@Weaver: I'm typing this on a Mac, so I'm not an "Apple hater" or anything like that, but they're not that good. Yes, they're better in some areas, but contrary to their advertisements, in others they're as good as (or worse, depending on the point of view) other companies. I'll give a few examples below, but tl;dr don't fall for their PR campains.
Location:On iOS, when you enable your location, the device uses things like satellite signals, wifi networks, bluetooth beacons, cell network, etc, to guess your location. The device takes this information, sends it to Apple, and they'll return a more or less accurate location in a few seconds because they know that a combination of wifi networks with certain mac addresses are always seen in a certain area.
This is very useful because GPS signals are weak, don't work well indoors, cities with tall buildings, when the weather is bad, etc. Want a Uber, turn by turn navigation, etc? This is the way to go. But it also means that you're essentially telling Apple where you are.
On Android - like iOS - you have an option that does the same (with the difference of using Google instead of Apple), but there's a 3rd option that uses GPS only. This 3rd option takes longer to get a fix (like a plain GPS) and doesn't work well when you have tall buildings around you, but it isn't scanning your surroundings and then sending it to Google.
Essentially navigation on Android can be more private than it is on iOS.
Messages:Most users think iMessages is end-to-end encrypted and very private, but that's not always the case. As mentioned on their
support page:
Messages in iCloud
For Messages in iCloud, if you have iCloud Backup turned on, your backup includes a copy of the key protecting your messages. This ensures you can recover your messages if you lose access to your Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn't stored by Apple.
Essentially you don't know if your conversation is private or not because you don't know if the other user uses iCloud backups or not. If they do, Apple has the key and can read everything, making iMessages as private as Facebook Messenger, Snapchat, Tiktok, Skype, etc.
Not very private...
iCloud related functionality:While iCloud seems to be better than other services, their
encryption page shows that it's not as private as one might expect.
Photos/videos, notes, bookmarks, voice memos, browser bookmarks, device backups, etc, are all plain text for Apple. Yes, they encrypt their disks and yes, they don't transfer the data openly, but that's what Google, Facebook, Microsoft, Dropbox, Amazon Photos, etc, do too. They're the ones with the key...
Things like Private Relay are nice, but it's just a VPN that is used for a limited number of things (one of exit points is even operated by Cloudflare, which offers their "1.1.1.1 WARP" VPN based on Wireguard).
Safari:Safari is full of privacy features... some are real, others are just there to make people that don't know what they're doing believe that they're very well protected (I'm thinking of the recent "tracker badge/counter" they added).
Apple decided to cripple extensions on Safari a while ago, so you can't use something as capable as uBlock Origin to block trackers, ads, etc. Depending on the type of user you are, something like Firefox is way better.
On iOS everyone is forced to use what's essentially Safari under the hood. Chrome, Firefox, etc, none of them can use their own rendering or javascript engine, limiting not only functionality, but also advanced extensions. Chromium is actually a better browser from a security point of view (with the problem being privacy), but you can't use it, not even some deGoogled version.
Apple's Ad business:Google is the advertising and tracking company... what many don't know is that Apple is also in the same business and they're expanding:
-
Apple ad business growing fast-
Apple growing its own ad business as privacy changes limit rivalsmacOS:Did you know that macOS contacts Apple every time we open an app to see if the app is safe or not? This is good for security as the app won't run if the signing key was revoked by Apple, but the OSCP request essentially tells Apple and anyone watching which apps you're using (they only transmit the key, but keys are associated with developers/apps). The query isn't even encrypted.
More about this:
-
Your Computer Isn't Yours-
Apple Addresses Privacy Concerns Surrounding App Authentication in macOSAlmost two years since this was posted. No changes yet, as far as I'm aware.
App Store Privacy Labels:Apple was prised when they introduced the privacy labels on their App Store. (Their iOS and App Store changes forced Google/Android to copy some of the functionality, so that was a good thing.)
The problem is that Apple's labels are not very accurate. See
this reddit post and the comments. Apple says "Data Not Collected" and Google says that data
is collected. Someone read the app description and, well, Apple's labels are wrong... they can't be trusted.
Apple's behaviour in some countries and some of their "privacy" ideas:It's important to keep in mind that at the end of the day Apple is just a for profit company. The company that runs ads saying "
what happens on your iPhone, stays on your iPhone" is the same that transferred iCloud data in China to Chinese control and is happy to work with the government to remove VPNs and other tools to avoid censorship (and they don't even allow you to "sideload" apps). As bad Google is and while they've tried to go back, they left China in 2010 because of censorship and attacks against their users.
I recommend reading the New York Times
article about Apple in China (
WayBackMachine, in case of paywall).
Not as a bad, but in Russia they also accepted to
pre-install some local apps as required by local laws.
This is expected, by the way, but it shows that they're willing to break their own rules and "values" to stay in those markets... many were disappointed when Apple said they had plans to introduce a client-side scanner that would look at photos, videos, and messages for iCloud enabled users and check for "CSAM" content (
more here). This already happens in the cloud, but this was supposed to happen directly in your device.
Now, I'm all for protecting children, but I don't think it's a good idea to have a device/system that can be
easily tricked reporting you to the police. You know what's worse? This "privacy company", which bends over not to lose revenue (see China and Russia above), will comply with local rules and if someone tells them to scan for other stuff - even when iCloud isn't involved - they will.
This EFF article describes the issues with this idea.
Apple backtracked (for now at least) after the negative reaction, but it shows that they're not the "privacy company" many think they are.
---
Long story short, don't trust Apple more than you trust Google with your privacy.