I've been an iPhone user since the first model, but over the past couple of years, I've become increasingly concerned about my digital footprint. I've been lurking on this forum, reading about others who've made the switch to more private alternatives, and I thought I'd share my own situation to get some feedback.

To be clear, I'm not trying to evade law enforcement or hide from the government. I just don't want to be tracked and have a massive digital dossier compiled about me. It's a matter of principle, really.

Currently, I use an iPhone without iCloud, and I've enabled lockdown mode. I back up my data locally or using Proton Drive, and I've opted for privacy-focused apps like Signal, Proton Mail, and Mullvad. I also use apps from my bank and credit card companies, as well as Google Voice for disposable communications. Most of my contacts use iPhones, so I use iMessage and FaceTime with them, although I do have a few contacts on Signal.

One thing that's been bothering me is the effectiveness of VPNs on iPhones. From what I understand, they've been partially compromised for a while now, which makes me wonder if I'm wasting my time using Mullvad.

If I were to switch to GrapheneOS, I'd likely use Google Play Services to get push notifications for email and Signal. However, I've heard that using Signal without Play Services can be a battery hog, so that's a consideration. I'd also need to find an alternative to Google Voice, since the app behaves differently on AOSP devices.

Overall, I'm fairly happy with my current setup, but I do have some lingering concerns. What data is Apple collecting about me, exactly? Are they snooping on my Proton Mail and Signal communications? Are they storing my iMessages despite my iCloud being disabled? Do they still work with PRISM (or whatever the new version is) and siphon off all my data for government storage? These are the kinds of questions that keep me up at night.

I'm not sure if I'm being paranoid or if these are legitimate concerns. I'd love to hear from others who've navigated similar situations. Is it worth switching to a new system just to gain a bit more privacy? I'm not sure, but I'm open to feedback.

    Yes, just do it! You will not look back in my opinion.

      beaverman20 I've heard that using Signal without Play Services can be a battery hog,

      I use the Molly-FOSS client for Signal, which uses a web socket for notifications. It has worked well for me, and uses surprisingly little battery in the background.

      beaverman20 I'd also need to find an alternative to Google Voice, since the app behaves differently on AOSP devices

      How so?

        Probably9857

        Interesting, that is good to hear about Molly-FOSS. I read a recent post about some people saying it is taking between 20-70% of their battery life: https://discuss.grapheneos.org/d/8976-signal-vs-molly-vs-molly-foss/86

        My understand is that signing into a google app, like google voice, on AOSP is like signing in at a system level (sorry if that is not correct terminology). But essentially, that sign on information would be shared system wide amongst google apps such as google play services. Perhaps I am wrong in this understanding though.

        I can't reliably answer your questions but they're not stupid, it's very reasonable concerns beginners have. I was also an iPhone user before switching to GOS, I can't say I miss Apple that much lol. You'll be surprised if you're dependent on the Apple ecosystems, but you don't sound it, so the transition should be fine.

        beaverman20 What data is Apple collecting about me, exactly? Are they snooping on my Proton Mail and Signal communications? Are they storing my iMessages despite my iCloud being disabled? Do they still work with PRISM (or whatever the new version is) and siphon off all my data for government storage? These are the kinds of questions that keep me up at night.

        1. We don't know. Might be nothing, might be everything.
        2. Possibly. When you are compromised at the OS level, nothing you do can really be effective. All communication is decrypted on device, so if there was, say a system component making screenshots all the time and analyzing them with OCR (cough Recall cough), it would be almost untraceable and would reveal all your activities. iOS is closed source code, so we don't know. Since jailbreaking iOS also has dried out in recent years, it's getting even harder to analyze the system.
        3. Possibly, but unlikely.
        4. Most likely. There was no reason for PRISM to end, so I expect it to be up and running. Don't forget that PRISM focused way more on the provider side of things (siphoning off data server side) while nowadays it's more likely to focus on client side due to end-to-end-encryption, DoH/DoT and similar problems.

        Just switching to Graphene won't solve all of your problems though. You need to change your mindset about running invasive apps if you want to significantly decrease data collection. I myself run FOSS apps only in my main profile and actively monitor connections with RethinkDNS to make sure nothing shady is going on (all seems good so far). I have Play Services running in my work profile (through Shelter) without a Google account. But - Google probably knows that the phone belongs to me. They just don't get much data out of it. If you need any advice on specific apps and alternatives, you're free to ask.

          fria

          Thanks for sharing that link. This is the one that made me switch to Graphene:

          Usage Data. Data about your activity on and use of our offerings, such as app launches within our services, including browsing history; search history; product interaction; crash data, performance and other diagnostic data; and other usage data

          That sounds like they can essentially collect all your browser history even if you use a browser other than Safari as I understand all browsers use Safari under the hood?

          Also, wtf is a device trust score:
          Fraud Prevention Information. Data used to help identify and prevent fraud, including a device trust score

          fria confused settings? Which one do I need to tweak then? Apple clearly didn't provide any answers here. And the court seems to be of similar opinion since they permitted 6 of the claims to proceed. I really hope the courts rule in favor of the plaintiffs.

          Btw: are you sure you're in the right forum? I've seen you shill for Apple in every second post. Just wanted to make sure.

          • fria replied to this.

            splattergames Am I not allowed to be here lol? I like GrapheneOS it’s my favorite open source project currently. They’re pushing security and privacy forward in the mobile space more than anyone else. I only respond in discussions that are already talking about iOS, I’m not trying to overstep or anything.

              Whatnoww

              I wish we could get more insight on what some of these somewhat vague statements in their privacy statement mean though.

              Usage Data. Data about your activity on and use of our offerings, such as app launches within our services, including browsing history; search history; product interaction; crash data, performance and other diagnostic data; and other usage data

              What does this mean exactly? Do they collect, for example, my browsing history and store it indefinitely? Is this anonomyzed data or attributable to the user? Perhaps it is clear to some, but I don't fully understand.

              • fria replied to this.

                beaverman20 hide from the government.

                sad that in 2024 this is now considered a bad thing, 1984 has totally come true

                fria

                Oh ok, so if you don't use iCloud (I don't) then they don't collect any browsing data? I definitely missed that!

                beaverman20

                Your principle approach sounds similar to mine, Privacy is a right. But I've decided to relax my threat model and go back to iOS for the convenience and UX. All the while minimising use to reduce digital footprint. Anything sensitive or critical I can leverage the Graphene Pixel and TAILS for.
                I think 'hardening' iOS to reduce telemetry, and using PWA is good enough.

                Using Graphene for me muddled the lines when trying to acheive 'perfection'(spoiler, its not possible). Telemetry will still be gathered if you are trying to live any semblance of a 'normal' life in the 21st century, forgoing advancements for privacy is a scale, and at the moment i need these luxuries and think I can mitigate some privacy loss.

                fria
                I like that you offer both perspectives. I just spent a few weeks tinkering with GrapheneOS, with similar questions as OP and appreciate your insight.
                I came across your posts and can't help wonder what your 'setup' is. Are you following the same two device approach as myelf?

                  throwaway22884 I like that you offer both perspectives. I just spent a few weeks tinkering with GrapheneOS, with similar questions as OP and appreciate your insight.
                  I came across your posts and can't help wonder what your 'setup' is. Are you following the same two device approach as myelf?

                  Thanks. I’m only running iOS at the moment but watching the GrapheneOS project progress from a distance. Maybe that’ll change one day but I’d prefer if Apple implemented all the Graphene features so I can continue using iOS just with better security.

                    fria

                    Sweet sweet, are you following any 'hardening' checklists ? I know theres profiles which can be installed but hesistant.

                    Also i dont think this is derailing the post topic, I guess is giving another perspective to OP.

                    • fria replied to this.