Privacy/security when sending MacBook in for repair?

My 2.75 year old M1 MacBook Air suddenly developed a defective display and I’ll be sending it to Apple for repair (currently using a vintage Cinema Display plugged into one of the Thunderbolt ports to write this!).

I’m now puzzling over how to reasonably protect my privacy and security, short of wiping the ssd. I could do that if needed–I have a rotating set of 2 separate backup systems used weekly–but somehow that seems overkill.

I’m thinking of protecting my primary account with a more robust password, and then leaving a secondary account with no data, set to automatic login so the tech can easily boot up and see the problem.

I don’t use FileVault currently. Again, I could, but it too seems like overkill.

Appreciate your thoughts & recommendations. A bit frustrating as of course it came with a 2 year warranty, but this is only the 2nd Apple laptop out of 5 that has needed repair–the others have been problem free.

From Apple’s official instructions:

“If you’re concerned about the security of your data during service, either turn on FileVault or remove your data, such as by erasing all content and settings.”

I don’t think there are any other convenient options for recent Macs, but yeah, you could do something like enabling a Guest account.

Why would Filevault be overkill? It’s a good added layer of security (especially for a laptop) that doesn’t degrade performance on modern macs and isn’t intrusive in use. The only thing I’ve found that can be mildly annoying with filevault turned on is if you have a mac as a server, which won’t be able to boot automatically after a restart or a power failure with some extra hassle if it’s headless.

The Guest account is not terribly useful. While I am sure Apple has the master key to a few things, it is better to create a 2nd Administration enabled account for repairs/service.

I have a habit of taping client name and login password for the 2nd admin account (next to trackpad or side of case) on anything that goes to Apple so they have access and know who it is for at all times. This is also a place where you can indicate special notes like “do not upgrade macOS” or “do not reinstall macOS”.

And it goes with out saying to have a full backup.

I agree - create a temporary admin account and only give the Apple tech the login and password for that account. They won’t be able to see anything in your home folder if they log in that way but will be able to do all the system checks.
I recently did this for a Retina Macbook repair (unfortunately it turned out they no longer supply replacement batteries for this model).

I agree…one simply has to either trust Apple here or erase all content and settings after making at least 2 backups. No matter what you send it in for…the likelihood they’ll need an admin account to test the repair is 100%. I create a second admin as well and posy is near the trackpad…don’t need to worry about them upgrading since I’m always up to date and keep backups.

I think @gastropod is right, that is my plan now–to turn on FileVault before I hand it over. As @josehill pointed out this is (one of) Apple’s recommendation(s).

As for providing access to an admin account to successfully repair–I don’t think that’s needed at all. The rep. I spoke with told me as much, and nowhere in any of Apple’s instructions does it request that. It is required to turn off “Find My” on the laptop, in fact the repair order couldn’t be completed while on the phone with the Apple rep. until I turned it off.

I’ve had a rep turn off Find My so that I’d have to enter my AppleID password and then they turned it right back on again, before a “repair.” I later asked another rep why, and was told it was just to prove I knew my password!

(I say “repair” because my iPad 9 screen was cracked, and I was told they no longer replace those screens, just do return, credit, and replace. Ugh. $250 for a cracked screen.)

That’s the case for many laptop and desktop repairs, as well. The operating assumption at my company is that any machine we send to Apple for a repair will be replaced with a different unit, one of many reasons why we require FileVault encryption on our Macs.

Whatever choice you make, I fully agree with and endorse “at least 2 backups” before sending your loptop in. It may be unlikely you’d lose your stuff, but it’s not impossible.

I assume that’s because in the eventuality that they need to swap the motherboard, they want to be able to later refurbish it and then use it for another customer. If Find My isn’t disabled, they can’t do that.

That’s a new one for me.

If they have to swap the motherboard, then you will lose your stuff, because they won’t attempt to migrate anything to the new board.

One of the things that only became a real concern since soldered-down storage became a thing. Previously, they’d just be able to move your HDD or SSD to the new board.

I sent a MacBookPro in for what I thought was a simple repair (fix a TouchBar anomaly), and they ended up replacing the motherboard, so all data was lost.

So, the safest thing to do is to do a full backup using Time Machine or a clone tool such as SuperDuper or Carbon Copy Cloner and then fully reset your Mac and put a dummy ID on it. When you get it back, erase everything and restore it to its former state. This eliminates all security worries and creates an easy-to-follow workplace for getting things back when the Mac is returned or replaced.

This webpage suggests that having Find-my enabled could limit the diagnostics that can be performed:

When I’ve taken my Macs in for hardware service, they’ve always immediately booted into diagnostics mode for any service. They want to eliminate any possibility that your OS install could exacerbate the problem. (I seem to remember in the past, the stores had a special Net Boot server with diagnostic tools on it that they’d use.) I don’t think they’d ever need or want a local account.

All they need for that is for you to disable any firmware password as they specify in their “Get Ready” article.

Good backups, of course, are a good ideaeven if your Mac is in perfect health, and even more so when it’s in for invasive service.

Thanks to all that contributed! It’s on it’s way to Houston, TX.

I realize there’s a chance the same machine won’t return but I decided to play the odds and leave the data in place, protected by FileVault. While I do have 2 separate backups–one using CCC, one using QRecall, I’d rather not have to go through restoring from backup unnecessarily.

It has been an education attempting to understand how FileVault works in Apple silicon machines, along with the amazingly simple Erase All Contents and Settings (EACAS) option.

I’m now limping along on my vintage MacBook Pro (13-inch, Early 2011) that is still chugging, albeit never very far from a charging outlet…

…see you on the other side!

I have a M1 MBP ; because of the price of internal storage and my need (8TB), I have ax external storage.
For my data, this point resolves the main part of this concern.
I hope following other advices will completely solve the problem (administrator account,…)

Well, it’s back and (finally) working well, although not without a lot of time spent trying to be, well, stubborn–focussing on what I wanted and not what I should do…

Recieved the shipping box Friday morning, had it to FedEx that afternoon, it was received in Houston first thing Monday morning, repaired and back in my hands Tuesday before noon. Amazing service.

I lost my bet though. The drive had been EACAS’d and a fresh copy of Sonoma installed. I had been stubbornly sticking with Monterey because I use an antique piece of CAD software (not on this laptop) that nonetheless provides Postcript files which are viewable on the MB Air running Monterey. So, being the stubborn ol’ cuss that I am I promptly created a bootable Monterey install disk, erased the drive, installed Monterey and then installed my backup data…only took 6 hours being on an old slow spinning disk.

It looked OK at first glance, but the more I poked around the more problems I found. My Contacts app was hopelessly out of date, Calendar was linked to an old account that I haven’t used in years, and Wallet refused to let me add any cards due to “Apple Pay has been disabled because the security settings of this Mac were modified.” Wallet was the most bothersome. What the heck has changed?

Long story short, after hours on phone support with Apple, trying numerous attempts to solve this (safe mode, reinstall Monterey, turn off then on security updates, booting into Security Settings Utility, blah blah blah) I finally came to the conclusion that something must have been installed (firmware update?–heck, I even checked against Howard Oakley’s firmware database, seemed OK) by Sonoma that didn’t like being forced back to Monterey.

So, EACAS again, reinstalled Sonoma, let the 6 hour backup install, and whew, it’s like…a new laptop again. So far, everything is up to date, working the way it should. I figured out an incredibly easy workaround for Postcript files so Monterey isn’t necessary.

And darned if I don’t like Sonoma a lot more than I expected…

Anything worth sharing?

PS. Thanks for following up with the final result. It’s great to see people closing the loop with their stories.

It’s so simple (dumb) I’d almost not qualify it as a workaround…but here goes. The CAD software I’ve been using runs on an original Mac Mini with 10.4 Tiger. Those were the days, right!? My work flow had been to create the .ps file on the Mini and then open it using Preview on the MB Air, which led to my foolish “Monterey or die” stance.

I realized (while unable to sleep in the middle of the night) that once I generate the postscript file, I simply open it using Tiger’s version of Preview and save it there as a .pdf. Then export the .pdf file to the laptop…

That’s it.

I make a redundant backup.

I make an additional file backup of things I really don’t want to risk losing.

I remove some files with financial data.

I turn on File Vault.

I create a second Admin account.

I log off my account and log into the second Admin account.