It's amazing to me how many comments here excuse Google's behavior by offering the impractical "solution" of just not using a smartphone (a false dilemma) when the obvious answer is to get an iPhone. That's the advice of pretty much everyone in the infosec field and I'm sure some of them will attest to that in this thread.
Apple provides a black box with iOS, they have full control. Maybe the next iOS update comes with privacy intrusion because it's more lucrative.
A more sensible way of dealing wirh the issue would be to use an open source Android version like AOSP or LineageOS, not run proprietary gapps, and replace its functionality with F-Droid, MicroG and Yalp-store. Your location will stay out of Apple's/Google's hands and you can still enjoy all convenience of a smartphone. Keeping your freedom in your own hands.
"Apple provides a black box with iOS, they have full control. Maybe the next iOS update comes with privacy intrusion because it's more lucrative."
This is true, but it's also potentially worthwhile to consider that Apple has positioned themselves as a hardware company (i.e. the majority of their money is based on selling units of hardware), whereas their main competitor here (Google) is an ad company (i.e. the majority of their money comes from selling their users' data). Apple has chosen to highlight their commitment to privacy partially because they feel it helps their market position, whereas for Google, it would hurt it.
Certainly it doesn't mean that Apple is infallible, just that I think it makes it easier to accept that Apple is more likely to protect privacy more than Google.
I'm pretty biased towards Apple, so obviously this may not work for everyone; if you need source code to feel secure, then by all means, go for it. For people who are looking for less work but some of the benefits, I think that Apple is a decent way to go.
> This is true, but it's also potentially worthwhile to consider that Apple has positioned themselves as a hardware company (i.e. the majority of their money is based on selling units of hardware), whereas their main competitor here (Google) is an ad company (i.e. the majority of their money comes from selling their users' data). Apple has chosen to highlight their commitment to privacy partially because they feel it helps their market position, whereas for Google, it would hurt it.
But this is all just marketing, whereas the reality is that Apple could also be hoovering up location data and you may never know.
You may have good reasons to trust Apple more than Google, which is great. Others may reverse that position of trust (perhaps they had their iCloud account hacked into and photographs leaked on the internet).
"But this is all just marketing, whereas the reality is that Apple could also be hoovering up location data and you may never know."
It isn't just marketing.
This is how the alignment of incentives works.
A company's incentives are aligned with the people who pay them. Apple's are aligned with those that buy phones. Google and Facebook's are aligned with those that buy ads.
The parent argument is that without transparency it's difficult to actually know.
Apple's true incentive is to provide value for their shareholders.
If they can improve the value provided to shareholders by hoovering up information while also maintaining consumer confidence and sales then why would they not?
I think that Apple's incentives are better aligned with my desires for privacy, but it's only an assumption.
Because this sort of thing inevitably leaks? Apple has a formula that demonstrably works, a formula that everyone can directly observe making them an utterly stupid amount of money. It would be the height of stupidity to risk their unparalleled monetary successes to pursue a few dirty little crumbs.
Exactly - especially when you are employing privacy-conscious developers, it would be nearly impossible to keep it contained. Someone would leak it to the EFF. It's better business strategy for Apple to not defect.
Guys, this is all just plain old wishful thinking. Neither you, nor me, nor most people here have any real clue what decisions are being done behind closed doors of Apple, or other companies. All the high profile cases are mostly PR-oriented, see how PRISM was handled (not that they had any choice, but it is what it is).
Don't attach these emotions where they are not appropriate. Apple is a for-profit company. If they will be pressed hard by US government behind closed doors, they will bulge and you won't know about it, why should you (maybe in 10 years as part of some leak). If they will decide to change their strategy, they will. They have 0 moral issues hiding gazillions of cash offshore from IRS. Just like any other company out there.
Simple fact is, most people don't care about security. I work in IT, and I have numerous friends with iPhones, but exactly 0 of them cares about extra potential security when choosing phones, most have no clue about these issues. Regular people choose Apple because of Apple and how things look and feel, and how they are perceived among others as a status indicator.
I think you massively overestimate the power of the US government. What would they do if Apple said no? Shut them down? Put Tim Cook in jail? Never going to happen. That perception of power might exist against mere civilians, but not against the big multinationals.
Apple has engineered their products to be unbreakable by Apple. That says a lot about their desire to cooperate!
Apple's billions held internationally aren't hidden, everyone knows where it is. And it was never money destined to be "on-shore" in the first place – it's profits from retail sales which occurred in Europe and elsewhere. Their offices in Ireland have the Apple logo on them and they're one of Ireland's largest taxpayers. Everything they do is on the public record. That money wasn't expatriated from the USA, the IRS isn't owed any of it.
You underestimate the power of the NSA, CIA, FBI and in general the US government. They don't need to imprison the CEO or shut them down, there are subtle yet nefarious ways of getting what they want. Anyways let's forget this part, it's just speculation from both of us.
According to their privacy policy[0], they comply with requests by the government for user data and inform the user unless gagged.
> In the second half of 2016, Apple received between 5,750 and 5,999 National Security Orders.
If their products are unbreakable, how can they provide this data to the government?
The data stored on newer iOS devices with hardware security enclave are unbreakable even by Apple, but the iCloud backups are accessible by Apple. That’s probably how the requests are fulfilled.
I think it would have much greater repercussions over time, eliminating one of the few concrete advantages of Apple products. But for now let's assume it only lost them a tiny share, perhaps one percent. Even that is a massive fortune compared to the money Apple could possibly make selling a bit of marketing data under the table.
I’d be pissed for an hour but at the end of the day my phone, laptop, watch, TV and car all syncing my music and crap with no effort is too appealing to scoff at.
Hell if I found out they had a meat locker of dead kittens hidden in the basement of 1 Infinite Loop Id probably stay loyal.
It would be a ballsy play of limited utility. For one, you're talking about Apple risking epic legal liability if they got caught. For the other, they'd be doing so for limited upside. They can only sell ads on the premise that they don't have all this inside information on their users.
What makes you so confident? How do you know Apple thinks of itself as a hardware company whose incentives are aligned with those that buy phones? Their marketing certainly has made a lot of people think that, but, well that's just marketing.
Apple hasn't exactly always stuck with one identity. In 2007 one could have easily said that Apple is "a computer company" and not "a phone company" like Nokia.
Ultimately though, Google and Apple are incentivize to collect data for a lot more reasons than just selling ads. A lot of software functionality on phones benefits from rich user data. Apple may well be collecting data to drive better software experiences, and how much of that data they'll keep in-house vs sharing with third-parties is anybody's guess.
Even if you only consider advertising and hardware in simple terms, Apple is very directly incentivize to advertise new iPhones to current iPhone users. They want you to crave new models as soon as they come out, and to think your current model is kind of lame and old. Why wouldn't they be tempted to leverage user data to do that?
Finally, the vast majority of iPhone users probably aren't so sensitive to data security (the market of people who are is pretty small). So I doubt Apple cares that much about their perception among security-conscious people.
"A company's incentives are aligned with the people who pay them"
That sounds great but it can not be further from the truth. So are you saying that Comcast and the telcos of the world incentives are aligned with their users?
Telcos in the US have localized monopolies. Their customers are a captive audience. The incentive in that situation is for the telcos to wring as much money out of its customers as possible since they have nowhere else to go. Apple is very far from a monopoly. It sells in highly competitive markets and as such, is incentivized to appeal to its customers so that those customers do not choose another option for their hardware purchases.
Ok, the example still holds where they do not have monopolies but let's move to a better example.
Gaming. Highly competitive market.
You buy a game, do you think that it means that the game producer has your best interest at hearth? Apple is filthy rich not because they have users as top priority, but because the extract as much as they can from them.
They have a very clear lock-in policy where they try to avoid their users moving to other platforms if they wish so (iMessage anyone). Is that really in their users interest?
For all we know, that's what they want you to believe. The fact that you are so certain this is how they are incentivized could just mean that they did a fantastic job at marketing and making their users believe this image of themselves they've worked on.
But do you have counter examples? Because here, we see one more from Google, while Apple has had a much better track record so far that confirms this view that they are walking the talk, too.
I feel that people mostly don't care to check the correctness of Apple's claims. Yesterday i asked a question about security (https://news.ycombinator.com/item?id=15751571) and no one replied.
A submission without replies doesn't necessarily mean nobody cares. Some links get submitted and receive zero comments, then a week later it gets submitted again and receives dozens or hundreds. It's a crapshoot.
...and yet they comply with ~80% of government requests for user data?
At the end of the day, they still have a way to break their own encryption; they just don't want to set a legal precedent or create tools to allow a third-party to have unfettered access.
Everything they say in public releases is just, "face". It's better than the Facebook or AT&T models of charging for access as a subscription service, but nonetheless I do not believe them when they claim their hardware is opaque to themselves.
That's not scalable to the entire market of people wanting mobile devices, in case you didn't realise.
The question the GP was almost certainly asking was "how can the public confirm that security of their data is high on the agenda of Apple (and by extension any company), what systems are in place". Without third-party review of open systems and practices I can't see it being possible.
That's assuming if there is an disgruntled employee with knowledge of this happening and if there is, that there isn't an NDA good enough to make him or her to think twice about leaking anything should they leave on bad terms. That's a large if to place your hopes on.
That's smoke and mirrors. What guarantees you that Apple isn't collecting your location right now? It's proprietary software, so you wouldn't know, and it's perfectly within the terms of their EULA. You're just gonna trust that they don't (even though they are a business and that can potentially make them more money)? Or are you gonna know your phone isn't spying in you by installing free software on your device?
If we only made decisions based on whether we could absolutely be sure of something with 100% certainty, we would all be paralyzed. Until a fully open-source phone is released that is comparable in quality to an iPhone, we can look at all of the available data and make reasonable decisions.
Aside from Apple’s strong stance and history of protecting the privacy of users, we also have security researchers MITM’ing the traffic sent from iOS devices to Apple, and every jailbreak gives an opportunity to look deeper; if they were acting badly, someone would find that out soon enough.
I agree that asking for 100% guarantees isn't useful. Realistically, the danger with Apple is that its absolute power over what regular users can install on their iOS devices is easily exploited by governments.
If some surveillance happy government bans some VPN software then Apple is going to enforce that ban much more thoroughly than Google or Microsoft ever could.
Did you check and compile every line of code that runs on your phone? If not, than that's also smoke and mirrors. I guess it's easier to get evil patches into any open source component on a "free" phone than to get them into an iOS release.
OpenSSL proved to me that being open source doesn’t mean anyone actually checks what it’s doing. It could be checked, but it would be trivial to sneak in things.
Good point. But I still prefer open free software, because there you HAVE the OPTION to inspect it!
If you paid someone (even multiple people/companies) to do professional audit over OpenSSL, it would be prevented.
Now, with closed software you are lost and the only thing you have is a TRUST the SW developer. Because inspecting blbs is much more difficult. And I don't trust them.
Actually, it would be against their Privacy Policy; and they would get a fine of up to (5%? 10%?) of their annual turnover fined by the EU under GDPR if they did.
How will the EU audit Apple to confirm the privacy policy is not being breeched, or how will people know about such a breech on Apple's part in order to notify the authorities?
You've got to do a lot more than installing free software if you're that paranoid. You've got to check the code, ensure the code that you're installing is the same code that you've read, etc. etc.
Apple is a lifestyle and fashion company moreso than a software or hardware company; yes, Nike makes shoes and Ralph Lauren sells shirts, but they are not best described as shoe or clothing manufacturers first and foremost. Jobs understood this.
Yes, that is exactly their goal. Google services, from the Play store to search to Google plus is all designed with exactly this in mind. What most people don't understand is "if you're not paying for the product, you are the product. When I use Gmail, I know what I'm signing up for.
I don’t remember where I first heard this, but increasingly “if you’re not paying for the product, you’re the training data.”. (Doesn’t invalidate your point, which I agree with)
> Maybe the next iOS update comes with privacy intrusion because it's more lucrative.
Apple has demonstrated time and time again their commitment to privacy and to protecting user data.
Apple does not see user data as something to be hoarded. They see user data as a liability and work very hard to collect as little as possible in order to provide the services they do.
The idea that Apple is going to discard all of this and add privacy intrusion into iOS, doing a completely 180° on their business model and discarding all of their corporate principles, is extremely unlikely.
Sure, but Apple has been researching and applying privacy-preserving techniques like differential privacy. And they do a lot of their machine learning on-device (e.g. face unlock is entirely on-device).
Really the big outlier here is Siri, I'm sure they could make Siri better if they were willing to hoard data, but Apple has demonstrated that they value user privacy much higher than the incremental improvement they'd make with Siri, and violating user privacy would likely hurt their business a lot more than making Siri a bit better would help.
Agreed, it would be nice to have an actual conversation about the issues in the mobile market right now instead of pointing to one of the 2 major companies, that nobody should really be 100% confident about.
IMO both Google and Apple aren't saints. Apple had a fairly similar headline in 2011[1]. Now watch people here on HN explain why that was completely different. It's a guarantee.
We really should be focusing coming up with ideas on what we can do. My friend for example (and this isn't a perfect solution) but he bought 2 phones, one of these for calling:
And then he caries a smartphone for encrypted chat apps etc. He removed a bunch of hardware chips from the smartphone so even if you put a simcard it it doesn't connect anywhere. Also the microphone was removed and some other things. It works great. At first he had it with the simcard still in, but he wanted more privacy. Personally, I would have kept a 4g only simcard or something, it's kind of a trade-off because now he can only chat on wifi.
It's far from perfect, but at least he's trying something.
> Apple had a fairly similar headline in 2011[1]. Now watch people here on HN explain why that was completely different. It's a guarantee.
Ok, since you’ve so eloquently asked - a local copy of your location history that colllected when location services are turned on is completely different from remotely collecting location data even when you’ve explicitly disabled location services.
Any attempt to say these are the same thing has gone beyond naive to willfully ignorant at best.
I am all ears to see you evidence that this is just Kool Aid. As iOS developer I at least see all the API changes them make to make tracking users (or rather, phones) more and more difficult.
You don't even get to access the true MAC from your phone.
Apple has demonstrated time and time again their commitment to privacy and to protecting user data.
Google's entire business is carefully balanced on user trust. Anyone who posits some naive "they're an ad company" nonsense is just muddying the waters. Google is a user-trust company in a variety of spheres, and without that trust they would be annihilated.
Apple does not see user data as something to be hoarded
I've gotten downvoted elsewhere and will gladly eat it up to warn against this utterly ludicrous kool-aid fueled naivety. Apple says whatever nonsense gets a cheer at their latest product reveal. But if you don't think they're desperately vacuuming up data for their machine learning to stay ahead of the game, you should rethink your positions.
I remember virtually identical claims about Microsoft a decade ago, as an aside. Hell, in conversations about Google versus Microsoft, no less. Then Microsoft, you know, started viciously hoovering up user data like there's no tomorrow.
Siri is so far behind Amazon and Google's voice assistants that if they're Hoovering up the datas, they're doing it wrong.
I'm a (mostly) happy [0] Apple customer. The lack of evidence that they are gathering all my bits makes me comfortable to use their products. I strongly feel we'd hear leaks about how they are saying one thing and doing another if they were. Employees of Apple aren't that loyal.
Yet here we are with Google and their "it's better to ask for forgiveness than permission" attitude.
You realize that Apple admitted to collecting cell tower and wifi data years ago, wholly separate from any location data, right? That they still do to this day.
It is impossible that a unique device submits data about cell and wifi locations in an "anonymous" way aside from putting another party in between (a party that you'd have to trust), and that caveat is outrageously nonsensical to anyone with a hint of technical capability. But we trust that Apple is then mangling it up. Or do they?
Why is it impossible? It's only "impossible" if cell phones have unique IP addresses. But, and I admit I've never tested this, my understanding is cell phones may switch IP addresses any time they reconnect to the network.
And even if a cell phone does keep the same IP address for a long time, I'm confident that Apple is completely ignoring the IP address for each submission and taking only the encrypted location data. Apple has gone to great lengths to preserve privacy in so many other cases, it's outrageously nonsensical to accuse Apple of trying to match IP addresses with location data to identify individual devices (and besides, even if they did do that, all they'd know is the rough location history of some device, but nothing at all about what that device is or who owns it).
Does Apple still collect that data if location services are turned off and the device has no sim? Then I would be outraged.
My guess is that they don't given that they have a setting in location services called "Wi-Fi networking". But this should definitely be investigated...
Good point about Microsoft, they went full Google. But they were much better at privacy before changing course.
Apple is also much better at privacy now. Maybe they'll also change course and then we might as well stop using smartphones, cause we're being treated like sheep.
The non-Siri Apple machine learning is happening on device. This is something that Google would consider doing for 5s, before all in the meeting would start laughing and they'd go for uploading everything.
"In 2014, in response to a series of terrorist attacks, China made all Google services almost unusable by tightening its Internet censorship, often called the "Great Firewall of China"
That would only happen if Google didn't comply with Chinese govt. unlike the other company we are talking about.
That is oversimplifying the issue greatly. There's far more involved than just "not complying". There's many reasons why Google would be banned, the biggest of which is Baidu being a massive local competitor that is both pro-government and pro-censorship.
Apple, on the other hand, is a consumer brand that is wildly popular worldwide. People save up for these devices, they sell out within minutes and people go to extreme lengths to line up in store for them. There would be much more anger for banning them than Google.
Not sure why you are being downvoted, but as someone who did try deleting an appleid, there is no self service way of doing so. Basically ended up removing all possible data; and filling the rest with fake values. Finally I changed the password to some random string. Not sure how much aux/opaque data remains that I could not see (eg location services), but this was secondary throwaway account, so I didnt care much.
Similar measures have been implemented in a number of european countries for years, I think originally in France. As far as I am aware, GDPR only standardises these laws and applies them to all EU states. Plus it adds a fine large enough for companies to actually care.
The fines are indeed substantial: up to 4% of annual turnover. On top of thay they can force you to shut down the service in question until remediated. For an e-commerce company that can be even worse than the 4%.
Being fully compliant with GDPR is a mountain of work even if you thought you were doing all the right things before.
In practice, small companies/ start-ups might not be audited / reported / pursued very much but: a) you'll never know and b) at least all the big tech and e-commerce companies are smack on in the sights of several data protection and competition(!) authorities already. We're all scrambling to be compliant in time.
Source: first hand account from running the GDPR compliance project in e-commerce company.
Using F-Droid and Yalp and avoiding the Google Play Store is only an option if your needs are very limited. As far as I know, there are no widely-adopted mobile payment apps anywhere else, certainly the de facto standard mobile payment app in my country is only available on the official app stores.
The same goes for banking apps and all official store membership and coupon apps, just to mention a few categories of apps you will have to do without.
Should all be burned anyway. Plastic cards and bits of paper worked fine for decades, you don't suddenly need to run arbitrary code on my pocket supercomputer.
>banking apps
Safer to use the website. My bank authenticates you by having you enter your PIN into a card reader - although they have created a mobile app, the security is strictly inferior as phones do not come with card readers (and the passcode is different from your PIN, making you more likely to write it down).
The basic pattern is, it's either important enough to be worth being a stickler over, or trivial enough to ditch entirely. Personally, I find "not being on F-Droid" as a very strong signal that I should not want to use an app in the first place. It steers me away from malicious code and proprietary lockin. And I never, ever see an ad on my phone!
A lot of people refuse to carry any significant amount of cash. It is a risk factor, especially when at events and shows or just during busy shopping hours, due to pickpockets. An app with verified identity (using the national 2FA login system in my country) is significantly more secure.
>Should all be burned anyway. Plastic cards and bits of paper worked fine for decades, you don't suddenly need to run arbitrary code on my pocket supercomputer.
It's a bunch of silly plastic cards that I then I have to carry around in my wallet or remember to bring from home when going shopping, as opposed to having the app on my phone, which I carry around with me anyway. The app automatically calculates bonuses and rebate collection marks.
>Safer to use the website. My bank authenticates you by having you enter your PIN into a card reader - although they have created a mobile app, the security is strictly inferior as phones do not come with card readers (and the passcode is different from your PIN, making you more likely to write it down).
My mobile banking app is perfectly secure, it uses the Danish national 2FA login system, used for all public services.
It's fine for one or two cards, but for all the rebate stuff and membership benefits, I would have to carry around a veritable mountain of cards. They already have all my relevant details for the memberships, and I don't share anything further than that via my phone.
Posting anything online is a sacrifice of privacy. Using HN means your IP, your username, a bunch of connections and other data are logged in various places. We're all willing to sacrifice privacy for little conveniences, some people prioritize differently.
A non-Swedish friend studying in Sweden recently told me of a situation (I forget the exact details) where she could not pay with cash. They only accepted payment via Swish[^1] (mobile payment system).
At the time she was with a Swedish friend which was the one to pay for both of them, with my friend paying her friend in cash.
Cash is not accepted "everywhere." Some examples of places that sometimes don't take cash: Parking garages, airplanes, bus kiosks, vending machines, online stores.
I went to a festival earlier this year and the door tickets were card-only.
I don't understand people in this thread defending Apple when AOSP is clearly more open. Yes, Apple has done well so far, but at the end of the day what are you going to trust? A talking head, or the actual code running on your device? It smells of rationalization for anyone to say that it would not be in Apple's interest to collect personal information.
AOSP is certainly more open, but half the system and its apps are provided through gapps which are also black box binary blobs that you can't easily dissect.
Everything is temporary and the best smartphone choice for privacy (or rather best compromise) is subject to change.
Android freedom is purely theoretical for most people, including my family and friends. iOS security and privacy support is real and practical.
P.S: Apple is not screwing developers, they're keeping them under control. Time and time again developers have proven they don't care about security or privacy and they need to be forced to obey the will of the customers through APIs which can't be easily misused.
> Apple is not screwing developers, they're keeping them under control
Their entire business model is predicated on the idea that hardware is important/ worthy, and that software should be $0.99 with free updates forever. It's basically the opposite of Microsoft - what MS did to the OEMs, Apple does to the indie devs.
Also: not sure about your family, but I can choose stuff like "what keyboard to use". For me, that's a kind of freedom too.
Most apps are worth 0.99, even if they cost significantly more to develop. When one considers the ads, tracking, changing features from under the customer, that's their value.
The stuff that's really good costs money also on iOS. The Abby OCR is 64 EUR, OmniFocus is about 44 EUR, Korg Gadget cost 45 EUR (now 20, maybe a special offer).
What keyboard to use is a freedom, but not really an important one. It's a convenience.
I recently bought an iPad for my parents and that allows them to have a device which is very unlikely to get infected by spyware or malware and I can count on their private information remaining private. That gives them the freedom to use it as they like and see fot, without having to worry. And without me having to keep up with whatever tracking fuckery Google thought up.
You're a delighted Apple customer - I get it, it's your right.
It's also my right to question your view that "security is freedom, freedom is insecurity and danger" (ok, I'm mean/ probably misrepresenting the second part. But not the first one - and that alone should give you a bit of pause)
I'm not delighted, I'm pissed off that Apple is the best choice (having no devices aside) for someone that would like the keep their basic rights to private life.
I considered using Android devices, and had to concede that I have neither the time nor the skill to remove all the spyware added by very motivated and skilled Google engineers. It's a losing battle. So I decided to compromise on my freedom to control "my" device.
This decision is not for everybody. But using plain Android should not be for anybody, people deserve better than a peeping tom like Google.
And google does it with Google Play Services. All we have to go on is the historical record of the manufacturer, and apple’s is vastly better.
Obviously a high-quality open-source smartphone would be preferable, but I’m not aware of such a thing (Although I’m hopeful that purism’s phone will be good).
> Maybe the next iOS update comes with privacy intrusion because it's more lucrative.
That’s not a great argument when you’re talking about the single most lucrative consumer product in the history of the world. At that point, the risk to your existing product by making an abrupt 180 like that is far too great.
Yes, with Android we at least have this option of running AOSP/Lineage and F-Droid.
If only HW and chip manufacturers released Linux sources (or ideally had support in the mainline Linux branch) soon with proper drivers (ideally open)...
Manyfacurers keep releasing lots of closed junk smartphones every year :/ but as long as people will continue buying it, nothing will change.
> Maybe the next iOS update comes with privacy intrusion because it's more lucrative.
And this would be swiftly called out by someone soon after release, putting a very ugly stain on Apple's reputation. There is absolutely no advantage they would gain from this which could outweigh the PR nightmare.
"Maybe the next iOS update comes with privacy intrusion because it's more lucrative."
Isn't it likely to be more lucrative now? I imagine that the number of people choosing iOS over Android purely for security/privacy reasons is fairly low. I think the incentive exists for them now and they've ignored it.
I finally switched to LineageOS yesterday after hearing this news and it's working fine. It feels great to have a Google-free phone, but I'm shocked by how many Android apps require Google's proprietary services to function these days.
true, however given that Apple's business model is specifically not based on privacy intrusion and Google's is the likelihood of this happening is probably pretty negligible.
> It's amazing to me how many comments here excuse Google's behavior by offering the impractical "solution" of just not using a smartphone (a false dilemma) when the obvious answer is to get an iPhone.
Smartphone or not, carrying any phone means providing this information to your carrier at all times.
I don't like the idea of sending this information to anybody, but to be honest, Google is the entity that I'm the last concerned with at the moment. Unlike literally every cell carrier on the market, hey have an excellent track record from a data security perspective, and their entire competitive advantage relies on them not providing that raw data to any third party.
A common view in these discussions is that people are happy for Google to collect data about them, and other users, because they have an excellent track record in security.
You can't have privacy without security, but security by itself does not equal privacy.
The best security in the world doesn't mean that you have privacy if everything you do online is tracked. And no company arguably tracks you more than Google. The volume of tracking data they collect about users is mind-bogglingly gargantuan in scale.
It's baffling how Google escapes scrutiny on their data collection practices, particularly from the tech community who seem happy to give Google a free pass on matters of privacy and online tracking.
You can also set your phone to airplane mode with WiFi and Bluetooth enabled most of the time unless you need 4g for something like driving directions.
Google has much better security than the phone companies anyway, so letting the phone companies know where you are is bad enough.
I had the idea to "red team" myself and find out if there's a way of finding out my location history from shady online data broker and then take countermeasures.
Google knows the GPS location of almost every Wifi router, even if nobody has ever (successfully) connected to it with location services. By design, Android will search all Wifi SSID's and send the GPS coordinates back to Google, so that if another phone not using location services connects to that router, Google knows their location by cross-referencing with the stored GPS coordinates.
Unfortunately, we can't even entirely trust our phones then either. You can turn on airplane mode in the OS, but it could still choose to reactivate the radio for short bursts without you knowing. Or the the radio could be set to phone home on a regular basis on its own recognizance. This could potentially occur even if the phone is turned off.
There is no way to ever completely trust a cellular device.
I'll get to it in my case but really this is on the providers; they designed the protocol backwards. Instead of each customer hacking in a PBX it would be trivial to ping the last known area and then if the phone didn't respond in n (customer configurable) sec send a broader incoming call request ultimately resulting in an all areas ping, or even queue one up like a missed SMS but they would rather monetize your high frequency all-time location data that they pretend to not care about.
Hopping out of "airplane mode" can be made arb fast.
So, short answer, customer demand. I bet eventually they will get too creepy with the data and demand will happen.
It is only obvious when one enjoys a wealthy life.
There are lots of countries out where people can barely afford something better than a feature phone, and when they do, their hard worked savings are just enough for an Android device.
It's really humbling to see what people in different living circumstances take for granted. Apparently privacy is the fundamental right only for the people who can afford a $700+ device.
The difference is the a dirt cheap Android phone will cost less than $100 for new unlocked, whereas a dirt cheap iPhone start at about $300.
For $300, you could get a competitevly specced Android phone with great support for AOSP custom roms. Get one of these, flash AOSP without play services and you've got a reasonably privacy-focused phone.
For US$300 you'll get an iPhone SE that'll outrun a Samsung Galaxy S7 in most benchmarks. What's not competitive about that? Can't expect current flagship performance from a US$300 device.
So a "cheap" Android phone costing US$500 that came out like yesterday is really good at opening and closing applications. The new benchmark of What Makes A Really Great Phone after It Must Have Slim Bezels wasn't an argument anymore.
> So a "cheap" Android phone costing US$500 that came out like yesterday
See the second video, which shows a $300 phone of the previous generation beating an iPhone of the latest generation at the time that cost twice as much. I couldn't find a head to head comparison of the iPhone X against a cheap Android of the previous generation, but I expect the outcome to be the same.
> is really good at opening and closing applications.
The video doesn't show speed of closing applications. Opening communication applications is 90% of what users wait for when using a phone, and Android users wait less.
Your artificial benchmarks that measure gaming performance aren't much use to the 99% of users who use their phones more for productivity than for AAA games.
We're measuring performance of computing devices with benchmarks for at least 20 years now. Most of the scenes still do it that way, for example comparing PC performance to Xbox or Playstation. AMD vs Nvidia. Nobody questions that a significant difference in benchmark results means a difference in real life performance.
Except for some people living in the Android world. Why is that?
I think it's a bit like people that are denying climate science. They keep looking for new kinds of benchmarks until they find something that fits their predetermined outcome. Some glacier got longer instead of shorter? and boom see no global warming. Some YouTube dude has a video that makes your phone looks fast? and boom look no further. Benchmarks suck!
Those benchmarks work ceteris paribus. All else being equal, a faster CPU, faster memory, and faster disk will translate to faster app launch times.
In this case, they don't, as you can see with your own eyes. That's because the platforms are different.
> Some YouTube dude has a video that makes your phone looks fast?
Every single video that shows app launching has the same result. Don't believe them? Try it yourself. If you get a different result and post it to YouTube, all of your fanboy friends will love it, and you'll get some revenue. The rest of us are happy to use the more productive and less expensive phones.
You're like a person who says climate change is due to solar flares but doesn't actually measure the effect of solar flares on climate to realize that there is a huge amount of warming that is not accounted for by that simple analysis.
Yes, MotoG3 2015. Best phone I've had so far, all around. $200 is not exactly dirt cheap, but it comes out to $100 a year so far. There is no way an iPhone is going to last me 10 years to match that cost per unit time.
The pisser about it, is Motorola, like so many other companies, abandoned it for major updates. It does ostensibly still get major security updates, but...
I don't think there was an upgrade after iOS 7 that really made devices significantly slower. But a lot of people still have an iPhone 4 trauma. The 5S is like 5 years old and still runs iOS 11 very capably
(unless you're one of the unlucky people with whatever type of iPhone for whom iOS 11 still is borked for some reason, still having trouble on one iPhone 6S Plus with that).
I don't disagree with your first point, but I disagree with the second. Encouraging everyone to "just buy an iPhone" is a false dilemma of its own.
No. The "obvious" solution here is to regulate companies and give huge fines for doing stuff like this, without explicit user permission. Google went through hell in Germany over its "error" in collecting user data from their Wi-Fi hotspots. Why can't the U.S. do the same in this case?
It's not just an absolute privacy outrage, but also an outrage because Google will drain my phone's battery life without permission, just to serve its own interests.
The “obvious” solution takes time to implement and with the current administration in power upon the US, there is little hope they will do the right thing here.
The former CEO of google is bff with the clintons and was heavily involved with Obama's campaign. Good for him, I guess. But the previous administration did very little for internet privacy and rights.
Dont fool yourself that the problem is the "current" administration and the next administration from the "good guys" will solve everything.
I have an iPhone specifically because I want to use Google services (Calendar and Hangouts) without associating my entire phone with my Gmail account. A few Android releases ago, I was able to create a new Google account for my phone, with no contacts or anything, and still use Hangouts. It's recently gotten aggressive enough that I'm pretty sure that all my photos, location history, contacts, etc. are visible to my Gmail account and that my Gmail account has permissions to install apps on my phone, so I gave up and got an iPhone, where the only apps that care about my Google account are the Google apps I choose to install.
I tell all my friends / family to get an iPhone if they are upgrading.
I used iOS and Android phones and I like both. However it makes even me nerveous to use a banking application or similar on an Android. Can’t imagine what kind of shit my dad would have running on an Android device with all the fake fishing apps, bloatware, tracking etc going around.
With a non jailbroken iPhone I have a lot more peace of mind.
> However it makes even me nerveous to use a banking application or similar on an Android. Can’t imagine what kind of shit my dad would have running on an Android device with all the fake fishing apps, bloatware, tracking etc going around.
Do these people not do banking on Windows machines? The malware situation was infinitely worse on Windows - I see an Android device with some unwanted ads maybe once a year from a friend or family member, but Windows devices are a weekly occurrence and the really nasty stuff - like password sealers and banking trojans do exist, but are extremely hard to come by on Android, compared to Windows where clicking a pop-up and a run button could leave you permanently infested.
For me anyway, they certainly don't. iOS is the only computer platform my parents have ever been able to use well, and for that they adore it. Anecdotally I've heard similar from many friends.
I recently got a free Android phone, and would also never let it near anything that could extract money from me, and am conscious of the information it can disclose.
Sorry, legitimate Android app developers! I would like to pay you for the things you create, but your neighborhood is too sketchy for me to visit.
That's pretty ridiculous, we're talking about credit card purchases here, which can be trivially charged back, not bitcoin private keys... if you've worked with sensitive info on a Windows box though, that's probably a much worse off environment.
The comment above didn't mention what type of card they are using nor in what country they live. Regarding Windows, in the times of Windows XP there were no "telemetry".
Using a smartphone for banking is really dangerous because banks often use a phone as a second factor and compromising the phone gives full access to your bank account. And many phones do not get security updates.
I'm not referring to Windows as poor for telemetry, but it's tremendously easier to get malware that takes over your whole system on Windows than any other platform - consider the fact that downloading and running unsigned executables is an extremely common practice - even as a fairly security conscious person I do it regularly on Windows. Add to that the fact that Windows completely lacks sandboxing and you pretty much get a pile of malware on your machine unless you really know what you're doing - and even then I've seen fairly technical people click next past a "bonus ask.com toolbar" in an installer.
Even with a regular bank account in most of the world at least, it's tightly regulated and you're only liable for a small portion of the loss - on a credit card, generally nothing at all.
Even without OS security updates, generally browsers and other internet connected software gets security updates regularly, I'd trust a new user on Android far more than Windows because clicking an ad would not have a risk of getting them infected system wide without jumping through some serious hoops and involving a few exploits. On Windows that's one Run button press away.
Is there a reason to believe that mobile ecosystem is more unsafe than the desktop ecosystem?
I would argue it the other way round. On mobile (Android or iOS), apps have much fewer permissions compared to on desktop. e.g., one app can't look into the data of the other app. On desktop, it is possible to write a binary which steals user cookies (e.g., https://github.com/rash2kool/cookie_stealer). For all purposes, the binary would be legitimate, and no antivirus or OS APIs would mark the binary as bad.
However, on mobile, one app can't peek into the private data of the other app. So, the Uber app can't peek into my browser cookies.
I think using a smartphone for banking is very dangerous:
- banks often use phone (for example, SMS) as a second factor for authentication, for example to confirm transactions. Compromising a phone thereforer provides full access to your account. Some banks even allow to perform payments by sending SMS without logging in.
- many phones do not receive security updates in time. And those updates close only public vulnerabilities.
- while Android has good permission system, many apps have a very wide set of permissions, including permission to read or send SMS messages, or permission to use accessibility functions, so compromising such an app can also be enough.
You seem to have something to share, could you elaborate?
From my point of view, the sandboxing and authorization model of iOS is way better than what is available on Android right now.
You could argue that newer versions of Android provide a way to ask for permissions, but suffices to target API level 22 on your app and you're off of it.
And fon't get me started on full disk encryption and buggy TPM implementations on Android.
As far as I know, the "jailbreak" is performed by using closed-source software that often is heavily obfuscated to prevent analysis. You cannot be sure that it doesn't install a backdoor as a bonus.
Or maybe buy a Android phone and flash AOSP without Play Services. As much as I like privacy, I am not tempted to buy a $700+ device which seems to be getting costlier and gimped with each new version.
You can get older models for about the same price as cheap Android phones - i'd much rather use a 5 or 5S than anything by Kyocera, for instance.
I made the mistake of buying a cheap Andriod phone for $40 when I could have gotten a 4S for 50. The 4S would have had a superior camera, security and even typing performance.
Currently I have a iPhone 6 that i got for 200, no contract. Seems pretty affordable to me. In Liberia, maybe not, but I imagine there are millions of iPhone 4s they would be welcome to take off our hands.
I suppose that would be true about $40 android phones too? I think Apple would be glad to sell however many iPhone 5s's for cheap because that's basically what the iphone SE is.
For one it's more expensive, I have to pay a hefty price to get a recent Iphone, compared to being able to get a usuable android phone starting at 100€ or less.
Additionally, I'm a primarly linux user and from what I've gathered, Linux is not supported by Apple at all, rather, you have to buy into the Apple ecosystem to properly use an iphone.
Which is the third point; to use an iPhone I need to become part of the Apple ecosystem while most Android phones interop with any OS and Hardware relatively straightforward most of the time.
Non-privacy apologists who make such comments are from a newer internet generation and they have not yet experienced valid reasons why this type of behaviour is an issue.
There is very much a reality of smartphones existing for over a decade before this type of data collection was done. It is in no way required or critical. If it was beneficial, it still should be a setting that can be turned off.
This isn't applicable just to service companies like Google who value user information, even when purchasing from a product company such as Apple has laptops phoning home at an incredibly unreasonable rate compared to MacOS 1-2 versions prior.
It's like having to run a firewall on your own devices to protect yourself from the manufacturer. Can we imagine if our routers do this, or did?
> “In January of this year, we began looking into using Cell ID codes as an additional signal to further improve the speed and performance of message delivery,” the Google spokesperson said in an email. “However, we never incorporated Cell ID into our network sync system, so that data was immediately discarded, and we updated it to no longer request Cell ID.”
I don't think we should trust any of the big tech companies with our data. We should instead accept that anything we share with them is not necessarily private.
Despite Apple positioning itself as the privacy minded company righteously protecting your personal information, they still share it with 3rd parties to implement products like Siri. They're very secretive and don't talk about that fact and they only begrudgingly admit it when something like a data leak occurs. Do we have any transparency into those companies that Apple is sharing data with? What standard does Apple hold them to with regards to protecting that data? No one knows because Apple won't say.
Apple's stance on security and privacy is as much theater as it is truth. They're in the business of selling you a product and to make it appealing.
The sad fact is they could tell you the new iPhone 11 allows you to fart rainbows but only if no one is looking and people would believe it.
Totally agree. I don't believe Apple either. But google is getting too aggressive and annoying.
Google's 90% of revenue comes from advertising. That means the better they track you the more they will earn with targeted ads. On the other side Apple's revenue relies on mostly iPhone sales.
Moreover, Apple started a war against tracking with 3rd party cookies. Which is a very smart move, gaining customer trust and hit the Google on it's self playground.
I absolutely agree. They're exerting power the way Microsoft did in the 90s. The latest "feature" of Gmail on Android, where it opens links in a Gmail Browser instead of your default browser, is Microsoft level shit and has me looking for an alternative.
"get an iPhone" - what a stupid suggestion. Why do you think it is more secure for god sake? Because Apple told so?
The only way to regain control over SW and to prevent spying and data leakage is by using free software, where you can read and modify the source code, build the firmware yourself. Because as long as there is source released and some company decides to add a tracking functionality, people will notice and make a fork without it.
This is how it works on GNU/Linux for a decade and I am happy I can use it. Now I only wish people stopped buying these smartphones with proprietary blobs tracking them and demanded free software.
Most people are easy (I don't want to say stupid) and don't see the problem unfortunatelly. :(
Ignoring the appeal to conjectured authority, the notion that a completely closed box device, by a company that has many revenue streams, solves this problem is absolutely ludicrous. That this ridiculous claim gets posted on an otherwise reasonable site regularly is outrageous.
True. The big difference between Apple and google is that Apple sells you pricey hardware, that just works. In the case of google they sell you. Thus, but Business Model alone you should not trust google if you care about privacy. It doesn’t make sense for them to stop collecting data points about you.
If people were not be there to watch the ads, what would those placements be worth?
It’s not the placement that’s the value that’s being sold, it’s watching the ads that is. So they definitely use your data to sell your attention, which is the currency you’re paying with.
> It’s not the placement that’s the value that’s being sold
Yes, it is ad placement that is the actual thing being sold. Advertisers hope to get something else out of it (usually sales), but what is actually sold is placement.
> So they definitely use your data to sell your attention, which is the currency you’re paying with.
No, they are selling the placement. The placement is valuable because, in aggregate, there is an expectation that a certain share of the people to whom it is shown will give some attention to it, but the advertiser generally pays by impression, not by seconds viewed × share of viewers attention devoted to the ad during that time.
But, in any case, either selling placement or attention is different than selling the user, which is a flatly inaccurate description used solely because of its emotional charge.
Only governments can tame this beast now, way too big and too rich for any startup.
I noticed several chrome instances running on "Task manager" almost all the time. Used Chrome maybe months ago. So I uninstalled. Who knows what they were doing, collecting. I trust them as much as I (would) trust a hustler on the old 42nd street
yeah. I decided to avoid chrome at all costs when noticed that when you install chrome and have firefox already installed , chrome automatically without user’s acknowledgement installs some mysterious google plugin which does not sure what. To verify it , I reproduced same scenario again and plugin was installed again. After that I uninstalled chrome and avoid google products as much as possible.
You better back that up with additional data, because for now it sounds unbelievable. When was this, what OS, which Chrome version, were you able to replicate on a clean install, what was the name and version of the Google plugin, and put a few screenshots on imgur too.
This is interesting. Could you share more information about your setup: What operating system you use, Order of browser installation, and the name/id of the plugin would be a good start.
It would be even greater if you could upload a zip archive of the plugin.
to reply to subcomments: I will try to reproduce it soon, meanwhile read this thread [1]. I don't remember exact plugin name, so cannot say this is identical to my situation but still it proves that Google installs Firefox plugins without user's acknowledgement and should not be related with Firefox in any way.
Or rather, because people can't be trusted to update their browsers and turn their machines into a danger to themselves and others. No need for assuming malice.
> What is your life like to where you think not having a cell is impractical.
In the 90s it was inconvenient to be out and about if you were expecting a call. You might be able to check your messages though, by dialing your answering machine from a payphone.
Payphones barely exist anymore, so it would be even more inconvenient. If you need to be reachable at all (nowadays by email/sms), a cell phone is nearly a requirement. If you do not need to be reachable, you still put yourself at a significant disadvantage by not carrying one.
What is your life like where you would not be inconvenienced by not having a cell phone?
My uncle, a top professor at a top 10 US research university didn't have a phone until two years ago. He did fine. In fact, he attributes his significantly higher productivity to not having a phone.
Donald Knuth gave up email in 1990. Too distracting. (I dunno but I wouldn't think he has a cellphone)
When I started grad school in '07 I wanted to forgo a cellphone. I couldn't. My advisor was even annoyed I held out on a smartphone for as long as I did (caved in 2010).
In 2013, sick of my smartphone I went back to a dumbphone. It was great until 2015 when I started working at a place so crappy I have to routinely tether my phone for productive internet access.
My point: it's very possible to live w/out a cell phone. Frankly it's not even hard (I "forget" my phone at home). However, unless you're tenured or are otherwise your own boss, you'll be forced to have one.
What's your life like, to where you think not having a cell is practical? I've already argued that ditching a smartphone would be pretty inconvenient for me, but we'll put that aside. Society has changed in the last 15 years. Payphones are gone, no one plans quite as carefully in advance, people expect updates as soon as plans change, and to be able to choose between synchronous and asynchronous communication.
>the solution is to buy a (much more expensive) phone from this specific competitor
This sounds like advertising. Also, I'm fairly sure that Apple also sells data. Indeed, given current privacy laws, it's basically guaranteed that if a company has proprietary software, it is selling data from that software.
So instead we should wildly speculate with no evidence? I personally prefer my android phone and the only true advantage for iOS I see is that Apple actively fights for privacy.
If Apple claims to care about protecting privacy, the onus is on them to prove that they actually do, e.g. by publishing the source code to show everyone that it doesn't collect anything.
While I appreciate the sentiment that we should be distrustful of every large company that has our data, including apple, I take issue with the assertion that unless that publish their source code, they are selling our data.
Logically, apple has no reason to be selling our data in even close to the same way that google does. These arguments have been thoroughly outlined in the threads above. Furthermore, showing us the source code would not prove whether or not apple is selling our data, though it would certainly prove that they are collecting it. And even if they showed people their algorithms for differential privacy, you could always make the argument that they were hiding something.
Essentially it seems that there is no condition that would satisfy the criteria. It's obvious that we have to trust apple's word to some degree and that the relationship is asymmetrical. I've been convinced by the arguments about business model / risk outlined above. What hasn't convinced you?
Companies exist (only) to make money. The only reason Apple has to not sell users' data is because they think the reputational and other costs are more than the profit from selling it.
If at some point in the future, the expected costs and profits change to make it profitable, they will do it without a second thought.
If the code is closed source, the users are less likely to be able to tell whether their data is being sold. This reduces the expected costs of selling the data (in PR expenses, customers who take their business elsewhere on principle and so on).
If the code is open source, it's more likely to be more costly to sell users' data, so it's more likely that it won't be worth it even in the future.
It's right there in their privacy policy, they already say that they can share your location and other "non-personal information" for any purpose. And it's a very small step from "occupation, language, zip code, area code, unique device identifier, referrer URL, location" for a vendor to identify you.
If they weren't selling location information, then they could just say it:
We also collect data in a form that does not, on its own, permit direct association with any specific individual. We may collect, use, transfer, and disclose non-personal information for any purpose. The following are some examples of non-personal information that we collect and how we may use it:
We may collect information such as occupation, language, zip code, area code, unique device identifier, referrer URL, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising.
The trouble is that the evidence is basically "Apple says they don't". Because the source code is not open, we can't know for sure one way or the other.
Oh come on. For that to work Apple would have to become a major backer of a compiler, and even then provide major libraries that link to everything. And possibly even invent its own variant of C. What are the chances of that?
Oh. Well. I'll just be hiding in this corner, then.
Come on, there is nothing impractical about not using a smartphone. You’re free to invent any excuse you need to justify your use of it, but there is virtually nothing you need a smartphone for.
The obvious answer is not to get an iphone. Today it’s android, tomorrow it’s apple—you’re willingly using a massive closed stack to handle your location at all times. Trust is simply naive.
If you accept you’re trading privacy, security, and money for a massively convenient liability, you’ll be much happier.
Well, yes, it's all convenience. So is having a phone in the first place. Or access to easy transportation. I'd argue that it's convenient to the point of being impractical to do without.
When I'm at work, I use my work computer, which has a long lived static IP, to log into my personal Google account. I have configured all of my browsers to clear cookies and storage upon closing. I never use signed-in Google Maps, but I sometimes use it from that computer, from fresh browser while logged out.
A week ago, I moved from my previous home that was close to my work, to a different city about 20 miles away. Since I wasn't sure where all the points of interest are, I've been turning on location on my Android phone and using signed-out Google Maps on my phone.
Yesterday, my work computer's signed-out Google Maps has centered its default view on my new city, on the exact highway interchange next to which I now live.
When signed out, Google maps' initial view is entirely based on IP address. Sure, they could use cookies, but they don't. They could also use device profiling, but they don't.
The IP -> location mapping is googles secret sauce, but it collects data from a lot of places, and is for most users very accurate. We're talking street level accuracy in many cases. The data you or another user feeds into it you could easily get back as your reported location, especially if you were trying to fool it.
Your phone doing a wifi scan for nearby access points to determine it's own location, then doing a google search could easily mark your whole home external IP as being in that place (after a few hours), which would then affect non-signed in google services from other devices in your home.
There are cases it's very bad too though, especially VPN's and frequently-shifting dynamic IP's.
Anecdote about a bad case: I was in Barcelona for Mobile World Congress a couple years back and Google insisted I was in Milan, because the rental wifi was from there (I assume).
I was at CCC in Berlin a couple of years back, the conference network was assigned a subnet previously used in Russia - I was getting verification emails from services I use for months after.
Google can use user prediction to guess which account you are with your browser, ip, ism, mac address, and other persistant metadata. Its how their whole 'you signed in from a new location' security scheme works.
'you signed in from a new location' uses a cookie that remains after signout.
Clear cookies, and you'll see it again.
In Chrome, it also uses the TLS Client Channel ID, which is a persistent unique identifier established between a browser and a server which (on capable platforms) is derived from a key stored in a hardware security module, making it hard to steal. Ie. if you clone the hard drive of a computer, when you use the clone, Google will know you are a suspicious person, even though you have all the right cookies.
I close my browser (and all tabs, windows, and any instances of the same process) very frequently, and immediately after I'm done actively interacting with the page.
My point is, I highly doubt my browser usage pattern reflects the way the median user browses the web, and yet even my careful usage wasn't enough to keep Google from correlating enough data about my browsing's attributes (IP, sites visited, location info, logged-in geo-IP), and then expose that cross-bleed in my face.
Do you manually kill all browser processes? It's certainly plausible that there's a zombie process around so any singleton-thing that does cleanup on last process exit never got a chance to run.
This type of behavior isn't limited to Google. In Chaos Monkey (which is ancient technology at this point) he goes over how tracking can be accomplished across multiple devices.
That aside, to have a setting that doesn't do what it says is disturbing. If that's don't be evil then what's their definition of evil?
Years ago, I remember CyanogenMod advertising that their "Privacy Guard" feature had something like a data spoof feature, where if an app surreptitiously requested your location or info, the guard would feed it a dummy number, garbage location, etc.
I've dug around and it seems like this no longer exists, if it ever did. Privacy Guard now seems to just allow granular controls on what the apps are allowed to request.
If it doesn't exist already, someone should definitely work towards implementing something like it.
EDIT: I see that the related XPrivacy app has a menu option for "Fake Data", so maybe this is what I'm thinking of.
I was excited when I first heard XPrivacy and tried to use it from 2015-2016.
It worked as advertised but boy was it a hassle. I had a template XPrivacy setting which constantly broke app. It was too common to find apps requiring tons of permissions than they need and had to resort toggling the permission to see which work.
I got fed up and switched to iPhone late last year.
With iPhone, I can at least control which data to share with the app. With Android, I don't have control with either app or google.
I feel relieved and have been recommending iPhone to family and friends if possible.
I'm way out of my depth here, but as far as I remember, this disappearing coincided with the introduction of Play services. Notably, determining location through WiFi endpoints nearby. I assumed spoofing location worked when getting location was simple, just GPS. But getting it through wifi and play services must have complicated everything a lot and made it harder to spoof from outside.
I am running Android 7.1.2. I remember in the older versions of android, when you turned off the GPS, it would have to manually sync the receiver and it would take minutes to get GPS lock. In the current version, when I turned off location services, there is no "dot" indicating your location on Google Maps, but it appears almost instantly when you turn it off. I have long suspected that Android has the "coarse location" and "GPS location" always tracking, but merely just does not give Apps the data until location services is turned on.
There are other strategies for getting a lock faster. Most of the slowness for a cold start with a modern receiver is receiving the ephemeris data (i.e. where the satellites are at the moment), which is transmitted at a whopping 50 bits per second, and so takes about 30 seconds to receive. Once you have that, the rest comes quickly. Older receivers with less computational power and less clever techniques could take a long time to work out your position after that, but modern ones can do it pretty much right away as long as the signal strength isn't crap.
That ephemeris data is good for 2-4 hours, so one simple technique to improve lock times is to save it, and then if you turn the receiver back on within that window, you can reacquire a lock almost instantly using the saved ephemeris data.
Another technique is to download the ephemeris data from a source that can provide it more quickly, such as the cell network. This skips that long transmission at 50bps from the satellites themselves. Pretty much any GPS chip in a cell phone these days will do this. This is called assisted GPS, or A-GPS. (This is not to be confused with another technique also called A-GPS, where the GPS chip captures the signal and sends it to the cell tower to offload the computation. This was a popular approach in older phones to comply with 911 reporting requirements, but doing the computations onboard is cheap now.)
Starting with a coarse guess of your location can also help shorten the time to initial lock, although it should be fairly short regardless. That guess can come from looking at cell signals along with known cell tower locations, and a rough altitude estimate can be made from the device's barometer.
All of which is to say, getting a dot almost instantly when you turn on location services doesn't necessarily mean too much here.
Thank you (& kop316 for the parent comment) for taking the time to jot this down. It made for a fascinating read for someone like me who is ignorant about how these networks/connections work.
Given Android's popularity/prevalence, do you think that for "coarse" location awareness, using Wi-FI Direct + Bluetooth for a local mesh with other Android devices is a possibility (basically, if one of the devices in the mesh has location data enabled, the rest have coarse location data)?
Technologically I don't see why that couldn't be done. Transmit known coordinates, do a rough estimate of your distance using signal strength, and add that to the position error. If you get lat/lon from another device and it looks like that device is 300ft away, then your position is lat/lon ± 300ft.
It could be tricky to do securely. How do you prevent a malicious device from spoofing bad location data?
Android and iOS do something sort of like this already, determining position by looking WiFi base stations with known locations and attempting to do some triangulation. This can speed up a fix if the GPS signal is having trouble, and can be essential for indoor location because GPS signals don't penetrate structures well at all. My understanding is that the database gets built up by the devices. When they have a good location fix, they'll report back on the WiFi base stations they see, so that the mothership can build a database of where the things are. This is a little bit like what you describe, but with a really roundabout data path.
There's a way to test that hypothesis. Install a different version of Android on the same phone and see if the behavior still changes. If not, it's a hardware thing. If it does, then dig into the source code to see if anything explains the change...
You can't even use course location anymore. The battery saving location setting exists but as soon as an app requests high accuracy the global setting reverts to high accuracy
Claiming sophistry doesn't make it so, you have to try a little harder than that.
The original assertion was "If you care about privacy, don't use Android". A more nuanced and useful assertion would be this: If you don't trust a specific private company with your information, don't volunteer it to them. If you don't trust Apple/Google/Microsoft with all of your data, don't buy a device with a radio they have root access on and store all your data on it and carry it with you everywhere you go. This isn't Android-specific.
Sophistry in the sense that according to any reasonable idea of privacy, meeting someone in public, so that they know where you are, your name and your face, is distinctly different from a private company knowing exactly where you are at all moments.
Imagine if it came out that a company had hired private investigators to follow you around, and collected a list of every location you visited. You tell someone else, and they say "if you really cared about privacy, you should not have come out in public, for instance I met you, and now I know your name, and that you visit this place". It is just nowhere near equivalent.
> a private company knowing exactly where you are at all moments
Someone else commented that this has already been the case for ... at least a decade, for basically everyone (in the U.S.) – the cell phone carriers are those private companies. And there is substantial evidence that they're even less trustworthy than Google.
Telecommunications companies are utilities whose use of this data is highly regulated. Google not only has locaton, it has contacts, browsing history, calendar, gmail, etc, and it has the legal right to combine this information together.
And? How does that matter? What's dangerous in them collecting my location information?
I actually have location history in google maps turned on deliberately. You can't imagine how often it helped me to know where I was exactly, one and a half year ago, at a precise time. (That's how I managed to get a copy of my nexus 5x's warranty papers after it died on me)
I don't really care about them collecting info about where I go, because it's actually useful for me. I probably would care if they were a small company with no record, but I do know that the worst Google can do is to target ads based on where I am.
I deeply hate ads, I prefer to pay, and I actually often pay the "no-ads" premium if it's available, but if I do get ads, I prefer them to be as personalized as they can possibly be, because this way they are at least mildly useful sometimes.
>And? How does that matter? What's dangerous in them collecting my location information?
What's dangerous about them compiling your medical history? Who are you afraid of? Oh wait, that's a HIPAA violation.
I wonder if they keep track of the location of every doctor's office you visit... and that abortion clinic... and that methadone clinic. Surely, nothing to lose there.
The only information that isn't hackable, is information that's never gathered in the first place. The more valuable the information, the more likely someone will spend nation-state amounts of dollars to get it.
I propose Donald Trump use the NSA (legally) to steal all of this information to track illegal immigrants who pass between Mexico and the USA border who don't have a passport on file. And then send SWAT officers to break into everyone's current location, throw them into vans, and send them back over to Mexico.
Wow, that's really fucked up, huh? And Google made it possible.
I do think that people wanting to break into my medical history, could much easier just break into the system where my doctors hold my medical documentation, at least that's 100x easier than breaking into Google. The medical clinics have to check my ID anyways, so they have all the info about me.
As for the second one: yes, if I'd be doing something inherently illegal, having a phone with Google on it could be kind of dangerous to me. As I'm not doing anything like that, I have no reason not to use it.
Yes, with technology comes digitalization of information, and people can hack any of the places my information is, wherein Google is one of the most secure comparatively.
You could argue that digitalization is bad, but before that, you could just find info on patients in the dumpster of the clinic.
And companies like Facebook can literally "correlate" you back to a real name / unique person. That's literally what they do for people who don't even have Facebook profiles.
>having a phone with Google on it could be kind of dangerous to me. As I'm not doing anything like that, I have no reason not to use it.
So those doing nothing wrong have nothing to fear? Isn't that a far-right argument?
What about states where marijuana is legal but the ATF/feds still break down your house because it's not legal on a federal level? What if Trump decides to go after anyone he thinks is a "drug dealer"? He surely didn't focus his acts when he made the Muslim ban instead of a terrorist ban.
And what about when the government started tracking and wire-tapping journalists under the last presidency?
We like to pretend our country is "the good guys" but we track and suppress journalists and dissenters (and break and ban encryption) just like any other country and we should NOT be giving companies that ASSIST and ENABLE that draconian act any moral slack. This isn't a movie, this is real life and it's going on right now. People's lives are affected by data.
What happens when some neo-con makes an app that correlates people's user ID's and finds anyone who went to a gay club, and outs them. Uber, for example, has all the required information. And now we know that Google does too.
And the only protection we have is the "hope" or "trust" that Google is 1) unhackable, 2) unpersuadable by governments or financial interests and 3) infallible in implementation with no exploits.
I keep saying it and I'll say it again: "The only unhackable data, is data that's never collected in the first place." The more valuable the data, the more incentive there is to get it through legal or illegal means. And nation-states are definitely watching and exploiting useful data. We see it in massive breaches every month.
> I propose Donald Trump use the NSA (legally) to steal all of this information to track illegal immigrants who pass between Mexico and the USA border who don't have a passport on file.
> Wow, that's really fucked up, huh?
Well, fucked up that you're picking specifically on the Mexicans, sure (it's not right to ratchet up enforcement on just one nationality or race). And more than a little heavy-handed on enforcement.
Other than the obvious hyperbole, it's enforcing the law. Selective enforcement and non-enforcement of laws that you disagree with isn't a good thing; it allows those laws to stay on the books past their usefulness.
You're intentionally focusing on a piece of my argument that you can distort into racism so you don't have to debate the rest.
I picked Mexican deportation because it's an issue WE all disagree with. It's using common ground to make an argument. You might as well be calling anyone who says "hitler was evil" a neo-Nazi. I'm arguing AGAINST giving Trump tools for deportation.
Get off your moral high horse so you can realize we're all on the same plane.
> I'm arguing AGAINST giving Trump tools for deportation.
I understand that. I picked that section of your argument to attack because I'm against targeting specific races or nationalities, but I'm not against enforcing our current laws against criminals. We should absolutely enforce our immigration laws. Just like we should enforce our laws governing medical privacy and such.
I disagree with "Mexican deportation" because it's targeting the wrong thing. Anyone subject to deportation should be deported, not just some specific race or nationality. If that's not what the country wants anymore, cool, that'll generate the support to overhaul the laws. Loosen residency and citizenship requirements. Get it so those people don't have to hide in the shadows.
This "sanctuary city/state" crap is just prolonging the pain. It's a net negative for the states and the country as a whole.
As a whole, I'm against giving the government more information than it already has. But your argument made assumptions that don't hold, through much of the country. It was like reading "Civil forfeiture is unjust and should be outlawed. We should be allowed to transport our life savings in cash cross-country. And also the money from that chop shop we run in our spare time."
I would be perfectly fine with having a checkbox which toggles this stuff. Then you could turn it to on, I could set it to off.
The problem is, there is no checkbox and data is forever. If one tries to think a little bit they can find some nasty possibilities of how that data could be abused to harm them, either out of malice or completely by accident (hope your name isn't "Archibald Buttle").
With enough data, everyone is guilty of something and today's teens will feed the Google machine for most of their lives if something doesn't change.
But just to be fair - you should have the freedom to upload all your data to whoever you want. Masochism is odd, but not particularly objectionable.
- Worried about Google? Android is bad. Google collects your data.
- Worried about the government? Since Google must obey warrants for your data, Android is bad.
- Worried about malicious third parties? Since Google has failed to patch even the Pixel line for KRACK until the December update... yeah, Android is bad. And malware through the Play Store that hits large numbers of devices is quite common.
To be clear: I greatly dislike iPhones. But Apple controls their store with a quality approval methodology, they patch all of the devices on their platform promptly going back a number of years, their business model is not built around data mining, and their privacy features have frustrated and irritated the government.
I dislike the iPhone, but if you want privacy and security, you should get an iPhone.
This is true and false. It is good to assume your Wi-Fi networks are insecure, and I've done so for a long time. But the fact that WPA2 is not the lynchpin of your entire security plan doesn't mean that WPA2 being effectively nullified isn't a massive layer of security being ripped off.
WPA2 working correctly does not guarantee that you are secure, but WPA2 working correctly means it is much harder for someone to do something malicious. The fanboy crowd has leaned heavily on Google's push to get sites to use HTTPS everywhere as a reason to suggest KRACK isn't a big deal, but the reality is a massive amount of Internet traffic still isn't HTTPS, and more than likely, never will be.
> ....you should discourage them from using Android.
You should discourage them from carrying a portable radio transceiver, ie a cell phone, with them at all times. You only know about this because you read it in the news - Android is not the only outfit doing this. Sending tower-data back home is a fundamental part of your cell phone's operation. Without that information, your carrier would have no idea which tower to route incoming data/calls to.
If you care that much about your privacy and security you shouldn't use a cell phone at all. Your ISP's and network will be the biggest offender of collecting and selling your data.
What can Android or other mobile OS users do to protect their privacy? Is there a mobile OS that genuinely takes privacy seriously, yet is easy to install and use?
I am a very happy LineageOS user. The installation wasn't difficult: you only need a supported phone and like 1-2 hour of spare time for backup, reading docs, flash and restore the apps. I suggest you to give LineageOS a try!
AFAIK even if you use LineageOS, gapps will still phone home and there is nothing you can do about it. MicroG/yalt is the most user unfriendly thing in this combo, far worse than just flashing custom rom, but it gets rid of it.
I like LineageOS but my phone (HTC 10) slowed down to the point of being unusable that I went with a different ROM.
Haven't gotten around to it yet, but I'll try and replicate the benefits of Privacy Guard using one of the privacy tools in the Xposed framework (via Magisk framework).
Another happy LineageOS user, on a Samsung Note 2 (old phone but fast enough to be my daily driver). Works very well and love the Privacy Guard fine-grained controls for apps.
Not even by a long shot. What about 2 factor authentication (Authy or Google Authenticator), store membership apps, smart heating controls, mobile payments, chat apps, and a host of others that have no (or extremely shitty) web equivalents?
It's fine that your use cases are extremely limited, but not everyone is you.
If it has a cell radio, it's broadcasting your location to the tower (since that's how the phone company knows where to route calls to). So the phone company will always have your rough location, regardless of the OS you run.
If you're concerned about this level of location tracking, don't carry a cell phone at all.
Keeping track of which cell tower your phone is closest to is fundamental to cellular technology. You can't make or receive calls unless Verizon, T-Mobile, or whichever carrier you have knows which cell to communicate with you through. Regardless of whether Google is tracking this, your carrier certainly is, and with a warrant (or a national security letter), law enforcement can definitely access this data. If you're worried about hackers, I can guarantee you Google protects this data more securely than your carrier does.
> I can guarantee you Google protects this data more securely than your carrier does.
This sentence is completely insane in this context, did we read the same article? Google should not have access to this data, and it sure as hell shouldn't be sending it up to itself when disabled by the end-user. It's absurd that you typed that out for an article titled "Google collects cell tower info even if location services are disabled".
In what world does one operate in if you consider this as "Google protects this data more securely than your carrier does"? Your carrier is supposed to have this information (and in fact needs it), it's a complete privacy violation for Google to be collecting it though.
They were making a related but cogent point about the security implications of Google having this info versus the cell phone carriers. It did not, directly or even by implication, contradict anything you wrote – you're right that this is a privacy violation, but I didn't interpret the comment to which you replied as denying that.
It absolutely is relevant, let's take a moment and review the key point:
> I can guarantee you Google protects this data more securely than your carrier does
Part of acting as a company who cares about user's data includes not collecting data that is sensitive. This is especially true with location data, and is extra especially true when you do it anyway without the user's permission.
Acting like this proves to me, the end user, that google does not guarantee to protect this data more securely than my carrier.
I can see how one could be easily confused by the original comment, but if you take a moment and review it again you'll see it rings even more true now.
No, you're still misunderstanding. The comment is only comparing how well secured the data by whoever holds it. The claim is ONLY arguing that Google would secure the data once they have it better than carriers would. It is not arguing that Google is better at "acting as a company who cares about user's data".
> If you're concerned about this level of location tracking, don't carry a cell phone at all.
This seems to be implying that this level of tracking is expected, or required. It's not. Not by Google anyway, which doesn't need and should never access this information.
I'm going to make a privacy app and tell everyone it's secure, fight lawsuits if anyone debates it, and then have it phone home with all their details.
Googles getting more information than your carrier. Your carrier or any carrier knows about your cell phone and it's registration and hand off between towers. It doesn't know the network you are seeing. It doesn't know what competitor telcos are seeing. But your cell phone knows all that without a sim no matter what your carrier is. Law enforcement doesn't have access to this data at all.
> If you're concerned about this level of location tracking, don't carry a cell phone at all.
What do you think a cell phone is? It's literally a portable phone. It's purpose it literally to be carried with you. You completely missed the point and you gave up all your rights as a person and as a customer to a foreign corporation. Millions years of evolution and we ended up with someone like you.
> "Although the data sent to Google is encrypted, it could potentially be sent to a third party if the phone had been compromised with spyware or other methods of hacking. Each phone has a unique ID number, with which the location data can be associated."
If the phone is compromised, it doesn't matter what google has access to, the tracking kit can just enable it's own tracking and spoof the system status (depending on the level of the compromise)
If you have a concern about your phone tracking you, don't bring your phone with you.
It’s funny how when asked about it, google instantly stated that it was being removed and all location data was purged. It’s almost as if they saw how bad it looks and how it hurts android’s reputation, but hoped no one would notice/care.
After watching Google's privacy violations closely for more than a decade, I'm pretty sure this was intentional and someone got a bonus for coming up with the idea and implementing it. Google's real motto is more user data == good.
Saving location history in a local file is not the same as sending it to Google, just like cutting your finger is not the same as getting your hand blown off.
You can buy a regular phone that has an active community on XDA forums and flash a ROM without installing google services afterwards.
If you can't do that, some phones just let you disable google services. On others you can try getting root access and then disabling them.
As an alternative (or addition for closed-source apps) to F-Droid I can recommend APKUpdater. It is highly configurable, has multiple apk sources, has search and can install apps from Google Play Store.
And you're still being tracked in the way described in this article. Google play services just needs to be present on your phone. Doesn't matter if you login or not.
I'd buy the new iphones in a heartbeat but I simply cannot spend that kind of money and put up with weird compromises like no haedphone jack or no fingerprint reader. I wish Samsung would have an option to run tizen on its flagships.
> I simply cannot spend that kind of money and put up with weird compromises like no haedphone jack or no fingerprint reader
That category no longer applies solely to apple. Google's flagship phone [0] is just as expensive as Apple's, has no headphone jack and no fingerprint reader.
I've seen old Apple devices get really slow and sluggish as they get upgraded to new software versions. But you're right, it's better to get a 6s instead of a 7. At least you get full functionality.
edited summary: The 'duty' is owed to shareholders, not to you. That duty is to generate profits and protect shareholders' investment.
That's not how commerce works(anymore). You are technically a consumer...and you are fundamentally the "product". Companies buying advertising are the actual consumer - to which you(ie your data) are for sale.
If you cannot look at it that way, modern corporate America/Elsewhere will never make sense. There is no free lunch, no company anywhere wants to help you out of sheer kindness and goodwill. Free software? (sometimes) free phone? ...really?
You are looking at the effect and not the cause. The cause is "their behavior", and their behavior is generating profits. The effect you state about their brand name has yet to decrease profits. That means they are fulfilling their duty, even if it's dirty/rotten/etc(doesn't matter, the market doesn't care).
edit: I don't mean to come off as "you're wrong! they are awesome!". What I mean is that until share prices stop rising, shareholders will encourage them to do exactly what they have been doing so far. The morality of it is trumped by the increase in share prices. Any feelings of shame or ill-gotten gains are quickly erased as shareholder portfolios increase in value. When in doubt - trust greed to predict behavior.
Fortunately, with the EU GDPR coming into effect mid 2018, companies can be fined up to 4% of their global annual turnover for each breach of a specific provision; and 2% for each breach of other lessor provisions.
That should hopefully make these actions uneconomical.
As I noted on reddit, I am not surprised by this at all. Google's entire incentive to maintain Android is the troves of data they collect about users. Why would they let you turn it off? It doesn't make any sense. If you're surprised as a user, you've been really naïve.
Imagine this: would apple ever let you not pay for a new iPhone? Its entire incentive in making iphones is to sell them for money. So it will never allow you to get phones for free.
While I don't disagree with you on any level, why would a hardware manufacturer ever do that? Their customer is the companies selling us phones, and most of those companies want the ability to collect data on their users to use internally or sell for profit.
This is an important distinction and deserves repeating:
The employees a of company (from executive level, down) work for the Board of Directors, who are a proxy for the shareholders. The employees do not work for the customer. If there is conflict between what a customer wants and what the Board wants, the Board wins.
Location information, ads viewed, and offline credit card purchase information. Google now has all three. Google uses this to determine which ads led you to spend and sells more of those ads.
"The revelation comes as Google and other internet companies are under fire from lawmakers and regulators, including for the extent to which they vacuum up data about users."
Since the FCC is taking the Alan Greenspan approach to a self-regulating market / ISP, which nearly every Republican legislative office support. Which lawmakers and regulators are up in arms?
This is the kind of creepy stalking behavior that Google and its apologists have normalized and seek to further extend. It's ok to need a job but no responsible individual can defend this massive, intensive and extensive invasion of people's privacy.
I am surprised that this is legal in all countries where Google products are used. And by the way, I think Google won't be able to collect data from China.
Maybe this problem should also be viewed from a different perspective. This companies are using the internet connections we pay for, for communications we didn't really allowed. They should be forced to pay us for the unauthorized use of our internet connections, and obviously for our data. if the costs where high enough this kind of "hacking" would just stop.
The section of Google’s privacy policy that covers location sharing says the company will collect location information from devices that use its services, but does not indicate whether it will collect data from Android devices when location services are disabled
It doesn't have to be perfect: calls and texts should work, a camera and browser would be nice, and the complete freedom to use it and control it in the way the user wants.
The first run to sell maybe 1,000 or 10,000 units? My cash is waiting...
I am using Android without Google Play Services. Some apps don't give me notifications, but most of them work without an issue. Also, I'm using Firefox with uBlock on this phone. Couldn't be happier with that setup and my phone's battery life.
At the moment yes, but some phones let you disable Google apps through settings and I had this setup before. Another option is getting root access and uninstalling Google apps this way.
Just get one of those cases that block GPS signal, or even the one that blocks all signals (but you won't be able to receive calls). They are only a few bucks.
Cell phone companies will probably hand over such info to any government entity to comply with local laws. I suppose with Google they have it a bit easy, because google links your identity to your phone, email, web search, purchases, maps activity, etc. They don't have to issue 20 different legal requests to each provider, and then combine that data. Other than that I don't see how Google collecting this data is bad (if we're to assume that there is a legitimate reason to do so).
That might be a digression, but overall you have to "trust" a company or software provider to some extend.
Even if you have all source-code etc. there are always possibilities to include a backdoor or similar if there's one binary involved (in this case the compiler):
http://wiki.c2.com/?TheKenThompsonHack
I'm moving up my research on migrating to Nextcloud, or some combination of it and maybe FastMail. I'm sick of this kind of bullshit.
And the thing is, Google, Apple, Microsoft, are less still evil than Time Warner, Verizon, Road Runner, Xfinity, etc. But I'm concerned they are not sufficiently opposed to that fiefdom to maintain a neutral balance on the internet.
Figured they would do this and then hide it in Android OS/System so users don't know it was Google's own services draining their battery life the whole time.
If only they'd use this data to at least do something useful, like create a machine learning-enabled firewall to block "rogue" cell towers like cell site simulators. But no, of course not, it has to be done only for ads...
Why is this a problem? What is the harm of them collecting cell tower information? Is it possible to provide the same quality of service(s) without the cell tower information?
