Work phone: iOS vs Pixel (cant go with GrapheneOS unfortunately)

Hi, after years of using BYO device with GrapheneOS, this year my company obliges us to install Intune, which - after reading several GOS forum posts - cant work as intended.

As much as I hate lugging around a 2nd phone, I do have the need to have a work mobile phone.

So I am taking out a new subscription, but the question here is whether I should get an iOS or stock android via Pixel.

My threat model is quite simple: data minimization from big tech.

I use different macbooks for work and personal but for personal, I dont use much of their apps. Mostly I install apps recommended by PG. I’ve never used an iPhone before but I used an iPad a couple years back. So usage wise, I am quite flexible.

The only thing I’m not sure about, for security and privacy, which one would you go for?

I read several posts here and I get that Apple isnt as private as advertised and security wise, they’re both quite similar. My gut says to go with Apple due to my probably-incorrect perception of Apple’s business model compared to Google.

TLDR: work obliges to install intune after years of using BYOD with GrapheneOS. I need to take a 2nd phone so between iOS and stock Pixel android, which one should i go with?

Just pick the one that you like more. Both options aren’t great.

I would personally go with a Pixel because I can’t justify using Apple’s hardware or software for mainly ethical and moral reasons.

Regarding Apple’s privacy:

I tend to agree with @Lukas on this one. Whichever type of phone your most comfortable with. Best thing you can do, for your threat model, is just turn off your work phone when you are not using it.

I would go with the iPhone personally. I think that Google is a far worse evil than Apple is in terms of privacy, and despite what some people here act like, I honestly wouldn’t consider them on the same level at all. I disagree with a lot of Apple’s actions on other things, and sure, some of their privacy is marketing, they’re far from perfect, but I do genuinely feel like they’re a better option even with that considered.

It’s up to you though, I won’t tell you who you should or shouldn’t trust, you should just look through an objective lens and make up your own mind with who you would trust more with your data, as well as what best meets your needs. You’re definitely going to get a wide range of answers on this one.

Pros of the iPhone:

• Apple is mainly a hardware company, while Google is mainly an advertising company; therefore I’ll say (without proof) that Apple is less interested in using your data for personalised ads and other abusive practices
• iOS has optional privacy and security features like Advanced Data Protection and Lockdown Mode that Google/Android doesn’t have

Pros of the Pixel:

• You’ll be able to download apps without a Google account (through F-Droid or Aurora Store) while this is not possible with an iPhone

By the way - there’s no way to make an Apple ID without giving them a phone number, right? If so, that strengthens the last point even more.

Might depend on how much more or less privacy invasive using intune is on the iPhone vs Android.

If I could only choose either Stock Android or Stock iOS, I would choose iOS hands down.

If I am going to be forced to use a non-FOSS operating system from a big tech company that I do not trust, and do not like, I can at least choose the one from the company that doesn’t have a business model centered completely on tracking, advertising, and data harvesting. And–while far from perfect–does offer some meaningful built in privacy controls and features, and does more locally/on-device.

Apple due to my probably-incorrect perception of Apple’s business model compared to Google.

I don’t think it is an incorrect perception. Apple using privacy primarily for marketing purposes, and Apple having introduced some really nice to have privacy and security features (and making them easy enough for average users) are not mutually exclusive. I fully believe Apple’s primary motivation for their privacy push in recent years is primarily for marketing and to leverage a comparative advantage they have with respect to Google.

I don’t necessarily trust that Apple will care about privacy in 5 years, 10 years, 20 years. But I do trust, that it serves their own interests to care about privacy today (or be seen to care about privacy). And if that results in real meaningful improvements and privacy features, I’ll take it.

I’ll have a look at which of Apple and Pixel devices fit the company budget and, which one continues to support software update; and start from there.

I am not worried too much about my personal data usage and like @Parish2555 said, the phone will be off outside of working hours anyway. The only time it will be with me is when I commute 1-2x a week.

Re: google/apple account, I am fortunate enough to just use a department work email (not my “individual” work email) and tie it to the office phone number instead of my work number - although at this point, I am not so sure if that does anything to “lessen the damage”.

Thanks everyone for your perspective on this.

I would choose pixel/android over ios in this situation. The whole business model concept in my opinion just doesn’t apply because the privacy elements that they advertise is nice but really more marketing than substance. For example, it’s known that most of the big social media companies are not actually adhering to the “do not track” user rule by Apple in reality but simply saying that they do. The VPN issue still hasn’t been addressed. And it is one of the few platforms in which the TunnelVision vulnerability cannot be mitigated.

However, based on your threat model, the truth is either would be OK. But if I were to choose iOS I would personally turn off everything iCloud related, find my, etc.

Thanks. Do we know roughly how much data points are collected by Google? Thanks to the video shared by @Lukas I get a sense of how much data is collected by Apple but how about Google?

For years, the big tech has realized the best way to make money is when people use their services, not when they buy their devices. Microsoft, Google, Amazon went all-in on this strategy.

This business model means customer data is monetizable, which means the more personal information they collect, the more valuable their service becomes to their real clients - the advertisers.

Some took this strategy to its extreme and sold their devices at break even. The idea is to make money when people use the devices, not when they buy the devices.

Companies can still charge premium prices for hardware and software, but eventually they will turn on the data pumps and begin cashing on. Licences for Microsoft Windows have always been sold for hundreds of dollars. But with each new iteration of the operating system, Microsoft turned up the data collection and introduced more ads into the desktop.

It doesn’t matter if the company primarily sells hardware or software, their privacy policies will keep getting longer and broader to reflect their increasing appetite for your personal information.

Apple’s primary source of revenue has been selling hardware. But that market is dwindling as smartphone sales are on the decline.

But luckily for Apple, the corporation has a services division. And every year, its significance at the company is growing.

There is a gradual but visible trend of the declining strength of hardware and accessories and the growing share of revenue from Apple’s services.

The services include subscription models but they also include a newly emerging and strategically inevitable advertising division.

In 2022, Apple generated 4.7 billion U.S. dollars with its global advertising business. But they are seeking to triple that number into double digits as soon as possible. And by 2025, Apple is projected to generate $20bn annually from ads on their network.

Apple has its own advertising network called Apple Search Ads. Not many people are aware of this but investors and developers are paying close attention. Because Apple Search Ads is on the path to dominance.

Google owns by far the largest search engine and the largest video platform, and both giants are mainly powered by ads. Because of that, they make a lot of revenue from ads, and some people think that this is proof that Apple is better for your privacy than Google.

As I said in my first post, both are bad options, pick the one you prefer more in terms of UI, UX, hardware, price, etc.

You have so much control over Android that it is impossible to calculate how many data points Google could collect from your usage. You could even use the phone without a Google account, and it wouldn’t become a useless brick like the iPhone does without Apple ID.

The biggest advantage of a Pixel is that, at some point, Intune will start working on GrapheneOS, and then you could just flash it on your Pixel.

Looking forward to that day, but as long as Intune doesn’t change their attestation model, I don’t think that will ever work.

If I were buying a second phone I’d get the one different from my personal device just to have some experience with something new.

This thread discuss the issue, some have managed to make it work.

+1, buy a cheap phone and only use it for work.

Yeah I’ve read that thread. It doesnt work as intended by Intune.

You can create the work profile via Shelter and access the work apps, and your device is shown as registered in the company database, but the company doesnt have managed access of your device to remote control the work profile in case your device is stolen and they need to do a remote wipe.

Unfortunately, my company is one of those who thinks that remote wiping is the only way to secure company data from being stolen/leaked when your device is lost.

Depends on whose paying for the phone. If the company is paying, get Apple

If you are paying for it, get the newest Pixel because you can install Graphene later

Since Graphene sandboxes GAPPS, why cant you install InTune on Graphene under work profile?

Seems like it’d be easier to just stop using GrapheneOS if it’s broken, and have one phone…

But if the second phone is only for work, I’d probably just go with whatever most people at your company use. Not sure why the security/privacy matters at all if it’s not your data, that’s their problem to deal with

I do love GOS though. The control they give you over permissions is one of the things that make you feel assured of the privacy you have - on top of many other things.

Thanks for the perspective. The reason why I had the question in the first place was because I do carry the work phone with me when commuting - granted only 2x a week at most. Not sure if that warrants the discussion, but figured I tried

Curious why it matters who’s paying?

No idea about the technicalities but my guess is either you need privileged gms for it to work or it only works with certified Google OS or Graphene won’t allow GMS to be installed automatically by default when creating a work profile, and Intune requires this for it to work “fully”.

Note the key is to work fully because the workaround as explained above only allowed you to install apps but won’t allow my company to have managed access to my work profile.