Are iPhones really THAT private?

Apple’s really been pushing the Privacy, it’s iPhone marketing to my parents recently and that has sparked some interesting discussion in our house.

We’re a completely Apple-free household with everyone running Android without the bloat (GitHub - 0x192/universal-android-debloater: Cross-platform GUI written in Rust using ADB to debloat non-rooted android devices. Improve your privacy, the security and battery life of your device.) and am very aware of the data Google and apps collect. I’ll probably use a custom ROM for myself when I get my first phone, but can’t apply that to my parents.

However, I’m also aware of Apple being notoriously closed source and anti-R2R, so I’m really suspicious of whatever they claim.

So, is an iPhone really that much more private? And what are the instances where they haven’t been?

2 Likes

Thanks for the link to the Universal Android Debloater GUI.

I switched to iPhone just a few weeks ago (been on Android only before).

My impression is that yes, iPhone respects your privacy a little bit more. At least it is more clear what is and isn’t going on. I feel more in control as a normal user. On Android I had to use some geeky techniques to stay ahead of google and samsung and their attempts to get my data.

But for sure, if you want real privacy you need to use something like

CalyxOS
https://calyxos.org/

or

Graphene OS

but it is very difficult to use these from the pov of regular users.

So… my personal view is that Android is terrible (unles you geek out all the stuff), IPhone is better while being user friendly and for people that need real privacy you have to go with custom ROM.

3 Likes

I would counter, though also speculatively, that iPhone is less private by way of being obscure and not atall auditable by the user. The entireity of iOS is a mystery to you and you just have to trust they are not doing anything worrying in the background, and its not like they can’t and are not already with the CSAM stuff coming out.

Android, while geeky, is at least partly open source to varying degress depending on which one you like most. So while out of the box not much better it is the possibility of user validated safety that is far more valuable compared to trust it is safe because you literally cant question otherwise.

Not that I make use of this but it is a thought that weighs in favour of android.

iPhone is “safer” as long as you just believe… Yeah… It amounts to that.

1 Like

No smartphone (rare exceptions) are private.
Does not matter who made the OS or how many hardware kill-switches it has.

The moment you provide some acceleration data, GPS, imagery or video to some App (or Website), you are profiled for profit.
That place you stay for 8 hours every night, probably your home. That car bluetooth you connect to for 35 minutes every morning and afternoon, probably your car. That office building with Medium Business Inc Wifi it automatically connects to, probably your employer.
You stopping near the lawn mower isle at BigSupermarket, probably interested in a new one of those, aren’t you?

“But I paid for it” → Yeah, so did John Deere owning Farmers, yet they own neither the machine nor the information the machine collects about the field it is working on.


What makes Apple Devices particularly interesting is the OS under the OS.
Their push towards making them irreparable one-shot devices has lead to a stage where the device knows all its parts and can make them do things without the “visible” OS being able to know about it. For your personal safety, off course!

4 Likes

I definitely agree, but I feel, even without apps, Apple is not completely private. I don’t think they collect no data, just that they are not obligated to tell anyone about it since no one can discover it anyway, unlike FOSS Android distributions or the AOSP.

But I wanted to know if we have evidence to back that or that all we can do is speculate…

Well, there is the EULA (which famously nobody reads anyway):
image
I think the iTunes EULA has the “Licensors may receive access to anonymized information”-clause. Since De-Anonymization has been shown to work perfectly in numerous talks, videos and blog-posts…

2 Likes

Thanks!

I mean is apple themselves saying they can and will search through all files on your devices not proof enough.

And no one is unhackable. Hypothetical: So apple start searching everything, sit back and let them collect and then bam you have yourself an even better database to hijack, not only with text info you give them and telemetry sent to them but now also file hashes and potentially the files themselves all in their storage…

Android has never claimed todo that or be working on it (though i am sure they are, wont someone please think of the children) for the meantime i have 100% control over my device with android if i set it up just so.

Asking about general privacy of a device without specifics or mitigating factors, just an out of the box device, they will all be variously vulnerable and should not be trusted if you are worried about sensitive data.

So apple, android, it dosent really matter. Its what yiu do with it after that which makes a difference, and with apple you are not the only user of your phone, they as a corporation of thousands have access to your phone unannounced and with no need to tell you they are doing anything.

1 Like

Watch a number of “the hated one” visa on youtube. * disclaimer could lead to serious depression, you have been warned. TLDR- nothing is ‘more’ private than the other, just lots of marketing and smart legal speak to sway the sheep to one brand or the other.

This is a cool question because it gets into some deep nuances. I’m no authority, I have not packet traced, mapped, decrypted etc to see what gets sent to where. Just from tech enthusiasm I can regurgitate an opinion. “choose your type of privacy”.

I have the feeling apple is only private in that they have figured out data is the new oil (taken from the literal URL). They will eventually become a data broker themselves, having learned why let others do that via our devices when we have such control of our devices? So maybe more private in that Apple will be more discerning/expensive as to who gets to buy that data.

hackability. They (apple) like to say they are more secure. From marketing it would seem they are for normies, and for advanced users Android can be made more secure and for high value targets, you are pwned regardless, just embrace it. It gets kind of annoying the tick-for-tat bank malware that is just for android, then there is one for iOS, then there is a critical zero day for one, then a week later, the other.

As a listener of the Privacy, security and OSINT podcast the owner/speaker has bounced around- I believe he went android, then apple, then back to android- For sure the last two steps have happened. He has dabbled with CalyxOS and Graphene OS and has the pros/cons in his podcast. Also in his podcast is the common sense usage cause one ROM or another isn’t just a blanket “more private”. As @MazeFrame points out, if you are leaving services on, hitting low power BT as you walk around, wifi hitting APs etc you can somewhat defeat the purpose. Yeah a ROM can cut off all google APIs so that data isn’t being sent to google directly, but there is such great effort into big data analytics that the APs and low power BTs that got your MAC, UID etc are still forwarding to big data platforms and figuring out who you are, where you went, what you were likely doing etc. All this data gets put into the open market and aggregated by even bigger companies.

Honestly I feel privacy is dead- regardless of platform you use. Unless you are willing to go pretty extreme and hire services from people like that podcast I mentioned, and then also getting a plan and policy in place from them… AND willing to stay informed and keep up with the ever changing climate and tech.

2 Likes

Was found dead in the middle of the town square, murdered in bright daylight. Yet nobody saw a thing.

3 Likes

Dang… pretty much.

For me OP, I’d pick phone off of all things other than privacy, seeing how dead it is. Ease of use, security update support, integration with your other tech, perceived quality etc.

For example I am seriously deliberating going Apple just for the better backups. While on travel my OP6 developed the weirdest screen lock bug (peggasus installed? lol) and I had to do a factory reset… WHILE on travel. Google’s “Cloud” is a joke. I lost all my texts, all my apps had to be signed into again, and I was TOTALLY FU&KED with my 2FA solution (google Authenticator) so some stuff was just offline for me until I got home. Important text coms just gone- places, dates etc I needed.

Yeah, now I know there are lots of self hosted solutions, hacks, ROMs, paid apps etc to remedy most of what I ran into, but with Apple… well, #justworks. From what I understand the iphone would have reset, then re-installed all apps (my OP6 did this) but THEN also all the keys, cached data etc used so that you do not have to re-input user account data + all messages would still be there.

Privacy is zero influence on the decision, to me they are both just as much compromised and I am no longer into ROMs, self hosting images, complicated backup setups that don’t age well etc.

All that said I just can’t pull the trigger on Apple lol. So yeah, being the contrarian I am, I’m self hosting a Vaultwarden instance and an awesome user here opened my eyes to Aegis- so now my 2FA is safely redundant (no SMS as part of recovery) between two Aegis instances, a backup file and also 2FA info in vaultwarden. But kinda sad this is all necessary.

1 Like

Ya the only real solution (which isn’t currently a viable option) will be Linux phones.

You can have an open source base, but that doesn’t really mean much when it comes to privacy. The advantage there is that some people are able to hack together a solution that like 0.001% of smartphone users are willing to deal with (and I’m not one of them). With iPhone, you can’t really do that at all.

I like that Apple is marketing privacy just because it at least puts it in the average consumer’s mind. But last I checked Apple isn’t a zero-knowledge company. Which means while they may not be as bad as Google, you still can’t count on Apple products for truly sensitive material.

2 Likes

OMG, I was following the linux phone thread here heavily. Also so stoked some vendors have physical dip switches.

But yeah, looks like a crawl.

My next phone is probably going to be hella mainstream- be it iPhone, Samsung or Moto. The latter two are known for pretty long security update support now. Samsung tries to fill holes Google misses, Moto seems to be the best bang for buck Android out there and I love their OEM ROMs AOSP’ness.

2 Likes

Budget Samsung sucks in my experience. Heck, the M-Series reinstalls bloatware with every update.

Motorola is much more sensible in the States, and Xiaomi is the way to go in India (in my experience) after the obligatory bloat removal.

2 Likes

yeah budget Android in general sucks. Reminds me of those old x86 notebooks they would sell that brand new out of the box couldn’t run windows. They were worthless on day one, not even needing some bloat over time to become un-usable. That is how I see a lot of budget android phones from all the makers. From my experience and research, the only exception is Moto.

So I will either be getting a flagship, or a mid to high range Moto. TBD, will drive the wheels off this OP6 as long as I can.

iPhone privacy largely depends on your country. Where your iCloud account resides, so does Apple’s fealty. You could be reasonably protected in the US and EU but I’ve noticed that the Philippine iCloud server resides in China so we do not have actual protections like you do, especially when it comes to iCloud. From what we know, if a server resides in China, all the data will be siphoned, tracked and cataloged by the CCP.

Like what @urza and others say, Graphene, Calyx and Divest OS are the better ones for Android. All the rest has no privacy in mind. You could do the debloat thing and get you 90% of the privacy protections but it is still not all the way.

2 Likes

Does the debloat adb script 0 out the IP ofr all the google domains? I have them all in both android firewall, blocking yhe apps connection and in local dns filter.

There are a thousand ways in which your smartphone (on either platform) betrays your right to privacy. It’s up to you to decide which ones offend your sensibilities and values worse.

The privacy-related things I care about a lot that I can come up with off the top of my head:

  • Granular permissions that allow me to prevent apps from tracking my location and other things. iOS has always been great at this and has only gotten better. Android has gotten better but every review I’ve seen of apps and their permissions track record has been terrible.
  • Protection from law enforcement: Apple will not comply with geofence warrants but Google does.
  • Right to consume whatever content I want: both platforms suck here. Yes I consider disallowing adult content (or whatever the fuck they deem not cool) to be privacy disrespecting.
  • Right to have my private space not be invaded by advertising: both platforms get a huge F here. Apple doesn’t enforce their own guidelines on notification spam and are themselves a bad offender.

So yeah, I trust Apple to be a little better here but would ditch them for something even better in a heartbeat.

2 Likes