the technical difficulty of being able to self-authorize your phone's parts to be used in repairs.
Sure it takes some engineering effort to get there, but I wouldn't expect it to be particularly challenging from a technical point of view. The phone is already linked to a user account, and the phone's parts are apparently already linked to the phone that's currently using them.