[HN Gopher] Are iPhones Better for Privacy? Comparative Study of...
___________________________________________________________________
Are iPhones Better for Privacy? Comparative Study of iOS and
Android Apps
Author : zdw
Score : 126 points
Date : 2021-10-10 15:49 UTC (7 hours ago)
(HTM) web link (arxiv.org)
(TXT) w3m dump (arxiv.org)
| zsmi wrote:
| I think this study is quite good but it does come with one
| important caveat:
|
| From page 5, "This is before the introduction of Apple's new opt-
| in mechanism for tracking in 2021. Our dataset therefore reflects
| privacy in the app ecosystem shortly before this policy change."
|
| Personally, I would prefer to see the difference between apps
| monetized by customers paying directly and apps monetized by
| advertising. I take for granted advertiser will track, and I
| assume paid apps track less but I wonder if that's actually true
| in practice. It very well might not be.
| K0nserv wrote:
| I analysed[0] this early in 2021 based on the self repeated
| "nutrition labels" that Apple started requiring. There's
| definitely a strong correlation between and collects
| significant data.
|
| 0: https://hugotunius.se/2021/01/03/an-analysis-of-privacy-
| on-t...
| molsio wrote:
| https://www.imore.com/apples-anti-tracking-iphone-feature-fu...
| KoftaBob wrote:
| This article shows a fundamental misunderstanding of the
| functionality of "App Tracking Transparency", and I will
| admit the text "ask app not to track" is confusing.
|
| ATT, when a user selects "no", blocks the app from accessing
| your device ID. This makes it so that even though the app can
| still track what you do in their app, they can't connect that
| to the data collected from other apps through your device ID,
| and therefore build a profile of you as a person.
| zsmi wrote:
| Thanks for pointing me to that. It's hard not to agree with
| the Transparency Matters conclusion but the 13% drop in
| Tracking Attempts is worth calling out so I'm glad the Oxford
| researchers did it.
|
| This is not my field but one thing that I don't get when
| looking over the Transparency Matters report [1] is why do
| some apps have 9 trackers and others have 300 requests? Are
| they really so different? And are they able to get
| information that Starbucks didn't with only 3 trackers and 21
| requests?
|
| I guess in the end the magnitudes aren't so important but I
| found the large differences pretty amazing. If nothing else I
| would think they might want to reduce the amount of data they
| need to retain, reducing their costs. It seems like there has
| to be diminishing returns there.
|
| It also shows how much data Google has as they show up on 8
| of the 10 apps tracker lists and one can only assume they
| keep a copy of all that as well.
|
| So perhaps the iOS/Andriod comparison is meaningless anyway
| as Google knows all about you either way.
|
| [1] https://blog.lockdownprivacy.com/2021/09/22/study-
| effectiven...
| rasengan wrote:
| I don't think a smart phone in your pocket all day with a GPS and
| microphone that you use as a central hub for all your
| communications, notes, research and appointments and so forth,
| can really be considered for its privacy - and it appears thru
| researching apps on these smartphones the authors have the same
| conclusion.
| kadoban wrote:
| Of course they can, the paper just did.
|
| Security (which privacy is one subset of) is not binary. Just
| because it can never be perfect does not mean that it's all
| equal.
| rasengan wrote:
| Privacy is absolutely binary and taking a hardline approach
| is absolutely the proper way to protect your privacy.
|
| You either actively choose to share information (1) or you
| don't (0). The article compares who is sharing what to who --
| sharing info is sharing, period.
|
| A smartphone with all the bells and whistles in 2021 is not
| private. I stand by my statement, hardline.
| kadoban wrote:
| Alright, lets probe this absolutism then.
|
| Is there a privacy difference between telling your oldest,
| closest friend a secret and telling the office gossip?
|
| Is there a difference between writing a secret in your
| encrypted electronic journal and posting it to facebook?
|
| The issue with privacy absolutism is that it's essentially
| impossible to do it perfectly, so any tiny theoretical
| breech means you should pretty much just give up and tell
| the world, right? Or maybe there's more shades of gray than
| that and we can go ahead and evaluate the privacy
| implications of different activities with some more nuance.
| zsmi wrote:
| You really need to give context in these types of arguments
| or people start arguing past each other.
|
| Important details include: who are we trying to hide
| information from? and what are we trying to avoid sharing?
|
| "Information" is just way too generic. It's possible to
| draw some conclusions from even the absence of a signal.
| nom wrote:
| I respect your hardline approach but for most people it's a
| rather soft thing. I want to be able to choose WHO i share
| my information with and under what conditions.
|
| You can argue that once information is shared it's up for
| grabs by anyone but i argue that this is simply not true,
| it just feels like that it is.
|
| We could do so much better and we should never forget that.
| rasengan wrote:
| Because security is non-binary - once you share your
| information, it is up for grabs.
| throwawayboise wrote:
| > You can argue that once information is shared it's up
| for grabs by anyone but i argue that this is simply not
| true
|
| I think it is true. The old saying is that once you tell
| someone a secret, it's no longer a secret.
|
| The ecosystem around mobile devices is just such that
| real privacy is impossible. That's not unlike many other
| things; pretty much any form of communication has this
| feature to one degree or another. There are just so many
| third parties and intermediaries involved in mobile
| platforms that's it's particularly bad.
| ajvs wrote:
| It's a poor proxy measure of mobile OS privacy comparing
| thousands of apps of the default app stores. It totally ignores
| the effect of Android device brand on privacy, and choice of ROM
| and non-default app stores being used.
|
| If this was more conservatively titled "who has the worst default
| app store" that'd be far more accurate.
| imchillyb wrote:
| Look how we selectively choose information and how that is bad
| for consumers!
|
| iOS 14 released anti-tracking features in April of 2021. This
| article is released at the end of september, almost october, of
| 2021.
|
| Yet, the authors choose to specifically use a version of iOS that
| was prior to these changes.
|
| This is proof enough for me that the authors purposely skewed the
| data. This skewed data does not reflect reality, and so the data
| from this study is not data.
|
| I hope the rest of this community is savvy enough to realize this
| article is attempting to dupe the readers into a false
| conclusion.
| smoldesu wrote:
| Yeah, the data is totally skewed! They didn't even include
| Android 12 which just hit AOSP beta last week!
| simion314 wrote:
| Or maybe the date of the publication does not imply that the
| data and the work was done exactly in the week before,
| sometimes a study might take more work then a blog post.
| prepend wrote:
| There's enough time between April and publication of this
| preprint that they should have addressed it.
|
| Also, this is a preprint, so maybe they do expand on the
| final pub.
| viktorcode wrote:
| it is somewhat irrelevant. Privacy conscious users could
| disable that tracking in iPhone settings for years.
| concinds wrote:
| I'm not going to debate the conclusion of this paper, but keep in
| mind if you pick Android, it's still very important to pick the
| brand correctly. When you open the Clock app on Xiaomi phones,
| the first thing you see is a privacy policy you need to accept
| (!). Samsung might be better on this. I saw quite a few people on
| other websites (not HN) who said they switched to Android after
| Apple's CSAM thing, but put little thought into brand choice
| beyond price and features, just assuming all Androids are the
| same.
|
| You might say that people who really care about privacy would
| just get GrapheneOS, but the mainstream info available to help
| make these decisions is really poor as of now. Just seems like a
| Wild West.
| tomComb wrote:
| This. On privacy and even moreso on security, Android can be
| very good or it can be terrible and the first, and perhaps most
| important, determinant of this is your choice of brand.
| EastOfTruth wrote:
| I'd say that Apple is more deceptive about the iPhone privacy
| then Google is of Android devices.
| croes wrote:
| Better is useless, I need good.
| Jeaye wrote:
| It's tough to diff the privacy between Android and iOS, as an OS.
|
| However, as an app ecosystem, it's not tough at all. For example,
| there is not a single open source email app on iOS which supports
| GPG email. In the iOS app ecosystem, privacy and FLOSS is an
| afterthought, since iOS users are more likely to pay for
| proprietary software. On Android, there are a lot more options,
| including things like F-Droid which are full of FLOSS apps which
| are graded based on their patterns and anti-patterns.
| aomobile wrote:
| Feels safer though to pay than to get something for free.
| teddyh wrote:
| I prefer free friends to those that charge me money to be my
| friend.
| imwillofficial wrote:
| Companies that act like friends don't last long. Business
| and pleasure and all that
| teddyh wrote:
| I was not saying that software is my friend, I was making
| an example of how some things are worse if they are paid
| for.
| chmsky00 wrote:
| Android phones are free like speech, not free like beer.
| teddyh wrote:
| We were not discussing the actual phones, nor even
| Android itself, but the application software running on
| phones.
| jiminymcmoogley wrote:
| more accurately AOSP phones, since Google Location
| Services is far from free as in freedom
| rrix2 wrote:
| But as this linked study points out: that's "just a
| feeling"...
| PaulBGD_ wrote:
| While it would be nice to be able to ensure that the source is
| what's exactly on the app store, protonmail does have their iOS
| app open sourced. Not quite the same as a generic email client,
| but is probably the next closest thing.
| smoldesu wrote:
| Nice, but that doesn't really address the plethora of other
| privacy/security concerns that Protonmail has server-side
| (like their IP logging which they claims never happened).
| judge2020 wrote:
| If you're talking just about FOSS software availability, sure,
| but that's not grading the privacy of the app ecosystem nor
| does it grade the privacy posture of a typical user/the
| userbase on average.
| legulere wrote:
| The included email client already supports S/MIME though
| prepend wrote:
| Seems like privacy and OSS support are different things.
|
| And it doesn't seem tough to generally diff privacy between the
| two OSes, as this paper seems to add some contributions.
| dartharva wrote:
| >In this paper, we present a study of 24k Android and iOS apps
| from 2020 along several dimensions relating to user privacy.
|
| >We find that third-party tracking and the sharing of unique user
| identifiers was widespread in apps from both ecosystems, even in
| apps aimed at children. In the children's category, iOS apps used
| much fewer advertising-related tracking than their Android
| counterparts, but could more often access children's location (by
| a factor of 7).
|
| >Overall, we find that neither platform is clearly better than
| the other for privacy across the dimensions we studied.
|
| Well, here's a novel idea: _don 't_ get children their own
| smartphones, uninstall/disable all apps bar the essentials, and
| keep your own usage to the bare minimum.
| acdha wrote:
| This is like saying the solution to widespread obesity is to
| tell people to eat better. Kids use phones / tablets for many
| reasons and most of them are real (e.g. keep in touch with
| parents, travel using services like Uber, communications and
| other school apps, etc.) -- the platform needs to protect
| people because it's unrealistic to expect individual choices to
| hold up against massive industry.
| jasonmp85 wrote:
| When did you get a cell phone?
|
| How many children have you raised?
| colordrops wrote:
| Of course neither platform is gonna be much better than the other
| because this is a survey of apps, and not the platforms
| themselves.
| wintermutestwin wrote:
| Any conversation about privacy needs to be centered around the
| threat model:
|
| Worried about state actors? More power to you, but good luck with
| that. Most people don't have the time, energy or paranoia
| (justified or not) to figure that out and keep on top of it.
|
| Worried about stalker capitalism? Google is eagerly selling your
| data to the highest bidder = I have zero faith that their OS
| isn't snarfing up everything it can to sell to anyone who will
| pay. Apple has a different business model = I have some faith
| that they aren't selling my data.
| ccouzens wrote:
| Google doesn't sell your data.
|
| What they do do is use your data to decide what adverts to show
| you.
|
| If they sold your data, they'd risk a rival company buying it
| and making a better ad network.
| tyingq wrote:
| It seems like privacy isn't popular enough to enable a third
| player in the market. I wonder if "cheap" would be popular enough
| to make a dent. Like someone churning out de-googled AOSP phones
| cheap enough to attract market share.
| fsflover wrote:
| There are third players: https://puri.sm/products/librem-5 and
| https://pine64.org/pinephone.
| [deleted]
| sofixa wrote:
| The cheaper you go, the more the manufacturer needs to add crap
| and tracking and ads to make up the margins ( e.g. that's what
| Xiaomi do).
| judge2020 wrote:
| I can imagine almost everyone targeted by your marketing are
| also interested in benefiting from the immensely valuable,
| free* services provided by Google.
|
| *: obviously paid with privacy, but that does mean less money
| leaves the user's bank account
| kristofferR wrote:
| The "cheaper" customers you get, the less they demand.
|
| That includes privacy, unfortunately.
| tyingq wrote:
| Yes, the idea is to give them privacy even though they aren't
| asking for privacy, just "cheap".
| kmonsen wrote:
| But you have to make up the costs somehow. It's like
| websites, all the cheapest one are full of scammy ads and
| tracking software.
|
| Most cheaper phones will just get revenue from selling
| users info instead.
| smoldesu wrote:
| You'd likely attract the ire of some 3-letter-agencies long
| before you found your market. Even low-volume devices like the
| Pinephone and Librem have come under fire for potentially
| including hardware backdoors in newer models. It's a game of
| cat-and-mouse, where the cat has unlimited resources.
| imwillofficial wrote:
| I didn't know this, could you share some reading on this
| potential scandal?
| smoldesu wrote:
| I'm not fully clued-in to the situation (why I included the
| word "potentially"), but I've been hearing that the latest
| Pinephone shipping delay was in part due to the fact that
| the board schematic changed slightly. Details on this seem
| very sparse, but I'm sure you could get the full story if
| you poke someone in the right IRC channel.
| mfer wrote:
| I don't think that it's popularity that's the issue. Let's say
| a lot of people wanted it, where would it come from?
|
| Invading privacy and using that pays. If your hi is to make
| lots of money while maximizing profit you're going to invade
| privacy. If you don't and you're public shareholders might
| complain about leaving money on the table.
|
| Then there are those who often focus on privacy tools. They
| often don't end up building rolls with a user experience for
| the every person.
|
| It's complicated.
| hetspookjee wrote:
| I'm pretty sure the dark patterns of Android make sure that most
| regular users share more data than iOS users. For example the
| Google maps app pretends the location service is broken when it's
| simply not having the maximal efficieny with WiFi enabled.
| Another aspect is the phone itself having their own way. Most
| Android devices come pre installed with a plethora of tracking
| apps enabled. So given privacy with Apple I know that I share it
| exclusively with Apple, while on Android I'm certain it is both
| the manufacturer and Google.
| jolux wrote:
| Note that this study and the other one from earlier this year
| predate iOS 14.5, which introduced the "ask not to track" prompt
| that disables the operating system-provided unique identifier.
| rafamaddd wrote:
| there has been a couple of studies demonstrating that basically
| is a useless feature, even worse, some apps track more when you
| "ask to not track".
|
| https://blog.lockdownprivacy.com/2021/09/22/study-effectiven...
| randomperson_24 wrote:
| I hope fanboys don't start defending Apple / Google for their
| privacy measures etc. (esp. Apple)
|
| Both platforms are notorious (Apple more so due to its closed
| nature imo) and defending any is just weird.
| travoc wrote:
| Are we allowed to have an opinion about which company is better
| for our privacy?
| croes wrote:
| If both are bad, does it matter which is less bad?
| ceejayoz wrote:
| Yes.
|
| https://en.wikipedia.org/wiki/Overton_window
| joconde wrote:
| Yes definitely. There are a lot of nuances in privacy. As
| an example, take the approach to ML and assistants, where
| Google collects most of everything to train models on their
| servers, while Apple tries to anonymize things a bit (e.g.
| their "differential privacy" techniques).
| croes wrote:
| Anonymize things a bit sounds like a bit dead and a bit
| pregnant.
| joconde wrote:
| That's my attempt to characterize it fairly, since I'm
| not a cryptographer and don't know how solid it is. Last
| I checked there were debates about that.
| ikurei wrote:
| Well, yes, of course it does.
|
| I'm willing to limit what apps I use and carefully consider
| what I install. I'm not yet willing to abandon my
| smartphone.
|
| Choosing the lesser of N evils is a pretty common and often
| rational choice, in life and in engineering. May be not in
| this case, and it's good to be unsatisfied, but
| disregarding the debate just because neither option is
| great makes no sense.
| croes wrote:
| Choosing the lesser of N evils only makes sense if one is
| acceptable. If neither is, a choice is useless. Both
| sides have an unacceptable amount of tracking and your
| choice doesn't really have any consequences.
| derefr wrote:
| Naively, because it only takes two suppliers in a market,
| for consumers to start playing them against each-other by
| switching to whichever one plays more to consumer
| preferences at any given moment, incentivizing the
| suppliers to compete to satisfy that consumer preference.
| Like a classical "race to the bottom" that lowers prices,
| but with some other factor that consumers care about
| instead of cost.
|
| (Of course, this assumes people bother to switch. In
| reality, this isn't even true in oligopolist party
| politics, let alone in oligopolist markets. In practice,
| there need to be a lot more, smaller options before
| switching costs are forced down enough to encourage people
| to switch. In phone markets, this looks like how people
| switch somewhat easily between different Android device
| manufacturers for their next phone. If we could get phone
| _Operating Systems_ working like that, we 'd really have
| something!)
| smoldesu wrote:
| You're welcome to say whatever you want, but if you genuinely
| believe that the NSA gives preferential treatment to anyone
| from FAANG you're living a fever dream.
| shawnz wrote:
| On the other hand, who else besides FAANG has the resources
| to resist the NSA, at least in small ways?
| fsflover wrote:
| Mainline GNU/Linux of course.
| WarOnPrivacy wrote:
| > On the other hand, who else besides FAANG has the
| resources to resist the NSA, at least in small ways?
|
| US news orgs have a duty (implied by their extra-
| Constitutional protections) to ferret out NSA misdeeds
| but editors/journalists find celebs so much more
| intriguing.
| jasonmp85 wrote:
| Christ you seem insufferable. Imagine identifying issues
| in our media but thinking they are "because calebritiez"
| JumpCrisscross wrote:
| You get what you pay for. I assume the comment refers to
| free/ad-powered media. I don't remember the last time I
| saw a celebrity news line.
| ForHackernews wrote:
| The Chinese and the Russians. Who wants to buy a Yandex
| phone?
| YarickR2 wrote:
| What's wrong with Yandex phone ?
| Mikeb85 wrote:
| It's not about resources, it's about reach and
| jurisdiction. If anything, FAANGs have the most incentive
| to cooperate with the NSA because they're located in the
| US and have the most to lose.
|
| The companies that can best resist the NSA are located
| outside of the US and EU.
| imwillofficial wrote:
| Apple has had high profile fights with USgov on their
| privacy stances. Google has not.
| smoldesu wrote:
| Everyone, ostensibly. The only reason why they care about
| those companies is because they process an insane amount
| of data on a regular basis, so they will _always_ go for
| the cheap wins first. I doubt it took any effort to
| convince Apple and Google to comply, since the
| alternative would be losing money (not an option to
| shareholders). Amazon was already under the NSA 's thumb
| the moment they started working with domestic payment
| processors, and at this point the general public probably
| knows more sensitive info about Facebook than the NSA
| does. We could keep going down the Fortune 500 in such a
| manner, flagging people who process lots of data and
| determining what actual mitigation they put in place, but
| you'll quickly realize that they have all the information
| they need.
| bogwog wrote:
| Saying that iPhones are secure and private is wishful thinking
| that benefits nobody but Apple shareholders.
|
| There are no doubt some dead journalists and activists that
| would still be alive today if iPhones truly were secure and/or
| private.
| amelius wrote:
| Extraordinary assertions require extraordinary proof.
| imwillofficial wrote:
| Name one
| ActorNightly wrote:
| The difference is, with a good number of Android phones, you
| can just flash a custom rom without any tracking built in.
| [deleted]
| emsy wrote:
| Why not if one is better than they other? There is fanboyism,
| which is unproductive and then there's sober comparison of
| objective measures of privacy. And I want to know which is
| better. So as long as someone presents facts that help me make
| a decision I don't want to censor them.
| Razengan wrote:
| "Everything sucks the same, why bother" is the cry of those
| incapable of nuance, or more commonly, on the losing side.
|
| There are objective reasons where Apple is better at privacy.
|
| For example, one of the things that benefits me the most
| personally:
|
| iCloud Mail aliases versus Gmail aliases: Google exposes your
| main address at all times:
|
| HeyGuysLookWhoItIs+TotallyNotMe@gmail.com
|
| What even is the fucking point?
|
| iCloud lets you have completely different aliases all forwarded
| to the same main account which no one else ever has to see.
| mfer wrote:
| You have to look at what versions of the operating systems
| they're looking at and compare that to today. Things change.
| spansoa wrote:
| One thing you have to consider when debating i0S versus Android
| in the context of privacy is: you can have the best of both
| worlds and own an Android phone _and_ an i0S device (if you can
| afford that, and I 'm aware many citizens in third world
| countries don't have the luxury of owning two phones). It's like
| the old Chrome versus Firefox debates that happen every other
| month now on Hackernews & Reddit.
|
| I own a Chromebook where I leverage the Google ecosystem and do
| Googley stuff all day, then a Thinkpad with Qubes+Whonix when I
| want privacy & security & sometimes anonymity.
|
| You don't have to be faithful to a single
| company/OS/provider/whatever. You can leverage _all_ the things
| and compartmentalize.
| zsmi wrote:
| "First rule in government spending: why build one when you can
| have two at twice the price?" - S.R. Hadden, Contact
|
| https://www.quotes.net/mquote/20237
| mcguire wrote:
| How would that not give you the _worst_ of both worlds? You
| would be tracked by the weakest aspect of both devices.
| jjj123 wrote:
| I don't do this and it seems like a hassle but it is an
| interesting question: would this be more or less private than
| a single device?
|
| One thing I can think of is most tracking algorithms probably
| assume each user has a single cell phone (either explicitly
| or the ML data is biased in that direction). So splitting
| your time across two devices probably messes with whatever
| user-behavior buckets they place you in. They might think
| you're two people in the same household, for example.
| smoldesu wrote:
| It's actually more in-line with how real world threat models
| work. You always operate under the assumption that all of
| your hardware is compromised, then build layers of trust
| around that to determine which device should be used when.
| Not super practical for an end-user, but it's definitely
| better than having a single device that you always second-
| guess.
| alecco wrote:
| Maybe with different VPN endpoints on each device it could
| work. But it would require a strict discipline. Google is
| very good at finding the same person in 2 very different
| devices.
| fsflover wrote:
| > you can have the best of both worlds and own an Android phone
| and an i0S device
|
| If you truly need privacy and control then the right approach
| is to have neither of them and consider a GNU/Linux phone
| (Librem 5 or Pinephone).
| wtallis wrote:
| > i0S
|
| Slightly OT, but: is there a reason why you're spelling that
| with a numeral zero?
| amelius wrote:
| By the way, what does "i" in "iOS" stand for?
|
| EDIT: I looked it up, it stands for "internet". From now on
| we should be referring to it as "internet OS" where space is
| not an issue.
| WarOnPrivacy wrote:
| O & 0 are adjacent on US keyboards because they're
| interchangeable.
| jondwillis wrote:
| that logic holds the same with p and o, right?
| drcongo wrote:
| I6's 6he reason I 6end 6o use 6he numeral six ins6ead of
| "t" 6oo.
| Crash0v3rid3 wrote:
| > you can have the best of both worlds and own an Android phone
| and an i0S device
|
| This is something I've been wanting to do!
|
| I'd love to own an iPhone and Android so I can get the best of
| both worlds.
|
| Does anyone have any suggestions going this route? Ideally I'd
| like to keep a single number that can be used on both devices
| and I can just decide myself what device I want to drive for
| the day.
| collsni wrote:
| Caylxos is the best alternative to both that I've found. Anyone
| know of something better?
| dtonon wrote:
| I didn't test CalyxOS yet but I suggest you to try GrapheneOS,
| if you have a Pixel. I think it is really well done, the
| documentation is detailed and the team's attention about
| security, and so privacy, is rock solid.
___________________________________________________________________
(page generated 2021-10-10 23:01 UTC)