Apple told the paper that iPhone software checks whether any repairs were authorised by Apple.
A spokeswoman said: "When an iPhone is serviced by an unauthorised repair provider, faulty screens or other invalid components that affect the touch ID sensor could cause the check to fail if the pairing cannot be validated.
Not sure if the first sentence is what was communicated - or the writers understanding/interpretation of the second sentence (and/or others) - which alludes to what is actually being done/checked will couching it in terms to make it seem wider than it is. In other words I think they made a generalising statement on something that was already a generalising/mis-direction statement, but one that still contains the truth.
At least to my understanding of what actually triggers the 'Error 53' on update... the pertinent words I think are actually "the touch ID sensor could cause the check to fail if the pairing cannot be validated."
Basically it is fairly common practice for biometric ID 'smart' sensors (that actually store the ID info encrypted and internally) to be ignored by what they are connected to - if the UID or key they give to uniquely ID itself doesn't match what is stored in the device (i.e. the sensor and device get paired using unique data at manufacture). In this way the device knows the sensor wasn't swapped (potentially for one with the attacker's ID info already in it) and can be trusted. Some devices go further locking-down other access until the correct release procedure is used and/or the new sensor is paired to the device (usually to do so requires user having authenticated to it first).
In some setups the ID module also passes an encrypted key to the device when the sensor actually authenticates an ID; in others it passes unencrypted data in a few bytes; or simply sets an output line high/low.
So what the spokeswoman said was true, but in some places more than others. If it isn't the sensor that is paired to the device then it won't be verified. And faulty screens and other invalid components could affect that - mainly by the ID sensor being replaced (e.g. as part of the screen) with one not paired to the device. Usually the device manufacturer will have a procedure/tool/device to change that pairing for the purpose of repairs (though sometimes that means factory reset is needed). I am not sure that they are checking screen and/or digitizer for uniqueness yet.
In other words - as long as the ID smart sensor doesn't get replaced (i.e. remains paired with it's device) the Error 53 will probably not be triggered.
However it does bring up some questions about what Apple claim about why Error 53 does what it does and why they do it, and why it wasn't before...
A) Last first - why does the check that triggers Error 53 only appear, in reportedly, the latest versions of iOS (presumably iOS 9.x). Has the ID sensor previously not been being checked/validated as being the legitimate sensor for that device (i.e. no pairing check)? Does that mean previously an ID sensor with someone elses ID data in it could have been installed (and potentially unlock the device for them - that may not have been possible if a further device specific encrypted key was used to inform the device of a match).
B) On reboot/restart/turning-on - you must enter your PIN, even if your using the ID sensor for security (in preference to a PIN). Doing so reduces security as the attacker MUST use the PIN to unlock, at least, the first time after a power on - i.e. the attacker HAS to KNOW the PIN to do anything. The same PIN is used to authenticate PIN changes and also to change/delete/add ID data. An attacker isn't going to change a sensor to circumvent security when they can alter the data in the legitimate sensor for that device using some information they MUST have to get into the device anyway.
C) So Error 53 is simply preventing the use of devices (apparently forever) where the ID sensor has been changed - doing this is in line with common security practice for biometrics sensors, etc. except not being able to recover. But that isn't really enhancing security at all per sae in this case due to mandatory PIN entry - so most attackers know they will need the PIN in any case and can change/delete/add new ID data using it... therefore they wouldn't change sensor to 'get in' before the change, and definitely won't now being it will result in, apparently permanent, lockout of the device.
That being the case it would seem introducing the Error 53 trigger hasn't really increased the operational security of the device for the owner; and where it may lockout some stolen devices where the sensor was replaced (for whatever reason); it is likely to mostly effect owners who have had ID sensors changed during repairs not done by Apple.
The question is then: Was the last (e.g. stop non-Apple repairs) the intended effect all along? Or just a side-effect? Numerous people are claiming that was the actual intention - they might be right; or it may just be a misguided security improvement. If it was the actual intention - then Apple might be heading for a little trouble... basically due to rendering useless a piece of hardware that it does not have ownership of. As the software/firmware is licensed there isn't too much issue with it being changed/updated inc. disabling due to security reasons. However it could potentially lead to claims along the lines of 'not being fit for purpose' - i.e. it is no longer usable to do anything it was purchased for. Rather it would have been better just to cause the update/upgrade to fail and tell the user why.
