Apple Enables ‘2FA’ Security on Devices Without Users’ Consent, Says Complaint
Millions of iPhone and MacBook owners “continue to suffer harm” through Apple’s “coercive policies” of requiring “two-factor authentication” cybersecurity protections on their devices, alleged a complaint (in Pacer) seeking class-action status. Once 2FA is enabled on a device either by default or during a software update, Apple requires owners to access their accounts through a laborious “extraneous logging in procedure” that locks them out of their devices after 14 days if they don’t comply, said the complaint Friday in U.S. District Court in San Jose. Apple “does not get user consent” to enable 2FA, a feature that interferes with consumers’ everyday use of their personal devices, in violation of the 1984 Computer Fraud and Abuse Act and other statutes, it said. “When a consumer purchases an Apple device, the purchased Apple device becomes the personal property of the consumer. Apple no longer has any ownership or property rights to the Apple devices after sale.” Yet when the company enables 2FA on “owned devices,” it makes them “inaccessible for intermittent periods of time,” said the complaint. It seeks money damages and an order barring Apple from enabling 2FA without customers’ permission. The tech provider didn’t comment Monday.