This is the actual abstract from the actual study. Most comments here seem to be referring to a strawman version of the study.
Abstract:
> We investigate what data iOS on an iPhone shares with Apple and what data Google Android on a Pixel phone shares with Google. We find that even when minimally configured and the handset is idle both iOS and Google Android share data with Apple/Google on average every 4.5 mins. The phone IMEI, hardware serial number, SIM serial number and IMSI, handset phone number etc are shared with Apple and Google. Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this. When a SIM is inserted both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Users have no opt out from this and currently there are few, if any, realistic options for preventing this data sharing.
That is the extent of the data sharing unless the user allows more.
You can turn off all of your radios as far as the soft toggle switches in your Settings app allow you to do, but if Apple decides that your radio antennas should still be active and responding to beacons, they will. And the user won't be aware.
Not sure if iPhones will do this if you've explicitly disabled bluetooth, but they will send data around even when "turned off". Likewise, to actually disable bluetooth, you have to click on the toggle button in the draw-down settings screen 2 times.
Close - You can know general proximity through other devices, but it won't triangulate. If you own the AirTag, you can find it more specifically based on signal strength, but with "other people's devices" you only get a general location.
It isn't. Apple is sending your location and the MAC addresses of other devices your phone sees.
It's been doing this for nearly a decade since I believe their acquisition of WifiSlam back in 2013. They use it roughly triangulate a device's position when GPS/Cellular is not available.
The research paper confirms it isn't sending the MAC address, but says it is sending the hardware serial number. I assume Apple has table to lookup up the MAC from the hardware serial number. So there's really no difference, is there?
And Apple have clearly decided that’s ok, because that’s how AirTags work.
Whether your (and everybody else) iPhone and gps helping tell where my stolen bicycle is, is a good enough benefit to outweigh the privacy trade off is a good question (that Apple never asked me before opting me into their global Bluetooth surveillance platform).
When you pair a tag with a device they agree a shared key which is used to create a temporary identifier that changes every couple of hours. The tag broadcasts this identifier every few seconds, and nearby devices who hear it create a location message based on their position and encrypt it using the identifier as a public key, and then send that to Apple.
Apple can’t read that message. Only the paired device can recreate the current temporary private key and decode for location data, etc. The paired device knows what the current temporary identifier should be and just asks Apple for any associated messages the Find My network may have received
In theory Apple can’t snoop any of this - as long as the shared secret does leave the paired devices. It’s always possible there’s a back-door for targeted unveiling under legal obligation, of-course - but it’s supposed to be private under general use.
I was responding to the last sentence: "If Apple is using iPhones to pair location and MAC addresses of nearby devices, that is indeed "location being tracked by other people's iPhones"."
My AirTags have their "location being tracked by other people's iPhones".
Sure - if we believe Apple (and I mostly do here) that their protocol and encryption works the way they describe, and that there's no bugs or back doors - then the only person who get to see my AirTag's location is me.
But that still means "And Apple have clearly decided that’s ok" that my AirTags have their "location being tracked by other people's iPhones". They're selling me products on the assumption that your iPhone (and everybody else's, or at least enough other iPhone owners to make it useful) will happily listen out for bluetooth signals from AirTags, power up their GPS to get a current location, encrypt a bunch of data, then use your cellular data plan to send it to Apple for me.
I'm sure 99% of the people on HN, if you'd told them 10-15 years ago that's what their phone would be doing by default in 2021, they'd have laughed at you and called you delusional. Or asked which dystopian scifi writer came up with that insane plot device.
They do actually ask before doing this. It's a question that you have to answer when you first updated to iOS 14 or that you answer when setting up a new iOS 15 device.
They weren't fined whatsoever for the collection of the data. The fine was for stonewalling the investigation.
> But, the commission said, Google did not engage in illegal wiretapping because the data was flowing, unencrypted, over open radio waves.
At what point does reading unencrypted radio waves on open-use frequencies become an invasion of privacy? It'd be like a restaurant owner requiring people get permission before being able to write down the restaurant's name. If it's possible to passively read it for free, you can't control who views it.
The big difference between a restaurant's name and consumers' radio devices is that the restaurant's name was knowingly and deliberately placed up there by the owner, whereas consumers most likely don't understand the privacy implications of their radio devices and often don't know how to protect themselves and may not even have the option to do so (my washing machine has some kind of smartphone link support, and I don't remember seeing a documented way to disable it). And while the restaurant next door is a company that openly offers services to the public, the machine in my bathroom is not open to the public.
They're putting radios everywhere and anywhere now, but I don't think consumers generally expect and want anyone to be able to hear their devices, let alone scoop up the data and store it in a database with gps coordinates.
You might also ask at what point does reading of unencrypted audio frequency vibrations originating from a private home become an invasion of privacy? Most homes aren't perfectly soundproof, and it's not too hard to make devices that can listen in. Is it ok just because you can? Same for radio imaging, etc.
Those are definitely not randomized by default, even if operating systems tell them to act as if they are.
And even then, why would that require being on the same network? I can see my wifi router's MAC without being connected to the network, ditto for your phones bluetooth.
Google merely drive past your house, recording your GPS location and WiFi SSID broadcasts, and find it that way. And "accidentally" packet capture some of your network traffic too. ( https://www.wired.com/2012/05/google-wifi-fcc-investigation/ )
Practical options? Apple rotates Mac addresses to avoid tracking[1]. If you're broadcasting a mac address you have to assume someone is logging it and correlating it with a location. Wardriving was a thing long before smart phones were common.
This is what I'd like to know. I don't own a wifi router. But suppose I did, is the fact that my router's signal was simply
seen by an Apple device within range consent for Apple to track it's location? And does Apple knowing my router's location mean that I've consented to it's use to track others?
This paints a desastrous picture for mobile OS. I deactivate wlan and mobile data if I don't explicitely need it because you cannot trust your own device. These closed systems introduced and normalized a lot of very bad behavior for software in general.
>Researchers essentially staged a man-in-the-middle attack on the phones, setting up a laptop to serve as a Wi-Fi hotspot while disabling cellular connections on the phones.
>Traffic from the phones ran through the laptop, which decrypted logged and analyzed data, then re-encrypted the data and sent it on its way to the destination servers.
That's from the article. I haven't read the paper.
One network mitigation for Apple devices (e.g iPads) without a cellular baseband is to have a router block all connections to 17.0.0.0/8, except a once a week check for OS and app updates. This assumes no use of iCloud, which would siphon much more data than described in this article. It's also necessary to disable Siri on-device search (e.g. "Learn from this app") and Spotlight indexing of in-app content (per-app setting for "Show app in Search"), including E2E encrypted messengers like Signal and Wire.
For phones, the only mitigation is a lifestyle change to switch from always-reachable to scheduled availability windows or the always-async workflows of pre-mobile computing. A faraday bag can deny realtime telemetry, even if it's cached for relay when connectivity returns.
There is almost no point in buying an ecosystem-dependant device and then trying to cut off the ecosystem dependency. This goes for iOS and Android alike.
In some ways, even cellular connectivity itself is problematic or any baseband system that requires some form of out-of-band processing to function (even if it doesn't "call home").
Most people won't know (or care) about any of this anyway, and the disruption trade for some invisible gains that are supposed to come out of unplugging like this isn't likely to attract any reasonable mass of users to do it. It would probably be mostly destructive anyway considering the information flow of civilisation depends on so much of this integration now.
Technically we could do without all of this, but practically it would be luddite's errand to try and do any this.
I wonder what we could do instead, but considering the min-maxing for profit sets the stage today, I doubt someone can come up with an alternative that yields the same (perceived) benefit from using Google's or Apple's technologies.
Considering most new people from the past few years are primarily mobile users and a lot of those never even had access to (or a need for) a desktop-like type computing, there is very little mindshare about what else might be possible in the digital realm.
> There is almost no point in buying an ecosystem-dependant device and then trying to cut off the ecosystem dependency
Android works fine without the Google bits. Make sure to get a device which is supported by an AOSP-derived distribution like LineageOS and you're almost there. Install the alternative distribution, do not install any Google services (i.e. skip the 'gapps' or Google apps), install F-droid or Aurora Droid, done - you'll end up with a device running free software (apart from the radio firmware and any driver blobs used in building the distribution). If you need software from the play store there is Aurora Store, an alternative front-end which can be used without a Google account. If some of that software needs access to the Google Services Framework (indicated in the listing as 'gsf-dependent' or something along those lines) you can install microG, an in-progress but remarkably functional free software implementation of such.
I've been doing this for about 10 years now and never had the impression I missed out on anything by not using a stock distribution with a Google account - the opposite is true. Batteries last longer since there is less background activity, devices have a far longer useable life span by virtue of the distribution being kept up to date.
I bought a Pixel 2 XL brand new from Amazon for $140 two weeks ago and installed LineageOS 18.1 (Android 11) and using F-Droid and Aurora Store. I ended up reflashing to LineageOS with MicroG to get one stubborn app to function properly but it is a fast, functional, and a significantly more private experience for a budget price and about an hour or two of work.
Did the same with my old Pixel 2, just put CalxyOS on it. Personally, while ecosystems are quite convenient, I am really fed up with what they became. All I want is an OS that gets critical updates, but other wise just runs without any strings attached on hardware I own. Give my good mobile websites and a privacy-oriented browser for everything else. I guess big-tech just won't be able to make a living in such a world...
According to the article, you can also reduce the vast majority of Google communication by disabling all Google apps and services. You need a phone that allows that (I have a Fairphone 2). Not as watertight as LineageOS, but easier for most people, at least for me. Then indeed use F-Droid and the occasional app from sources you trust via Aurora Store. Very usable as a main phone.
Yes. This is the best story now for a somewhat feature packed privacy respecting phone. The other options like Purism's Librem are not there yet.
Want to go one step further: use a laptop which you connect to the internet over burner phone's tethered internet connection, using a self-hosted VPN or Tor.
> There is almost no point in buying an ecosystem-dependant device and then trying to cut off the ecosystem dependency.
I mean, your work could be dependent on an embedded appliance from an enterprise vendor, where that 'appliance' just consists of an app running on an iPad in kiosk mode sealed into an ugly case, with its lightning port hard-wired to a particular accessory.
If you're an IT admin of an organization and you have to support an appliance like this within your Intranet, it's in your best interests to lock it down from doing anything other than "its job as an appliance." For the same reason you wouldn't leave any ports open on a machine/VM other than the ones it needs to perform its function.
So how are you locking it down? Are you going to sit there and put the iPad in supervised mode by hand? Maybe sideload your specialised kiosk software onto it by hand? Periodically check in on it to make sure it’s up to date and all of its configuration is as you left it?
This is a solution that doesn’t scale, and any IT admin supporting more than a handful of Apple devices in their network should look at MDM.
> Maybe sideload your specialised kiosk software onto it by hand?
In this case I was suggesting that you have a vendor upstream of you doing this, where you then take receipt of a system (e.g. a POS system) of which an "embedded" iPad is a one component, and is a black box, perhaps even epoxied into an enclosure.
In such a case, you literally cannot do anything to the iPad. It's locked down into its kiosk application, and getting admin access to it would require taking the system it's a part of apart to a degree that would void your warranty with the vendor.
Instead, the only thing you can alter, is the network the iPad connects to.
> There is almost no point in buying an ecosystem-dependant device and then trying to cut off the ecosystem dependency.
...the only alternative right now is throwing cash at a librem5 and there's still plenty of work until it's feasible for a linux phone as a daily driver.
There's also Jolla Sailfish (descendant of Nokia Maemo/Meego, funded by Russia) which works on Sony Xperia 10 II. The free version doesn't support Android apps. The paid version does, but is technically only sold to EU customers.
Looking further ahead, Pinephone development is active.
To clarify you should say: Nowadays funded by Russia, it hasn't been always like that.
The question of course is whether they do anything equally bad as either Google/Apple or the NSA. It looks obvious to me that Russia funds this because they don't want the former inside their devices.
Trying to run their own mass surveillance using Sailfish wou be pretty much a waste of resources. There are no masses that use it and the Russian opposition could easily avoid touching such device. However, in typical Stalin/KGB/Putin-style paranoia you would want to eavesdrop your friends to make sure they don't work against you. So that is somewhat worrying.
> There is almost no point in buying an ecosystem-dependant device and then trying to cut off the ecosystem dependency.
The point of using an "ecosystem" is positive network effects, in the case of iOS it means a pool of shared-risk protection against common attacks, and a business model which yielded a huge app ecosystem, a.k.a front-end clients for web services. The greater those positive effects, the greater the incentive to mitigate the negative effects. Some are provided by Apple's obscure combinations of on-device Settings, device policy that is only configurable with Apple Configurator, or enterprise MDM policy.
It is unnecessary that such mitigations be employed by "most people", they only need to pass a cost-benefit analysis for those who use them. E.g. many iOS remote attacks can be mitigated by disabling Javascript, yet there has not been an option for per-site whitelisting of JS in Safari. Brave on iOS (reskin of Safari) provides this policy with one-click per site and now Apple allows Brave to be the system-wide default, possibly due to antitrust/EU/legal pressure. iOS 15 has added web extensions, which are already transforming the web experience.
It could be argued that if more people used "surveillance escape valves", there could be pressure to close them. The bigger the ecosystem, the more incentives there are to jump through hoops to gain benefits and mitigate risks. It's an ongoing negotiation, not blind surrender, even if the balance of power begins with asymmetry. E.g. people may start using Brave on iOS because it blocks Youtube interstitial video ads, allowing free access to the network effects of the YT ecosystem without paying a monthly fee. But once they are using Brave, JS security protections are one click away. The pendulum swings back and forth.
> The president is getting his daily intelligence briefing on an iPad. Ten years ago we wouldn't have done that, but that's what the president wants, so that's what he gets. Now, that iPad is neutered-it has no connectivity. It gets plugged into a docking station. We can do that for the president, but can we can't scale that. So the question is, can we use commercial products that are secure?" said Levine.
> It is unnecessary that such mitigations be employed by "most people", they only need to pass a cost-benefit analysis for those who use them.
This can be said for pretty much any technology/software/hardware/mitigation that some people dismiss out of hand…
> It could be argued that if more people used "surveillance escape valves", there could be pressure to close them.
I would even go one step further and argue that our devices should actively send spoofed data (not necessarily random) and poison the data wells these companies like to drink from to amass their power they wield asymmetrically at scale against individuals.
I think GrapheneOS provides a maximally usable experience with maximal control over your device.
Unfortunately linux phones are nowhere near the polish of Android forks, and let’s be honest - hardware-wise a 3-4 years old phone mid-level android hardware is a minimum.
> Gmail accounts require password entry on the device, even if the account is installed via Apple Configurator.
Is that still true, if the password provided in the profile is an App Password for the account? IIRC those can be used for direct IMAP access to Gmail's servers without those servers complaining; so I would expect them to also work fine for creating a Gmail web-API binding.
Apple provides a list of IPs used by APNS if you need it but want to block the rest of 17 or 2620:149:: (I believe the other IPv6 prefixes are for non-US use).
Yes, battery-conserving notification interrupts are part of an always-reachable lifestyle, which requires surrender to behavioral telemetry with the potential long-term consequence of influencing the human's behavior (e.g. via advertising).
Regardless of an app's implementation of polling/notifications, most apps will poll servers when first started or network service is restored.
It, ummmm, very rough around the edges, software wise.
So far I have only used the default Manjaro distribution it came with. Im both looking forward to, and dreading, working my way through a dozen or so alternative distros to find the least worst collection of brokenness and bugs.
But I 100% knew what I was buying into when I paid for it, and am very happy I have it.
I found the pinephone in my research. It seemed nice but the hardware specifications were really underwhelming. I'm used to buying flagship phones with the best hardware available and using them for years and years.
> It, ummmm, very rough around the edges, software wise.
I can imagine. How's the driver situation? Lots of proprietary blobs?
What about the device itself? Build quality? I see it has hardware switches for RF and sensors, I really like that.
> So far I have only used the default Manjaro distribution it came with.
It’s got closed source blobs for at least it’s Realtek wifi chipset. Probably more as well. :shrug:
Hardware and build quality wise, I’m quite happily surprised at how good it feels. It’s certainly not at iPhone13 Pro levels of industrial design, but it feels like it compares favourably to, say Galaxy S4 vintage “flagship phones”.
And yeah, that row of hardware switches was a very powerful deciding feature for my purchase.
> How's the driver situation? Lots of proprietary blobs?
Even if this is the case, what are you going to do? Buy a normal phone? That will just get you even more proprietary blobs.
You shouldn't let aversion to proprietary blobs put you off getting a PinePhone if all the other options you'd consider contain more proprietary blobs.
> Buy a normal phone? That will just get you even more proprietary blobs.
Google's apparently trying to get all these manufacturers to contribute their drivers to the kernel. Not sure how successful they've been.
I was hoping the situation would be better here. Proprietary Linux drivers suck. Even nvidia drivers have caused instability in my system before, switching to nouveau fixed it. I hate those things so much.
I ordered the pinephone when it was first announced. I think it’s a really good first step. The hardware is extremely lacking though. It’s not nearly powerful enough to make this a daily driver for me. Way too much lag and stuttering. Every couple months I will flash a new or updated distro and play around with it for a day or two, and the software side has definitely improved a lot in the last year. I’m hoping that the next generation comes with better, more usable hardware. Super excited to see the progress that comes for this product
The hardware specifications are really disapointing. I'm used to buying top end hardware, desktop and mobile. The Librem 5 isn't any better and it's a $900 phone!
I suppose this market is still too new. I'm hopeful things will get better in the future as well. I'm very impressed by the fact the pinephone can run the upstream Linux kernel. Maybe that wouldn't have been possible with higher end hardware. I'm not sure.
I own a Pinephone. I use jmp.chat so messing around with the phone doesn't effect my ability to use the phone network. It's gotten a lot better, I would recommend running a lightweight X11 WM (I like fluxbox and fvwm) rather than a fat DE like phosh or kde.
I'm not used to the notion that X11 even supports touch events. I wonder what the experience is like. Will I need mobile versions of Linux software or can I expect existing desktop software to work?
Honestly I'd be satisfied if I could have a fully featured terminal and browser. Looks like the pinephone even supports physical keyboards!
Not traffic that is being sent via other protocols or on different ports. One way of doing this would be setting up a computer to pass its internet connection via NAT firewall rules to the apple device and behave like an access point. From there you could dump the raw traffic to/from the apple device. Regarding encrypted content, it’s probable that the telemetry and other info being sent is signed with a key that is not available in user space so you wouldn’t be able to add a key to view it. However you would definitey be able to see it being sent and the packet size/frequency ect
"The only mitigation is a lifestyle change to switch from always-reachable to scheduled availability windows or the always-async workflows of pre-mobile computing."
I always had a call recorder installed on my mobile, it saved my bacon a few times when dealing with scammy companies and various wankers.
Then a wakeup call arrives for me - my phone updates to the new version of android, on which google blocked call recording.
I installed a landline, and stopped spending money on fancy phones. I can't eacape them, but they will never see me spend more than a bare minimum.
Recording videos in public is also often illegal in many places, yet all smartphones come with 2-7(?) cameras. The web browser lets you download pirated content from shady sources. You can post illegal text-based content (defamation etc.) in various apps. You could probably even cause some noise complaints with the alarm app.
I suppose they have no fear of losing market share from losing their "privacy" moniker. Too many folks that are locked in to the brand, and who will now happily switch to saying Apple's data collection is 'better/ok'.
Give an opt out for location sharing, how about that? The location collection described in this paper cannot be turned off, and it happens every 4-5 minutes even if you have disabled location services!
The paper uses IP addresses as a proxy for location. They’re not sharing (fuzzy) coordinates unless you enable location sharing.
The only way to prevent that is that is to never make network requests. That’s probably a reasonable expectation, but it’s certainly not the same thing as sending your lat/long every few minutes.
Well they do log surrounding network hardware which are broadcasting, so visible Bluetooth, devices on the same wifi, the APs themselves, etc. This allows a rough estimate of the locations of visible devices which are not made by Apple. The only way to opt out of that is to not be visible on public networks and to not bring an iPhone onto your house network.
Don't use a product which has "ecosystem" as a feature then. Sending MAC addresses and their locations sounds like Apple devices try to establish a consistent local awareness of surrounding devices, e.g. for "Find My".
And it’s not like there’s a viable alternative available anyway. Yet another reason I strongly support antitrust measures against both these companies.
Exactly , in this case it’s like the Tower of Babel except you’re not addressing why the people started building a tower in the first place . Eventually , once they get their shit together, another tower will be built.
Indeed. And when it comes to something invisible like software, a company doesn't really need to implement real privacy in order to uphold a "privacy" moniker.
It's a similar story with "security", as Zoom demonstrated somewhat recently.
99% of users have no way to actually check a smartphone to see "how private" it is, or "how secure" it is. And I imagine another large portion of users doesn't read tech news, and so they won't see these kinds of articles. So all Apple needs to do is put on a show about privacy, since that's what users actually see.
The funny part is that Apple (unlike google) refused to respond to Leithman's numerous requests for comment/clarification but then is happy to have their PR trash the accuracy of the paper to journalists.
Pixel devices do not come with stock Android, and they certainly don't come with a build that allows for opting out of cloud services. They include a wide variety of Google "bloatware" that cannot be removed, much of which is also included on many other OEMs but some of which is unique to stock Pixel builds of Android (i.e. not public or open-source). Most all of the newer Pixel-only features fall into this latter category and usually involve some type of telemetry, in my experience.
I feel the same-- that's one reason I switched. You can also just run what you want like f-droid etc. Want to run a Linux subsystem? Just download Termux...
There are publicly available lists ( like the ones used by PiHole and AdGuard). IIRC Blokada is an app that emulated a VPN to push a specific DNS server which contains those blocklists.
From anecdotal evidence, it seems that Android users use the cloud a lot less than Apple users. By default, Apple users will have every piece of data on Apple's servers unencrypted (with unencrypted iCloud backups, and all files from Desktop/Documents uploaded to Drive). Apple puts it all on a nice, single screen that makes anyone with OCD want to turn every button "On" and send all their data over; and they're all turned on by default anyway. I don't have hard evidence for this, but I believe most Android people just don't end up turning that stuff on; many don't have backups, don't have all documents and Chrome downloads stored in the cloud by default, so they likely experience a lot more privacy by default. Again, all anecdote, but I think you'll find the same is true for your friends circles.
Interestingly, if we are talking about actual, diagnosed, non-colloquial, real-bad-if-it-goes-untreated OCD... Jon Herschfield is a good writer about OCD who has it himself and this article series he wrote mentions some OCD manifestations that involve a deep fear of something happening on the internet
https://www.sheppardpratt.org/news-views/story/moral-scrupul...
Indeed! I don't know how to refer to this in a colloquial way because while having every single switch on a single screen isn't exactly a dark pattern, it does incite many people to just turn everything on because they "paid for it" and want "the best and greatest".
"Privacy is a fundamental human right. At Apple, it’s also one of our core values. Your devices are important to so many parts of your life. What you share from those experiences, and who you share it with, should be up to you. We design Apple products to protect your privacy and give you control over your information. It’s not always easy. But that’s the kind of innovation we believe in."
So, according to Apple, it is designed "to protect your privacy and give you control over your information".
s/Chinese/any government representing a material amount of their revenue/
Don't be deceived; the San Bernardino case was a very intentionally public op to convince us that they will "fight" for our right to privacy, but the not-so-public track record since has demonstrated their absolute willingness to lick the boots of virtually every government whose citizens impact their top line materially.
This isn't a slag on Apple, specifically. Facebook, Google, et al will declaim "Russian Propaganda" all day long and then immediately roll over for Russian demands to censor political opposition, for instance. They all do it.
It's all a show. You have no privacy with any of Big Tech, regardless of where you live.
I have basically zero worries of all my criticisms of all my rantings against the bloated and corrupt American government getting me sent to prison for life and potentially having my organs harvested for a party elite. So I think that's one reason it's a tad bit different.
> but the not-so-public track record since has demonstrated their absolute willingness to lick the boots of virtually every government whose citizens impact their top line materially.
What sort of percentage of the entries on that unprinted list can be summarized as "they follow the law in the places where they do business?"
Nearly all of them, most likely. What motivation would there to do otherwise? It's just that the vast majority of these governments, the US included, have laws mandating access to nearly everything accessible. If that data is subpoenaed and Apple can theoretically access it, it's illegal for them not to hand it over.
> the San Bernardino case was a very intentionally public op to convince us that they will "fight" for our right to privacy
You’ve reversed cause and effect. Apple’s surprise at the backlash to their position on San Bernardino is well documented. It directly led to the softening of their stance on privacy.
> but the not-so-public track record since has demonstrated their absolute willingness to lick the boots of virtually every government whose citizens impact their top line materially.
Is there any public information that supports this claim?
They comply with the law to the extend that they can. Apple by design locked themselves out of the capability to provide people's data in many circumstances. So the fact that requests exist says very little about what was actually provided.
For as long as a company doesn't think selling in a country risks losing more money than they make by selling there, they will be beholden to the requests of that country. You have to see Apple as its own nation state, as this is how it works everywhere - leaders will weigh the economic damage of losing trade with evil countries with the damage caused to their reputation/re-election chances by not doing anything about it.
No, not by default. That would be impossible, since iCloud Backup first requires an iCloud Account, and then requires enough iCloud storage space to backup your phone. You get 5GB for free, which is not enough for a lot of people.
Mine doesn’t. It’s ostensibly expected that a backup is going to send your data somewhere. I don’t use iCloud backups for that reason. Also, some iCloud backup data is e2ee. The document it here: https://support.apple.com/en-us/HT202303
Data types that are protected by end-to-end encryption—such as your Keychain, Messages, Screen Time, and Health data—are not accessible via iCloud Data Recovery Service. Your device passcodes, which only you know, are required to decrypt and access them. Only you can access this information, and only on devices where you're signed in to iCloud.
Amusingly, your comment is the actual lie. iCloud backups are an opt in cloud backup solution. They are not enabled by default and myself (and many others) have never used them.
I've set up four iOS devices from scratch (new numbers, new Apple IDs, new everything) in the last two weeks and iCloud Backup is indeed on by default.
> It's a completely opaque system, 0% privacy should be assumed by default.
I really dislike this framing and I could not disagree more. Android is open source does that mean it is also zero percent privacy? What about the Anom phone in recent news? If all three are zero percent privacy then would they not be equally private? iPhone is more private than Android as there's much less data exfiltration and the Anom phone is clearly less private than both. I love open source, but saying any closed source system is zero percent private is not helpful.
I believe that what they are trying to say is the the articles are the same but Tom's Guide has used the Apple-bait headline to try to get more clicks.
> but Tom's Guide has used the Apple-bait headline to try to get more clicks.
As opposed to the Google-bait headline in the article above from Tech Radar?
Apple has spent millions of dollars running "Privacy. That's iPhone." campaigns on every platform out there. Given that the facts contradict Apple's privacy-bait campaigns, the title seems apt to me.
Using headline like that to drive traffic is as old as John C Dvorak. Who is a hack but I remember his name well enough to know his middle initial so clearly this tactic works :-)
To be fair, Apple has improved it's privacy story (at least with regards to noon-Apple entities.
They stopped giving every app on your phone the same ID for targeting/tracking (Android may follow, eventually). This pissed off Facebook since they can't use your account for targeting in your other apps.
Safari has also led the way (at least as far as mainstream browsers are concerned) with ITP. It even has some ML-based bounce tracking protection. I haven't done any practical tests of that, but it should be a lot better than the disconnect.me lists used by other browsers -- when I compared the domains I got redirected through during normal browsing with the disconnect.me list, only 10% were even present (none of the 100+ "3 random word" domains were listed).
Apple's privacy is one of give and take. You give a little extra to Apple, both in money and privacy, and you get less tracking from everyone else. This is a positive risk model shift for many users, while others want less "give" (which will require less "take", as in, you will likely end up with a less 'convenience-focused' product).
Anecdata for sure, but I switched to iOS after using Android for almost a decade (like the original HTC tmobile phone early). I run a pihole at home, and I find that iOS has significantly less ad-based telemetry. Sure, its pings the mothership just as much but android apps would ping some sort of ad-service telemetry aggressively. Also, curious how it would play out if the researcher uses iOS 14 instead of 13 which is when Apple started the Do not track stuff. Apparently FB is hurting from this, so I would guess other major ad-based companies are too?
What Large companies do is largely monitored, the problem is what the Android security model allows smaller unknown companies to do.
Apps abuse permissions, and do nefarious stuff, which is why you have a news post a month about Google removing apps. 4-5 years ago I came across a startup reading all of the SMSs to give you APIs to get bank balance, number of bank accounts etc. iOS that way is "relatively" more secure (not perfect)
In Finland most cellular data plans are completely unlimited and cellular coverage (even indoors) is excellent. I have not used any WiFi connection (home/office/public hotspot) for years and I have no reason to turn my WiFi on ever. My home fixed internet is ADSL, slower than 4G anyway, much slower on uplink.
The next question would be: Does Apple's (or others) WiFi listen to other traffic even when offline has been selected by the user. They could do it without turning the transmitter on. Maybe on global perspective such users are still the exception, but given their data collection desires I would not be surprised if they do that routinely anyway.
I am not always at home when the Internet is being used, so my phone would not be enough. The ADSL is there mostly for historic reasons. It works so I don't change it. In most cases the speed does is not really matter. I work mostly using the shell over ssh. An occasional video works just fine. The only case where I need a better uplink are telcos that require me presenting. Or in theory the camera, but I'm not in the fashion business so I hardly ever turn it on... In that case I am obviously at home and switch to the connection of my phone.
Has been that way since day one of the iOS App Store.
It was because it was re-using the same backend as the iTunes Store which was ultimately backed by an SAP system. One that required billing addresses for all purchases (free app = $0.00 purchase).
As far as I know, no other smartphone app store does this. Apple could have corrected this any time in the past 14 years, but no doubt Apple figured the reduction in expected App Store revenue and decided that it values that revenue more than user privacy.
Well Apple has different App Store regions, so doing this hypothetically allows a company to offer an app for free in one region but with cost in another.
In the US, payments almost always require a billing address for anti-fraud, so people are used to giving it out to pretty much any company that asks for it.
> That was unexpected given the marketing.
An extremely small amount of people will see "privacy" and think "I can use it completely anonymously without any PII being sent".
People don't think iphones (or any phones) are private anyway
> Two in three (65%) [iphone] users are “extremely” or “very” concerned about their activities being tracked as they use certain websites and apps, while only 14% said they were not at all concerned.
> A whopping 74% of users would rather have apps track their online activities than pay for content or features that are currently free; only a mere 26% said otherwise.
The difference for me isn’t so much the technical implementation of aspects of the operating system, it’s my willingness to trust either Google or Apple with my data. Knowing how Google and Apple make their massive sums of money, I’m willing to trust Apple with my data but I am not willing to trust Google.
Data being sent to Google—in my personal, subjective opinion—a breach of my privacy whereas—again, opinion—it isn’t when it’s sent to Apple.
Google Mobile Services.
It's the set of google apps and services you can install on top of a lineageos or other operating systems that are android based to get the google things like play store.
When idle. Google and Apple are basically American and Five Eyes invigilation devices. What cost money and resources in the past - satellites, airplanes, field agents, now people are paying to carry on them at all times.
I wish someone (with network knowledge) would do this for Windows 11. I'm curious how much data (and what kind) is being sent by the OS after you enable (as much as possible) all the privacy options during OOBE.
As soon as you install Google play services it is pretty much a moot point. Also in the past LineageOS left in a lot of Google related code and in general focused more on features than privacy. Maybe that has changed but using a purpose built ROM like GrapheneOS or CalyxOS is a lot better & actually easier.
I got my first taste of LineageOS on my Nintendo Switch of all places, it's quite a nice OS for people who want Android without Google in it. It also runs on basically anything as far as I can tell.
Regardless of studies and what they bring to light, always assume your phone has been compromised, assume others have intercepted your texts and have data mined them to determine not if you’re a nuisance (that’s a given), but how big of one. With that, assume most companies from there on out have access to how wealthy you are and how they can best sell products to you, use your data to sell your friends products, and so on.
Do not store anything on your phone that you wouldn’t want your worst enemy to see. Do not even say it while your phone is nearby. Put your phone in an acoustic proof container/soundproof box if you need to have a talk with anyone. Don’t bother with airplane mode, it’s a sinkhole waiting to be discovered so assume it’s compromised until given sufficient evidence to the contrary.
With this in mind, you can sleep soundly knowing that your phone is a monitoring device, and as such privacy-related studies that demonstrate (as they always do) that your phone isn’t as private as you think will not come as a surprise and you will have no bad habits to undo/change.
1) There was no "pivot"; this has been an Apple stance for a very long time.
2) It actually has a lot more to do with functionality than with marketing, as is obvious to even a casual observer. Apple hasn't really even marketed this as a big strength until relatively recently.
> Apple hasn't really even marketed this as a big strength until relatively recently.
So is that the 'pivot' then?
It has been an Apple stance because Apple has no internal need for your personalised data. They have no privacy related business model.
But that is the extent to it. I don't think Apple cares one iota about personal privacy and they are happy to throw users to the fickle winds of censors in China and Russia.
Apple has chosen not to have a privacy violating business model. They created a whole mapping service costing billions to avoid selling user data to Google.
Back in the early days of the iPhone many analysts projected user data would be a massive business opportunity for Apple. Imagine what the social graph and activity stream of iPhone users must be worth. They walked away from that.
> Apple has chosen not to have a privacy violating business model.
Not doing something is not the same as taking a ethical stance against it and not doing it. You're presuming a motive on their part.
> The created a whole mapping service costing billions to avoid selling user data to Google.
I don't think for a second that they did this for any altruistic reasons. I think it had more to do with Google not shipping concurrent features for Google Maps on iOS. As soon as Apple Maps got better data Google started shipping features like step by step directions for Google Maps on iOS.
> I don't think for a second that they did this for any altruistic reasons. I think it had more to do with Google not shipping concurrent features for Google Maps on iOS.
The messaging at the time was that as the Google Maps deal was ending, it turned out that all the features were on the table during renegotiation - but Google wanted accounts and location tracking and advertising in the core maps app.
Google's claim is that they had no strategic info that Apple Maps was going to be released. The general feeling of the public is that Apple's QA department also had no info that it was going to be released.
However, I suspect Apple knew that convergence of the phone with a GPS was a critical feature and thus they had to build and buy and bite and claw their way to have a competitive offering they controlled. Google's push for user telemetry during that renegotiation cycle may have prompted Apple to accelerate, and to launch before it was really ready.
That said, Google was never going to stand still with Maps, so they had to launch with a feature deficit at some time to justify the product investment. Google and Apple have their own data sets and their own teams dedicated to tools as well as manual curation of that data.
Google offered turn by turn in exchange for access to user data. Apple said no and developed their own mapping service, so privacy was the central issue.
No, it's highlighting a previously unlooked feature.
> They have no privacy related business model.
Not directly, but the issue is their only other legit competitor has an advertising business model directly inverse to a privacy model. Since they are selling a product, the product has to be what people want, and people are increasingly wanting more privacy.
Of course it does. Apple has a database of "MAC address <-> GPS location" pairs.
By knowing the MAC address and signal strength of devices around you it can triangulate the position of your device without needing an in-built GPS or celluar modem.
It's what allows Macs in particular to know their location in a pretty accurate way.
Reporting the MAC adress of the router and the current GPS location is all that is required for that (Google does this as well).
Reporting the MAC address of all other devices on the network does absolutely nothing to help Apple provice location services and is a massive invasion of privacy that gives them the ability to build a conplete social graph and track the location history of people other than the iPhone owner.
The paper states that iPhones do this even when "use of location is disabled" so your attempts to defend this practice on those grounds is completely absurd.
If there was no pivot, then there wouldn't have been an API for getting a unique identifier for this device in the first place.
Given that they only recently neutered this API, that seems like a pivot. If you consider that this change was only made in response to criticism that the ITP privacy protections added to Safari were forcing content creators to move from the open web to their app store to remain profitable, then the change seems more like it was forced by the PR pivot than something they were doing out of principle.
I'm not surprised by Apple's collection of data, particularly that data which helps enable relatively seamless interoperation with other Apple devices. It basically allows multiple Apple devices to seem tightly integrated, without the user having had to figure out how to integrate them. This is a positive thing for the user.
But it obviously comes with a privacy cost. So the question is, what is the risk of Apple having this information? What else might they do with it?
The answers to this question are probably very different for Google. And this is why I would trust Apple more than Google for data collection. Apple is more likely to use that information to make your hardware and software work better, and Google is more likely to (also) use that information to improve their myriad other systems - primarily ad targeting.
Abstract:
> We investigate what data iOS on an iPhone shares with Apple and what data Google Android on a Pixel phone shares with Google. We find that even when minimally configured and the handset is idle both iOS and Google Android share data with Apple/Google on average every 4.5 mins. The phone IMEI, hardware serial number, SIM serial number and IMSI, handset phone number etc are shared with Apple and Google. Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this. When a SIM is inserted both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Users have no opt out from this and currently there are few, if any, realistic options for preventing this data sharing.
That is the extent of the data sharing unless the user allows more.