IOS to GOS. Did I gain (enough) privacy or just inconveniences?

Franckienogotobollywood

JimmyT Apple's business model is not advertising.

GrapheneOS

Franckienogotobollywood Apple does make money from selling ads including targeted ads. They also do earn lots of money from services, not just selling hardware. Google has a much higher proportion of revenue from selling ads and a much lower proportion from selling hardware, but both Apple and Google are doing both of those things.

Franckienogotobollywood

Rambler Are SEP and MIE a myth?

GrapheneOS

Franckienogotobollywood Apple SEP is likely currently better than the Qualcomm SPU but not the Titan M2. MIE is synchronous mode heap memory tagging for the kernel and many core iOS processes but it's not used for everything and almost no third party apps will be protected by it. It doesn't include stack allocation tagging but does include the new FEAT_MTE4 for protecting untagged memory from invalid accesses via tagged pointers which will come to other devices.

GrapheneOS has been using heap MTE in production since October 2023, we deployed it for the kernel in 2024 and will eventually be deploying stack allocation MTE which we've been testing in userspace for a while. Our userspace implementation is already very good and we plan to improve the lackluster Linux kernel implementation. We use synchronous MTE in the kernel and asymmetric in userspace which means synchronous for reads and for writes it's asynchronous until a system call which acts as a synchronization point. In the kernel, synchronous is important, but in userspace asymmetric is fine at least with the way Android limits processes including not allowing io_uring outside a couple tiny core system services.

Apple is deploying solid integration of heap MTE for the core OS. It's still only 4-bit tags which is not a lot of randomness and can be bypassed by brute force or other methods. Their marketing is very confident about not having side channels, but that's not necessarily the case. It remains to be seen how well it works in practice. For now, it has been heavily marketed as being a breakthrough far better than everyone else when it really isn't the case. They do not acknowledge the extent of prior work and deployments. They do not acknowledge the advances made elsewhere and in the process of being made elsewhere. It's a significant improvement for iOS security, but it will not stop memory corruption exploits. It's not memory safety and nowhere close to it.

Franckienogotobollywood

GrapheneOS In Europe Apple does not sell targeted advertising and this is not their business model in the world, to remember the advertising in News and other applications that we do not have at home is about 4 billion dollars. And 4 billion at Apple is not a big part.

JimmyT

GrapheneOS Try Samsung! Just adds another layer of adverts and tracking to the Google laden Android OS!

GrapheneOS

Franckienogotobollywood That's not true. Apple still does targeted advertising in the EU and is facing consequences for limiting usage by other developers while still doing it for their own advertising services. They've had substantial fines for antitrust violations tied to this.

n3t_admin

Franckienogotobollywood In Europe Apple does not sell targeted advertising

What are you even talking about? Read this: https://www.apple.com/legal/privacy/data/de/apple-advertising/ (translate it if necessary), then tell me again what about this is NOT targeted advertising.

Franckienogotobollywood

n3t_admin

The Apple advertising platform does not follow you, i.e. user or device data collected through our applications is not linked to user or third-party device data for targeted advertising purposes or for other advertising purposes. In addition, user or device data is not transmitted to intermediaries.

What I read with the translation is that user data is not collected, it would have to be pinned...

DeletedUser433

pxlkng https://grapheneos.org/#about

GrapheneOS is a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project. It's focused on the research and development of privacy and security technology including substantial improvements to sandboxing, exploit mitigations and the permission model.

GrapheneOS improves the privacy and security of the OS from the bottom up. It deploys technologies to mitigate whole classes of vulnerabilities and make exploiting the most common sources of vulnerabilities substantially more difficult. It improves the security of both the OS and the apps running on it. The app sandbox and other security boundaries are fortified. GrapheneOS tries to avoid impacting the user experience with the privacy and security features. Ideally, the features can be designed so that they're always enabled with no impact on the user experience and no additional complexity like configuration options. It's not always feasible, and GrapheneOS does add various toggles for features like the Network permission, Sensors permission, restrictions when the device is locked (USB-C / pogo pins, camera, quick tiles), etc. along with more complex user-facing privacy and security features with their own UX.

The features page provides an overview of the substantial privacy and security improvements added by GrapheneOS to the Android Open Source Project (AOSP). Many of our past features were contributed to AOSP, Linux and other projects to improve privacy and security for billions of users so they're no longer listed on our features page.

GrapheneOS also develops various apps and services with a focus on privacy and security. Vanadium is a hardened variant of the Chromium browser and WebView specifically built for GrapheneOS. GrapheneOS also includes our minimal security-focused PDF Viewer, our hardware-based Auditor app / attestation service providing local and remote verification of devices, our modern privacy / security focused camera app, and the externally developed Seedvault encrypted backup which was initially developed for inclusion in GrapheneOS.

It seems to value both privacy and security equally. In fact, it seems to emphasise security slightly more than privacy. Also, I was wondering what the point of saying "The main focus of GrapheneOS is on privacy. Privacy depends on security, so this automatically requires good security as well." was because it doesn't help the OP at all and seems to be arguing for the sake of it

pxlkng

DeletedUser433

GrapheneOS has officially stated that the main focus is on privacy. Security is a byproduct, required to have this high level of privacy.
Quoting from a Discord message made by the project account (discord source link):

GrapheneOS os [sic] a privacy project and protecting privacy well requires both major privacy and security improvements

as well as

the security work is to protect privacy

Saying that the focus of GrapheneOS is "more on security" implies that it is less on privacy. This is not true, and misleading information.

DeletedUser433

pxlkng Sorry, I can't access that link but I'll trust your word. I didn't see the entire quote

The focus of GOS is more security (of course that bleeds over to privacy in some ways).

which implied that privacy was a side-effect which obviously isn't true

n3t_admin

Franckienogotobollywood then read the legally binding document - https://www.apple.com/legal/privacy/data/en/app-store/

they collect quite a lot. Even every tap you make in the App Store :)

DeletedUser495

To me the thought process that I have to avoid Google by using it (because it is most secure way of obtaining apps) as mentioned in a few posts further above is utterly ridiculous.