Apple Genius Caught Stealing Sensitive Photos, Despite Claims that Independent Repair Is Risky

The storefront of the Apple Store in Bakersfield, California.

Manufacturers would love for you to think that independent repair is risky. That by giving your phone to a stranger, you’re giving them full access to the private, personal information contained within. But as Gloria Fuentes learned firsthand, that information is not safe with Apple Store employees, either.

After bringing her phone into the Genius Bar at the Bakersfield Apple Store, Fuentes found that an Apple employee had used her phone to text himself an intimate photo from her gallery, she wrote on Facebook.

Apple says they fired the employee in question, but as the Washington Post notes, this is far from the first time this has happened. Another woman had the same thing happen at an authorized Verizon retail store mere weeks ago, and in 2016 an Australian Apple store found that multiple Apple employees were taking photos of customers and stealing photos from their phones.

These incidents aren’t an indictment of every single employee at Apple, Verizon, and other large companies, of course. They’re the actions of individual people, who can be “fallible and occasionally evil.” But the manufacturers use privacy as a lynchpin in their lobbying against right to repair. In a radio interview last year, Earl Crane of the Security Innovation Center said that the organization opposed right to repair because “We want to be able to provide security and have accountability for the security that an organization needs to provide.” Other representatives of the anti-repair group, who we believe is indirectly funded by Apple, have said similar things in the past, claiming that independent repair can compromise security and privacy.

I’d like to see them explain that to Gloria Fuentes.

The only hands you can truly trust are your own. As Crane himself said in that same radio interview: “If you ask any cybersecurity professional, if I can get my hands on the device, I have a much higher likelihood and a strong advantage in compromising the integrity of that device.” That goes for everyone, not just independent shops, and any other cybersecurity expert would tell you the same thing. It’s the principle behind open-source software (if anyone can examine the code, anyone can point out security issues), end-to-end encryption (if only you hold the key, not even the company can read your data), and the right to repair. If you can repair your own device at home, why risk giving it to someone you don’t know?

That’s not to say you shouldn’t get your phone repaired at Apple, or an independent shop (who, by the way, can perform repairs manufacturers like Apple will refuse outright.) But manufacturer-run shops, who are trying to stymie those independent businesses, are no more or less trustworthy than anyone else. They’re run by people: regular, fallible, people.

If you do take your device to someone else for a repair—whether it’s a shop run by the manufacturer or it’s a local mom-and-pop business—back up and wipe your phone before handing it over. Or, at the very least, avoid giving them your passcode. But if you truly trust no one, your best bet is replace that battery yourself. It’s easier than you think, not to mention cheaper. If the only hands that touch your device are your own, you can be much more secure in the knowledge that no one’s tampered with your private data.