This might be a dumb question, but I’m not knowledgeable enough to know the answer.
If you’re using privacy focused apps like ProtonMail, Simplex, etc., on iOS, is there a risk that the software can see the data in the app, i.e., iOS can capture email data or message data from Simplex? Is it one of those things that you can never know since iOS is closed off?
I hope I’m making sense.
What’s your threat model like? Do you consider yourself to be someone Apple would be specifically tracking?
Any operating system could just randomly turn malicious and start blasting all you data out, you have to trust it. iOS doesn’t send your private messages in apps or anything don’t worry. Of course Apple could just randomly decide to tank their whole company and start sending all your messages in simplex out, but I don’t see that happening.
Luckily security researchers analyze the traffic coming off iOS, no source code required. If they started doing that there would be a massive outcry about it.
Advertisers and Big Tech, i.e., I don’t want my phone sending what I’m doing back to the mothership, which is why I use GOS on my Pixel. I acknowledge that certain apps will still do that even in GOS, like banking apps, etc., but I just don’t like the idea of Apple capturing and storing literally everything I do on my phone, who I know, and talk to, etc.
I believe that it can’t read your messages since they are encrypted in the app, but it can monitor your push notifications Apple reveals 'push notification spying' by foreign governments. Of course, I don’t really think they do that to all 2 billion iOS users, just when asked. If your threat model is that high, use grapheneos
Same with any push notification service including on Graphene if you use one. Apps like simplex don’t send message content in the notification they just use it to wake up. Very app dependent though.
I think it depends on the app. Some apps only support google firebase, but others offer different options e.g. unified push. But yes, some apps hide notification contents e.g. tutamail, but I believe signal and protonmail don’t, so it’s rare even among privacy focused apps afaik