this post was submitted on 30 Jul 2023
150 points (95.2% liked)

Apple

17529 readers
34 users here now

Welcome

to the largest Apple community on Lemmy. This is the place where we talk about everything Apple, from iOS to the exciting upcoming Apple Vision Pro. Feel free to join the discussion!

Rules:
  1. No NSFW Content
  2. No Hate Speech or Personal Attacks
  3. No Ads / Spamming
    Self promotion is only allowed in the pinned monthly thread

Lemmy Code of Conduct

Communities of Interest:

Apple Hardware
Apple TV
Apple Watch
iPad
iPhone
Mac
Vintage Apple

Apple Software
iOS
iPadOS
macOS
tvOS
watchOS
Shortcuts
Xcode

Community banner courtesy of u/Antsomnia.

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] CharlestonChewbacca@lemmy.world 7 points 1 year ago (1 children)

As someone who works in Cybersecurity, I read a lot of security reports. I haven't seen an iPhone be the most private/secure phone in about half a decade.

[–] dpkonofa@lemmy.world 5 points 1 year ago (1 children)

It doesn’t have to be the most secure. It just has to be secure for the majority of use cases.

[–] CharlestonChewbacca@lemmy.world 0 points 1 year ago (1 children)

Sure. I'm just saying it's not an advantage of iOS.

[–] jemorgan@lemm.ee 2 points 1 year ago (1 children)

You’re acting like you don’t realize that there is a difference between end user privacy, and security from targeted attacks.

I don’t really care how hard it would be for a motivated attacker to target me and breach the security of my device.

I do really care about how hard it is for every website on earth to know intimate, personal details about my life.

iOS is the only sane choice.

[–] CharlestonChewbacca@lemmy.world -1 points 1 year ago (1 children)

No. I'm very aware.

Android gives you full control over the permissions given to apps just like iOS does.

And since you can download additional browsers and browser plugins that aren't just repackaged Safari, you can have a lot more control over your Internet privacy if you want it.

[–] jemorgan@lemm.ee 4 points 1 year ago (1 children)

Google’s entire profit model is offering software for free so that they can gather data and sell ads.

Granular app permissions are a start, but barely. Cross-app tracking is a bigger deal, and Apple is miles ahead of Google there; and Google is never going to catch up, because it would destroy their revenue search.

I’ve used both platforms extensively, I actually love Android. Google assistant is so much better than Siri that it’s obnoxious, custom roms are a ton of fun, having a way to get root access on a device is so important it should be legally required.

But, if you think that a company that exists to build an advertising profile and sell ads will ever produce a device that meaningfully blocks the ability to build an advertising profile, I’ve got a bridge to sell you.

[–] CharlestonChewbacca@lemmy.world 0 points 1 year ago (1 children)

Google restricts Cross app tracking and you can entirely disable the ad profile.

They will continue to make money off of the users who don't care, while capturing more market from those who do.

[–] jemorgan@lemm.ee 0 points 1 year ago (1 children)

I’m talking about blocking cross app tracking, not “restricting” it. Still, Google does not even restrict cross app tracking. They’ve announced a planned muli-year (their words) initiative to restrict cross app tracking- but, importantly, they’ve very clearly expressed that they’re going to work with advertisers to make sure that what they plan isn’t too disruptive. Which should be obvious anyway, because advertisers are literally their only real paying customers.

All that Google is interested in doing is finding the absolute minimum that they can do to give the illusion that they care about privacy, all without having to do anything that meaningfully protects user data. And only after Apple makes a huge change that devours even more of Google’s market share.

If you’re thinking about the current feature in android that allows users to “disable” cross app tracking, it actually doesn’t. It just disable Google’s advertising ID, but still let’s any app who wants to fingerprint your device using IP address and device serial.

[–] CharlestonChewbacca@lemmy.world 0 points 1 year ago (1 children)

No. What they've done is made a local Ad ID that can be used locally on your device without interacting with another app. But you can disable it.

Plus, on Android you can literally completely sandbox apps: https://www.gtricks.com/android/how-to-sandbox-android-apps-for-privacy/

Or use a VPN if you're worried about IP/Device tracking.

[–] jemorgan@lemm.ee 1 points 1 year ago (1 children)

No. Sandboxed apps only prevent some fingerprinting, but notably provides a ‘reasonable budget’ for data that can be gathered.

What you said about the advertising ID is true and is basically what I said, but disabling the advertising ID does not stop profiling or fingerprinting, just limits the most obvious applications of it.

Using a VPN is a start, but we’re comparing the privacy of Android and iOS. You can use a VPN on both. iOS includes an opt-in pseudo-vpn baked into the OS with private relay, for $0.99 per month. And besides, using a VPN does nothing to block the the fingerprinting done by native apps.

Are you sure you work in security? Like, mall security?

[–] CharlestonChewbacca@lemmy.world 1 points 1 year ago (1 children)

No. Sandboxed apps only prevent some fingerprinting, but notably provides a ‘reasonable budget’ for data that can be gathered.

Sandboxes absolutely prevent all cross-app tracking. The app doesn't have access to anything outside the sandbox.

What you said about the advertising ID is true and is basically what I said, but disabling the advertising ID does not stop profiling or fingerprinting, just limits the most obvious applications of it.

What useful tracking do you think is still happening when you take these precautions?

Using a VPN is a start, but we’re comparing the privacy of Android and iOS. You can use a VPN on both. iOS includes an opt-in pseudo-vpn baked into the OS with private relay, for $0.99 per month. And besides, using a VPN does nothing to block the the fingerprinting done by native apps.

So then what difference does it make? You can use whatever VPN you want.

Are you sure you work in security? Like, mall security?

Yes. Stick to the topic. The ad-hominem is just childish.

[–] jemorgan@lemm.ee 0 points 1 year ago

Android app sideloading utilized something called a “privacy budget,” where the system does give sandboxed apps access to “limited” device data. The idea is that Google “doesn’t want to break the app functionality,” so Android provides details about the device as long as the app isn’t requesting “too much.”

Of course it’s possible to to completely sandbox an app without breaking it, but, again, Google is an adtech company and providing their customers with users that they can target with ads is literally their only goal.

I stopped reading your reply after your first paragraph because you’ve established a very predictable pattern of having no idea what you’re talking about.