Just because you want something doesn't mean that it's there. There is no reason, other than your supposition, that Apple can copy files from the encrypted sandbox of one machine to the encrypted sandbox of another, without the key being entered. In fact, it would negate the whole idea of an encrypted sandbox, wouldn't it?

As to market share, when you're dealing in billions of dollars annually and a fickle public, anything can destroy your market share and turn you into an also-ran.

No, it can't. Why do you think screen replacement is such a booming business? Because that's the only way to get back into your data - by using the SAME PHONE with the SAME KEY. Do you even have an iPhone? I dare you to turn that feature on, enter the PIN wrong 10 times, and take it to an Apple dealer (or anyone else) to recover your data. Let's see if they can help you.

All it "proves" is that someone found a bug in the software to exploit. Likely, they gained root access through a typical buffer overflow bug and were able to turn off (not reverse) the self-destruct feature (conjecture on my part). Your assertions all along have come from your own feelings, without evidence of any sort. Just "it has to be this way" or, "they must be doing it that way". Give us something that can be sensibly discussed, rather than idle conjecture.

(Conjecture is fine - until it is challenged (as it has been here by many). You can't continue to defend your points with yet more conjecture. It's time to provide at least a shred of evidence.)

Remember - this isn't the Linux world of free software. Apple is advertising a feature that millions of people are PAYING MONEY for. Apple would go bankrupt in an instant if someone discovered that this 'feature' was just smoke and mirrors.

I posted to point out a quality of Sundialsvcs' posting style that, on second though, has been pointed out many times. Carry on.

No, it doesn't "remove the encryption from the sandbox" to be able to copy off the sandbox file. There's no particular reason why you'd need to be able to decrypt the file, in order to copy it.

It's pretty obvious what they've done here: generated a nice, big, fat key and then encrypted that key with the passcode ... just like GPG, SSL, VPN, and so-forth can all do. This would indeed be a very secure arrangement, because only one passcode would decrypt the key and you'd know whether it did or not (without knowing which of 10,000 possible keys would do the trick). Easy, peasy.

Apple's software-update mechanism moves files on-and-off the phone all the time. I'm quite sure that they have a tool that can extract data from a mostly-dead phone; certainly one with a dead screen. (After all, that's what a USB connector is for.)

The key is not Apple's encryption mechanism, which I am sure is industry-standard, but "drop dead." I can't and won't believe that Apple doesn't have a tool that can snag that file and whisk it out of harm's way, along with every other file on the machine. Whether they care to acknowledge the existence of that tool to you, John Q. Public, is one thing. But when you're talking to an agency of the US Government who is pursuing a search warrant to try to solve a most-gruesome crime, that's quite another. Obviously, in the end, wiser heads did prevail.

There's nothing special about a phone. There's nothing remarkable in the fact that the phone has an "encrypted keychain." MacOS has it, Windows can have it, Linux KDE and Gnome all have it. What's different about this case, is not so much that a phone might have a "drop-dead feature," but that Apple at one point seemed to be ready to charge-off to Washington to ... what, protect their "right" to stymie the entire 4th Amendment (Part 2)? It's a phone, people, and as long as those phones can be dropped on the ground, there's gonna be a way to sell the customer a brand-new phone on the spot!

OK, we've clearly crossed the line into religion. I'm out of here.

Pretty obvious, in your 'fantasy world'.

The key is in hardware. Apple buys a chip from a 3rd party. Each one contains a unique key, which makes each phone unique. The key is not in writable memory - it is locked in silicon - silicon that has a command to destroy itself. The PIN/password only has the function to 'unlock' this key - make it readable - through another command to the same piece of silicon. That's why moving your encrypted data to another phone does not work - not matter how hard you argue the point.The PIN/password plays no role in encryption or decryption of the key or the data.

But, continue with your tirade, I'm out of here as well.