User profile for user: jimemti
jimemti Author
User level: Level 1
5 points

how much can apple csr see. Former reps post

Can they see what apps you have? This is ripe for fraud. I know they can see your recovery key bc they’ve asked me for it. Which doesn’t seem very secure to me or maybe it was a trick and they didn’t really need it?


anyone think the apple csr act really sketchy and do you get laughed at when you go into the Apple Store?

iPhone SE

Posted on Apr 25, 2025 5:54 PM

Reply
Question marked as ⚠️ Top-ranking reply
User profile for user: MrHoffman
MrHoffman
Community+ 2025
User level: Level 10
135,827 points

Posted on Apr 25, 2025 6:08 PM

The Recovery Key verification very likely uses a cryptographic one-way password hash function, meaning Apple has knowledge that a Recovery Key is established, and has stored a hash of the recovery key value, but has not stored the value itself. The verification process uses the provided key to verify that the same hash function products the same previously-stored hash.


More generally given your concerns, you will want to consider enabling Advanced Data Protection, if that feature is not already in use:


Advanced Data Protection for iCloud - Apple Support


View in context
3 replies
Sort By: 
Question marked as ⚠️ Top-ranking reply
User profile for user: MrHoffman
MrHoffman
Community+ 2025
User level: Level 10
135,827 points

Apr 25, 2025 6:08 PM in response to jimemti

The Recovery Key verification very likely uses a cryptographic one-way password hash function, meaning Apple has knowledge that a Recovery Key is established, and has stored a hash of the recovery key value, but has not stored the value itself. The verification process uses the provided key to verify that the same hash function products the same previously-stored hash.


More generally given your concerns, you will want to consider enabling Advanced Data Protection, if that feature is not already in use:


Advanced Data Protection for iCloud - Apple Support


Reply
User profile for user: MrHoffman
MrHoffman
Community+ 2025
User level: Level 10
135,827 points

Apr 25, 2025 7:19 PM in response to jimemti

jimemti wrote:

I think it defeats the purpose because the csr can see the recovery key and then enter the trusted phone number and key and then get a verification code sent to own number


Again, I doubt the rep can see the key. I doubt the key is even ever stored anywhere, other than by the end-user.


The rep might be able to see the saved hash of the key, but even that view is not necessary and I’d expect the hash verification process would be handled through an app interface.


It’s very rare for passwords to be stored in cleartext anymore. This absent some sort of proxy requirement that can’t be addressed otherwise, and there’s no need for a proxy or other delegation here.

Reply

how much can apple csr see. Former reps post

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up