iOS vs Android Privacy Showdown: Beyond the Surface

My thoughts:

Lockdown Mode

Lockdown Mode does increase the security of Apple devices, that is just factual, but barely anyone talks about granularity and control.

On Android, you can pretty much replicate and get the same security improvements that Lockdown Mode provides on Apple devices, but you also have granurality and control, you don’t have to pick between everything and a kitchen sink or nothing at all.

There are a lot of examples of the above, but I will give one that infuriates me the most:

I have JavaScript JIT disabled on both my phone and my desktop, it has been this way for quite some time, and I barely had any issues at all. The reason why one would want and, in my opinion, should disable JavaScript JIT is because it’s a security hazard.

If I wanted to disable JavaScript JIT on iOS, then I would have to enable Lockdown Mode, which either makes browsing the internet unusable or just ugly as hell, and you can’t just pick to disable JavaScript JIT and change nothing else because Apple has already decided everything for you.

TL;DR: Lockdown Mode isn’t something that I would recommend to my friends and family, and I think that barely anyone uses it apart from people who can tolerate and deal with all the consequences of having it enabled. The solution would be to have the option to have more granularity and control, but I doubt that Apple will ever provide this.

Also, GrapheneOS blows iOS with LM out of the water and is easy to install using their web installer, you can even install using another Android device, you don’t even need a PC.

Advanced Data Protection

Probably should’ve mentioned things like these:

https://discuss.privacyguides.net/t/apple-advances-user-security-with-powerful-new-data-protections/10778/4

https://discuss.privacyguides.net/t/what-do-you-think-of-icloud-photo-backup-with-advanced-data-protection/18991/17

Backups

Device-to-device backups work well while using Seedvault, at least on GrapheneOS. Not sure about other OSs.

So for lockdown mode, specifically in Safari, fingerprinting needs to be taken into account. The amount of settings they would need to provide to give you the granularity you’re asking for would create a huge issue for fingerprinting, whereas right now there are two groups: lockdown mode users and non lockdown mode users. You can whitelist sites you trust anyway and they’ll work just like they normally do. The main thing that causes visual breakage is blocking third party fonts and things like that but they’ve relaxed it a bit since the initial release.

As for as the advanced data protection metadata, here’s an excerpt from the cryptee privacy policy:

To provide you the Service, we have access to the following metadata: folder colors & archive statuses, number of documents/files/photos/videos in each folder or album, file byte-sizes & mime-types after encryption, generation/version identifiers for each document/file/photo/video (to prevent version conflicts between your devices), EXIF dates of photos (to help you sort / find photos based on when they’re taken), amount of storage space used, payment activation and deactivation dates, first payment date, all payment amounts, upcoming and past payment dates, subscription plan associated with your account, whether a discount was applied or not, payment time and the type of the payment method used.

So clearly these services need some unencrypted metadata to provide the service, Apple is not unique here they’re just very open and honest about what data is and isn’t encrypted.

Vanadium is and will be following a similar approach to iOS, where people using the same phone model will look pretty much the same.

The only difference is that not only is Vanadium giving users more granurality and control, but they also plan to expand on these things, with even more per-site exceptions, etc.

It’s possible to have the best of both worlds.

Every change you make results in you standing out from the crowd and generally provides more ways to track you.

They seem to agree with me.

I agree too, but you should still have the option to do so while being aware of the consequences.

If this is about iOS’ Lockdown mode, then it was built in response to nation-state like actors using 0-days (websites and media turned out be easy targets) from compromising devices of folks in high-risk professions, like Journalists, Activists, Celebs.

See also: Google TAG’s (Threat Analysis Group) 2024 report on “Commercial Surveillance Vendors” / mirror.

I’m aware. Not sure what your point is. Regular people will still get a security improvement against non-nation state malware.

My point was, for folks in high-risk professions, the choice between “more ways to track me” v. “0-days pwning my entire life” is a relatively easy one.

Well whatever the intention was, for normal people having everything bundled together in a toggle makes things better for fingerprinting while giving you the same protections. Also surely a person in that position being fingerprinted online would be a problem still.