IOS to GOS. Did I gain (enough) privacy or just inconveniences?

JimmyT

Don't forget that Apple (like Microsoft, Samsung and Google) are advertising model companies. No matter how much you pay for the hardware, they will find ways to laden it with advertising. Advertising equals tracking whether it's by Bluetooth beacons, WiFi, location, IP, fingerprinting, etc. If you use a VPN but still sign into Google, you are still tracked! Far easier to protect your privacy on Android, but I don't feel that GOS is best for that. The focus of GOS is more security (of course that bleeds over to privacy in some ways). Want to protect your privacy the most, go completely without Google Play Services, signing into anything corporate and use a very good adblocker (I use ublock in my browsers and AdGuard for system wide (or my paid NextDNS). Am I still trackable, sure am! It's just a lot harder!

pxlkng

JimmyT The focus of GOS is more security

This is not true. The main focus of GrapheneOS is on privacy. Privacy depends on security, so this automatically requires good security as well.

pxlkng

JimmyT Want to protect your privacy the most, go completely without Google Play Services

Play Services isn't the sole deciding factor in avoiding the Google (Play) ecosystem.
If you want to do that, you cannot use any app at all that even includes Google libraries. This includes many if not most apps that come from the Play Store. How you obtain them doesn't matter here, even if you install an app that has Google libraries from a 3rd party apk website (which is severely dangerous and absolutely not recommended) and don't have Play Services installed you still have Google services running, giving Google about the same access as if you would have installed Play Services.

On GrapheneOS, Play Services doesn't have any elevated privileges or access and is fully confined to the regular app sandbox just like any other app you install, making the privacy impact severely limited in comparison to Stock OS.

As a side note, you don't need to install Play Services into its own secondary profile or private space to have good privacy. Given the previously mentioned confinement of Play Services you can just install it into your daily drive profile/Owner without any tangible difference in privacy (given the same persona) for most use cases.
Profiles also don't aid the app sandbox and don't add any security to it. The app sandbox is the same everywhere and installing an app in a private space, inside of a secondary profile, isn't any more secure (in regards to the app sandbox and the possibilities of the app exploiting your device) than installing the same app in Owner.

You can read more about sandboxed Play Services here:
https://grapheneos.org/features#sandboxed-google-play
https://grapheneos.org/usage#sandboxed-google-play

Franckienogotobollywood

JimmyT Apple's business model is not advertising.

Rambler

To use your iOS you have to logon to their eco system. Therein lies the first problem. You are monitored by HQ from the outset. Secondly, your privacy will be compromised by Apple's policy to run client side scanning on your device. Security and privacy on the Apple platform is a myth.

Franckienogotobollywood

Rambler Are SEP and MIE a myth?

DeletedUser433

pxlkng https://grapheneos.org/#about

GrapheneOS is a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project. It's focused on the research and development of privacy and security technology including substantial improvements to sandboxing, exploit mitigations and the permission model.

GrapheneOS improves the privacy and security of the OS from the bottom up. It deploys technologies to mitigate whole classes of vulnerabilities and make exploiting the most common sources of vulnerabilities substantially more difficult. It improves the security of both the OS and the apps running on it. The app sandbox and other security boundaries are fortified. GrapheneOS tries to avoid impacting the user experience with the privacy and security features. Ideally, the features can be designed so that they're always enabled with no impact on the user experience and no additional complexity like configuration options. It's not always feasible, and GrapheneOS does add various toggles for features like the Network permission, Sensors permission, restrictions when the device is locked (USB-C / pogo pins, camera, quick tiles), etc. along with more complex user-facing privacy and security features with their own UX.

The features page provides an overview of the substantial privacy and security improvements added by GrapheneOS to the Android Open Source Project (AOSP). Many of our past features were contributed to AOSP, Linux and other projects to improve privacy and security for billions of users so they're no longer listed on our features page.

GrapheneOS also develops various apps and services with a focus on privacy and security. Vanadium is a hardened variant of the Chromium browser and WebView specifically built for GrapheneOS. GrapheneOS also includes our minimal security-focused PDF Viewer, our hardware-based Auditor app / attestation service providing local and remote verification of devices, our modern privacy / security focused camera app, and the externally developed Seedvault encrypted backup which was initially developed for inclusion in GrapheneOS.

It seems to value both privacy and security equally. In fact, it seems to emphasise security slightly more than privacy. Also, I was wondering what the point of saying "The main focus of GrapheneOS is on privacy. Privacy depends on security, so this automatically requires good security as well." was because it doesn't help the OP at all and seems to be arguing for the sake of it

Rambler

pxlkng What he said.. ☝️👍

gos_user591

pxlkng
Thank you for your reply. If I were to install, login and use GPS (with an "anonymized google account; fake information etc, always on vpn for GPS), will it be better/worse in terms of privacy compared to if I were to install the same apps on iOS? Or the same? Should I be concerned about IPC and (correct me if I am wrong) GPS having a less stricter privacy policy for apps compared to app store on iOS?

pxlkng

gos_user591

You should have better privacy on GrapheneOS, already solely due to having better security.
On iOS, Apple can also be expected to have system-level access just like Google has (through Play Services) on Stock OS, so I would equate them in this regard as well.

IPC is mostly a non-issue for most contexts and setups. It requires mutual consent from both apps and even if two apps agree to communicate, it does not enable arbitrary access to the other apps private data. Its pretty much like having a conversation with another person, every bit of information has to be shared voluntarily and the conversation can be denied or aborted by any of the two involved parties at any time.

IPC is also not specific to Play Services. It is a default part of the app sandbox and can be performed by any app without any privileges or user involvement. It is actually very important and required for things to work like they do.

With all that in mind:

Apps that agree to talk to Play Services can be expected to always be those that already bundle Google libraries, making no tangible difference. But even this does not mean that any important or valuable data is accessible to Google. Google libraries in apps don't automatically can access "the whole app".
For example: Signal includes Google libraries in its default flavor, for Maps integration and FCM (push notifications). No message content or sensitive data is accessible to Google, even though Signal uses Google libraries which communicate with Play Services.

The other way around - apps that don't bundle Google libraries, like many FOSS apps for example, simply have no reason to talk to Play Services and are almost guaranteed to not do so.

GrapheneOS

Franckienogotobollywood Apple does make money from selling ads including targeted ads. They also do earn lots of money from services, not just selling hardware. Google has a much higher proportion of revenue from selling ads and a much lower proportion from selling hardware, but both Apple and Google are doing both of those things.

GrapheneOS

Franckienogotobollywood Apple SEP is likely currently better than the Qualcomm SPU but not the Titan M2. MIE is synchronous mode heap memory tagging for the kernel and many core iOS processes but it's not used for everything and almost no third party apps will be protected by it. It doesn't include stack allocation tagging but does include the new FEAT_MTE4 for protecting untagged memory from invalid accesses via tagged pointers which will come to other devices.

GrapheneOS has been using heap MTE in production since October 2023, we deployed it for the kernel in 2024 and will eventually be deploying stack allocation MTE which we've been testing in userspace for a while. Our userspace implementation is already very good and we plan to improve the lackluster Linux kernel implementation. We use synchronous MTE in the kernel and asymmetric in userspace which means synchronous for reads and for writes it's asynchronous until a system call which acts as a synchronization point. In the kernel, synchronous is important, but in userspace asymmetric is fine at least with the way Android limits processes including not allowing io_uring outside a couple tiny core system services.

Apple is deploying solid integration of heap MTE for the core OS. It's still only 4-bit tags which is not a lot of randomness and can be bypassed by brute force or other methods. Their marketing is very confident about not having side channels, but that's not necessarily the case. It remains to be seen how well it works in practice. For now, it has been heavily marketed as being a breakthrough far better than everyone else when it really isn't the case. They do not acknowledge the extent of prior work and deployments. They do not acknowledge the advances made elsewhere and in the process of being made elsewhere. It's a significant improvement for iOS security, but it will not stop memory corruption exploits. It's not memory safety and nowhere close to it.

Franckienogotobollywood

GrapheneOS In Europe Apple does not sell targeted advertising and this is not their business model in the world, to remember the advertising in News and other applications that we do not have at home is about 4 billion dollars. And 4 billion at Apple is not a big part.

JimmyT

GrapheneOS Try Samsung! Just adds another layer of adverts and tracking to the Google laden Android OS!

GrapheneOS

Franckienogotobollywood That's not true. Apple still does targeted advertising in the EU and is facing consequences for limiting usage by other developers while still doing it for their own advertising services. They've had substantial fines for antitrust violations tied to this.

n3t_admin

Franckienogotobollywood In Europe Apple does not sell targeted advertising

What are you even talking about? Read this: https://www.apple.com/legal/privacy/data/de/apple-advertising/ (translate it if necessary), then tell me again what about this is NOT targeted advertising.

Franckienogotobollywood

n3t_admin

The Apple advertising platform does not follow you, i.e. user or device data collected through our applications is not linked to user or third-party device data for targeted advertising purposes or for other advertising purposes. In addition, user or device data is not transmitted to intermediaries.

What I read with the translation is that user data is not collected, it would have to be pinned...

pxlkng

DeletedUser433

GrapheneOS has officially stated that the main focus is on privacy. Security is a byproduct, required to have this high level of privacy.
Quoting from a Discord message made by the project account (discord source link):

GrapheneOS os [sic] a privacy project and protecting privacy well requires both major privacy and security improvements

as well as

the security work is to protect privacy

Saying that the focus of GrapheneOS is "more on security" implies that it is less on privacy. This is not true, and misleading information.

DeletedUser433

pxlkng Sorry, I can't access that link but I'll trust your word. I didn't see the entire quote

The focus of GOS is more security (of course that bleeds over to privacy in some ways).

which implied that privacy was a side-effect which obviously isn't true

n3t_admin

Franckienogotobollywood then read the legally binding document - https://www.apple.com/legal/privacy/data/en/app-store/

they collect quite a lot. Even every tap you make in the App Store :)