This change alone is tempting me, and I have been diehard anti-apple for about a decade now for walled-garden reasons.
I know, I know, walled garden prevents users from opening their phone to vulnerabilities or guaranteeing a secure experience. I guess I wish I could have my cake and eat it too.
iOS devices have always required the device to "trust" the computer before allowing the backup. Looking at the article, the only real difference now appears to be that you can't just use TouchID, you're forced to use the passcode.
You are correct. Android does not require you to enter a passcode to trust a computer if you have a fingerprint registered. The change is that Apple now requires you to enter a passcode if you have set up a passcode on the device in the past. If you haven't, the attack vector still exists, and if you are traveling with a trusted laptop with fingerprint unlock, the attack vector still exists with one level of indirection.
>If you haven't, the attack vector still exists, and if you are traveling with a trusted laptop with fingerprint unlock, the attack vector still exists with one level of indirection.
You can't setup TouchID without a passcode. The "attack vector" only exists if you 0 security on your iPhone to begin with. (So , yes, technically the attack vector exists if you choose to use no locks at all).
You misunderstand. The vector is: I take random persons phone, compel them to provide me their finger print, and now when I plug the phone in to a computer, I can unlock the device and then tap "trust" in order to back up the phone to the computer. If the iPhone was already powered on and the user had entered their passcode after it turned on, even if it was two weeks ago (there may be a time out I'm not aware of, but you get the point), I'd be able to backup their device to my computer.
> Looking at the article, the only real difference now appears to be that you can't just use TouchID, you're forced to use the passcode.
That's part of it. Another part is that the passcode has to be entered after the device has been connected to the computer, as opposed to starting with an unlocked phone (maybe you took it while it was in use, maybe you forced the user to unlock it) and connecting it to a computer later.
What data does Google collect that Apple doesn't collect? The only difference I can see is that Google is competent at making the data it collects useful to the user and barely usable to advertisers.
Your comment looks like trolling. We were discussing a feature to prevent others from backing up your device.
In the first part, you're setting up a premise that nobody here can or will answer publicly even if they have the knowledge of the exact information collected by either company. That gives you a free run at the second part without anything supporting it.
You and GGP are the ones making ridiculous claims without evidence (that the data the OSes collect are unknowable instead of outlined in a privacy policy and that Android collects more data than iOS out of the box).
To answer your first question: a lot. Apple makes all your data locally encrypted by default, in Messages, Siri, iCloud, Maps, etc - they don't have the key to access it. See more at https://www.apple.com/lae/privacy/approach-to-privacy/
The difference is that Google owns the keys that encrypt your files. Services like GDrive, GMail, Google Photos, Assistant, all depend on processing your data in the cloud. Apple does all of that locally (because they can't access any of it otherwise), trading some scalability and sophistication for privacy.
We were discussing data stored on the device. Just like Apple, Google does not have the keys to decrypt the data on the device. And just like Google, Apple has the keys to decrypt the data in their equivalents to the GDrive, Gmail, and Google Photos cloud services for web access. The only difference is that Apple's services are significantly less useful.
> What data does Google collect that Apple doesn't collect?
I don't know what Google collects, but the simple answer to this is "virtually everything". Apple collects very little data from their users and does everything they possibly can on-device (and the stuff that requires the cloud is either encrypted or heavily anonymized). Nearly all data that Google collects, Apple doesn't.
On the other hand, Android services everyone, whereas Apple tells the developing world to fuck off. Apple's privacy is only for the social elite who can afford their expensive toys, and they're not interested in providing service on a global scale.
Let's not get too hippy-feelgood about Apple's intentions regarding its users here.
I am not a diehard android, but i'm replying to you from a LineageOS phone without the Gapps, using microg as an alternative to the google services, and firefox as a browser.
Privacy is achievable on Android. However, I do agree it os very involved.
The services provided by Gapps that send data to Google (push messaging, aGPS, crash reporting, app installs, safe browsing, etc.) also exist on iOS with exactly the same privacy policies. The only difference is that you can remove or disable them on Android devices if you are paranoid, while no such remedy exists on iPhones.
By your standards, privacy is achievable with difficulty on Android and not at all on iOS.
Yet this "fundamental difference" does not change the fact that both companies' devices provide exactly the same amount of privacy out of the box, while only the Google device is truly yours to put whatever software you want on it, down to the OS.
I trust the vendor whose primary revenue stream comes from me, rather than the one whose primary revenue stream is me (or my private data). I trust Google to abide by their T&C's about as much as I trust the NSA to abide by the laws governing the extent of their actions. Which is to say, precisely none.
You can argue until you're blue in the face but Apple have little to no incentive to exploit my private data while Google have every incentive to do so.
I understand your position now. You're a conspiracy theorist. Google and Apple have exactly the same incentive to exploit your private data — money. They also have exactly the same disincentive to disobeying their privacy policies — lawsuits and bad press leading to loss of money.
The Google device is NOT truly yours because you have to look for cracks if you want to root it or remove the Google stuff. The law may also be against you if you crack it. You are just a guest on your device...you are "licensed" to use it just like you get license to play music on spotify, watch movies on netflix etc...nothing is owned anymore and very few people care.
This is not true on the actual Google devices (Nexus and Pixel lines) that have a supported path to flash your own rom, and root. Google so far has been supportive of the custom rom community. Some manufacturers (cough samsung cough) have not.
Many Android devices, including all the ones that Google make and sell themselves, Sony devices, Motorola devices, have an officially supported path to running any code you want on YOUR own device.
Usually that path is: boot the phone into bootloader mode, plug it into a computer, run `fastboot oem unlock`, accept the warning that this will void your warranty, then `fastboot flash <image file to flash>`. An officially documented and supported way to do exactly what you want with the device that you own.
Yes, it voids your warranty, but it's not forbidden or illegal in any way.
By google devices, do you mean only the Pixel and Nexus phones? Or does that include all android devices? Because for example Sprint Galaxy s5's can't be unlocked.
Unlockable bootloader, yes. Officially supported ROM without Google Play Services, absolutely not.
I see you defending Google around here. That's fine but a grand-grand-grand...-parent of yours was saying that AOSP is unusable, and that point still stands and is true.
You've confused yourself. The whole point of a device being yours is that you can install not officially supported ROMs.
The officially supported experience with Google Play Services is no more privacy invasive than the officially supported iOS ROM, but in the case of Google devices, the device is yours, and you are not limited to officially supported ROMs.
Safe Browsing and Crash Reporting can be turned off with no repercussions. You can turn off location altogether, though I'm not sure if you can turn off aGPS only.
That leaves app installs (Android allows side loading) and push messaging (I'm not sure about this one) as the ones that you can't disable on iOS.
But please think twice before turning off safe browsing! Contrary to what some seem to believe, it doesn't send your entire browsing history to Google. See https://news.ycombinator.com/item?id=9779990 for an explanation.
This ignores essentially all reverse engineering techniques that are required to find actual backdoors & is not something security professionals largely believe.
It depends on the device, but at least on Nexus/Pixel devices you can just plug the phone in and `fastboot oem unlock` and it will unlock the bootloader, i.e. allow you to flash anything onto it that you want.
This does not let you access the user's data because fastboot oem unlock wipes the data partition. Before you can unlock the bootloader, you have to enable the option in the developer menu, which requires the phone's owner's account's unlock code.
I know, I know, walled garden prevents users from opening their phone to vulnerabilities or guaranteeing a secure experience. I guess I wish I could have my cake and eat it too.
reply