The issues described (apps using edge cases to bypass permissions) is in theory an issues all OS’ will always suffer from, not necessarily because there not focused on privacy but because bugs exist.
On the privacy side its self as a whole, Androids issue is Googles primary product, which is your data. There’s no getting around that problem by the very nature of Google its self. Google and Apple have two similar mobile products but their core product is different.
You could see it in Google chat attempt with Allo. It was partially marketed as privacy respecting “incognito chat” and all that, however it was privacy focused in so much as all you r messages were sent to google for analysis for their chat bot. In comparisons to iMessage, messages can be stored on iCloud but that can be turned off with messages never being stored anywhere but your device, facetime not even having the option to store calls in the first place.
The approach that Apple and Google take for similar systems are slightly different, and id argue that Apples approach strikes a better balance between keeping your data on device and sending data to their systems than Googles approach of simple sending almost all data to Google.
To not go completely off track though, Apple will have issues like this in the future as well without much doubt. But it does show an interesting consideration, you might be happy with your OS, but what you install on it can sometimes have a bigger impact than it appears.
For how they track these issues specifically, i’m not sure. But for their privacy focused permissions options in general, the new bluetooth improvements i think are actually reasonably decent.
I mentioend it slightly in the iOS beta thread iOS 13 and iPadOS beta. Is anyone running it?
You get something like this which seems to me at least to have got the right balance of information to make an informed decision.
