Apple's apps bypass firewalls like LittleSnitch and LuLu on macOS Big Sur

Apple seems to do all kinds of weird networking _stuff_. For instance, during wakeup, your T2 equipped Macbook will wait for a DNS response and then use said DNS response to synchronize time via NTP before letting the user use the keyboard. Probably checking timestamps on signatures for the keyboard firmware, or something stupid like that. This only happens if it happens to have a default route.

Similarly, all macOS machines will test a DHCP supplied default route before applying it by trying to reach something on the internet. So if you happen to have some firewall rules that block internet access, no default route will be applied until the internet check times out.

I won't share the other sentiments about the above, but is it really that hard to document these behaviors?

Apple touted the T2 chip as the bee's knees in security. Now, we have a vulnerability that cannot be defended against. However, Apple went all in on the security of this T2 chip so that you cannot replace the SSD (besides the method to manufacture). I appreciate the desire at making a device difficult for a bad actor to get to your data, but they epicly failed and ultimately only made an user-hostile device. Oh, and the laptops with these chips also had the world's worst keyboard. Absolute trash.

T2 is a nightmare for people who want to reinstall. I reinstalled a machine for someone and it was a mess of 2fa and other nonsense.

Yeah if you want to wipe a laptop, make sure you unlink your user account first. It's Apple's theft protection, same as with their phones. It'll want to see a successful login with the Apple ID.

This is the worst. So many people seem to forget their apple ID password but remember their screen unlock password. I saw a case recently where someone had an attacker get access to their apple account as well as everything else. I was able to do a fresh install of their windows laptop but I was unable to reset the persons iphone because the attacker had changed the apple id password.

I have also seen many android devices bricked by the same anti theft protections.

Yep we have a whole box full of perfectly good phones and that's just for one office :(

However Apple does unlock them if you can prove ownership. You need an invoice with serial number. It's a lot of hassle but it works. The reason for that box is that we didn't get serial numbers on the invoices for a long time :(

It's another one of those things that are supposedly for the benefit of the consumer but also really supports the company's bottom line by having to buy a new product. I'm always a bit dubious of their motives. I do see the benefit of such features. But they should have some kind of workaround for unlocking it. Such as a card with a QR code that you get with the phone and keep on file or something. Because theft isn't the only way you can get locked out. And since the fappening Apple is really difficult with resetting passwords, in some cases people just can't make it happen.

Android is even tougher but our local carrier can send them for repair to unblock them. Also, Samsung KME overrides the lock, which makes sense because it proves the device is company owned. I wish Apple DEP could do this too.