If a repair shops wipes someone's phone they'll be pissed, but they aren't going to throw out the phone. As soon as they get back that phone they'll reinstall all their apps and log back into all their accounts and any malicious firmware added by that repair shop will wreak havoc.
I 100% agree that we should have ways of getting rid of these warnings on our own devices, but this isn't a simple problem.
> If a repair shops wipes someone's phone they'll be pissed, but they aren't going to throw out the phone. As soon as they get back that phone they'll reinstall all their apps [...]
This depends on whether consumers are made aware that a repair shop that "accidentally" wipes your phone might be trying to steal your bank account etc.
While education is difficult, the consumer has an advantage in this scenario because the event itself is impossible to miss and very disruptive and could lead them to start searching on the internet for advice.
Apple frequently tells customers that their data would be wiped if they send their devices in for repair, I don't see why customers would challenge a repair shops assertion - it doesn't seem implausible either!
I guess the lesson is/would-be less "all resets are signs of nefarious intent" and more like "if seems reset, always reset it again yourself to be safe."
Depends on what "wipe the phone" means. That could involve clobbering early-stage bootloaders and firmware on daughter microcontrollers - the kinds of things that can only be replaced through JTAG and a good bit of tribal knowledge. It doesn't stop the most sophisticated attackers, but it certainly would disincentivize a large-scale attack of this variety, especially when you consider the wild variations that exist between Android phones at a hardware level.
I 100% agree that we should have ways of getting rid of these warnings on our own devices, but this isn't a simple problem.