iPhone or debloated Android against the police

Hello,

Which phone would be better if the main concern is the police. Police in my country (not US) is very criminal. They make fake court requests just so they can spy on people.

My reasonings are:

• a debloated stock android (Motorola or Samsung) with foss and no google apps/account has almost 0 data going to servers (i tested it) so no data can be given to police, because there is no data on the servers BUT the phone is not as secure as an iphone so it can probably be easily compromised remotely with or without the assistance of Motorola/Samsung etc.

• iPhones are more secure but they can respond to subpoenas and provide what data exactly? There has been so many news about warrantles spying - apple gave notifications to police, csam reports you to police, obviously your location is up for grabs etc.

What do you think is better in this threat model (police overreach)? Please do not tell me about Graphene or any other degoogled ROMS, they are not an option in my case.

Need more info. Are you talking about the police asking them for data or are you getting you phone seized and having it subjected to cellebrite? I wouldn’t trust iPhones or most androids against cellebrite but GrapheneOS consistently does well against it. iOS offers advanced data protection which will protect your files from police seizure, however there’s other data of course like your account data. Again likely GrapheneOS is the best choice in either scenario.

The CSAM scanning was never implemented btw. I’d say go with an iPhone if GOS isn’t an option and turn on ADP and possibly lockdown mode if you think you’re going to be subjected to state backed malware or cellebrite. Turn your phone off when you’re not using it, also location services are optional and you have very granular control over them on iOS.

I am more concerned about remote attacks (mainly from police not spy agencies). I have minimum amount of data on the phone so physical access is not my concern. I am more worried about my daily usage/behaviour/camera/mic being monitored by the police. I am not sure what capabilities regural police has in comparison to other agencies but as i said my threat model is corrupt criminal police.
Debloated android send no data to servers so the only attack left would be to attack my phone remotely. iPhones are more secure in this regard but they do have a lot of data on the server side to give to the police… so i am not sure.

What is OP being specifically paranoid over? Why is iPhone better rather than say GrapheneOS? Is there a better threat model OP should consider for their choice?

I will quote the OP:

Please do not tell me about Graphene or any other degoogled ROMS, they are not an option in my case.

If you could only access Samsung or Moto, then definitely iphone, with all necessary hardening.

Makes sense. If the choice is stock Android verse iPhone, iPhone is likely the better way to go.

I have chopped some info from a guide i’ll be posting soon regarding defenses against Cellebrite/Graykey.

Use latest iPhone model or 1 below. Advanced data protection enabled. Delete the screenshot of recovery key after setup. Uncheck access icloud data on the web. Don’t use icloud keychain or passkeys or passwords app. Only use third party password manager (ProtonPass, 1pass, etc.) Toggle usb accessories. Use long alphanumeric password. Disable control center access from lockscreen. Don’t display content in push notifications. Frequently clear in app caches if the setting is available. Follow up with an app delete after clearing the cache. Make sure icloud isn’t backing up the app data for that specific app as well. You may have to check that each time you reinstall it. Enable screen time and disable installation of apps (enable when needed). If in eu you have a special option to block third party app marketplaces. Turn off significant locations (important).

If you know you won’t be near your phone for a period of time put it in bfu. A iphone in afu is a dead iphone in most cases. You can quickly do this by hitting power button 5 times or using a Killswitch - Shortcut [put it on your home screen]. Enabling stolen device protection is a must as it interferes with modern forensic tools even if they have obtained your password. On ios 18.2 beta you can lock apps with face id. Lock all social media and financial apps. Destroy your apple watch if you have one. The watch itself is a liability. Especially the ultra 2.

If using a 6-8 digit pin on your mobile device do not use your atm pin, gatecode, in-app pins (most important), zip code, birthday, mobile account pin, house alarm pin, parental controls pin, roku pin, roblox pin, firetv pin, windows pin, xbox pin, netflix pin, bank pin, voicemail pin. In-app pins can show up in bfu extraction of iphone, meaning they don’t even need to BF your password.

use imessage WITH icloud backups (so that only the most recent messages are stored locally and the cloud ones are protected by advanced data protection), set icloud messages to auto delete after 30 days, orrrrrrr

signal with temp number + disappearing chat, telegram with no username/disappearing chat, privnote.com (exchanging private info over non secure apps) (beware of fake domains). delete your google account, switchover to Proton suite.

never have more than one apple device powered on at once. Never unlock device in a area where you can’t see the majority of your surroundings. Matter of fact only use face id and if your full password is required wait until you are in a secluded area. Assume you are being watched at all times. Power off devices when not in use. Delete unused accounts. Never speak to law enforcement without a lawyer. Monitor forensic groups and news to stay hooked on capabilities of law enforcement. Research court cases involving modern forensic tools.

Advanced data protection makes subpoenas and search warrants to apple nearly useless. Unless there is something valuable in your contacts app, mail app, or generic account/device info.

This is a huge list of recommendations with barely any reasoning behind them.

as a recent graykey victim myself, and stalker of forensics chats, everything i posted has good reasoning. it’s a very long unfinished guide so I chopped the most important parts. more organized post soon.