That's smoke and mirrors. What guarantees you that Apple isn't collecting your location right now? It's proprietary software, so you wouldn't know, and it's perfectly within the terms of their EULA. You're just gonna trust that they don't (even though they are a business and that can potentially make them more money)? Or are you gonna know your phone isn't spying in you by installing free software on your device?
If we only made decisions based on whether we could absolutely be sure of something with 100% certainty, we would all be paralyzed. Until a fully open-source phone is released that is comparable in quality to an iPhone, we can look at all of the available data and make reasonable decisions.
Aside from Apple’s strong stance and history of protecting the privacy of users, we also have security researchers MITM’ing the traffic sent from iOS devices to Apple, and every jailbreak gives an opportunity to look deeper; if they were acting badly, someone would find that out soon enough.
I agree that asking for 100% guarantees isn't useful. Realistically, the danger with Apple is that its absolute power over what regular users can install on their iOS devices is easily exploited by governments.
If some surveillance happy government bans some VPN software then Apple is going to enforce that ban much more thoroughly than Google or Microsoft ever could.
Did you check and compile every line of code that runs on your phone? If not, than that's also smoke and mirrors. I guess it's easier to get evil patches into any open source component on a "free" phone than to get them into an iOS release.
OpenSSL proved to me that being open source doesn’t mean anyone actually checks what it’s doing. It could be checked, but it would be trivial to sneak in things.
Good point. But I still prefer open free software, because there you HAVE the OPTION to inspect it!
If you paid someone (even multiple people/companies) to do professional audit over OpenSSL, it would be prevented.
Now, with closed software you are lost and the only thing you have is a TRUST the SW developer. Because inspecting blbs is much more difficult. And I don't trust them.
Actually, it would be against their Privacy Policy; and they would get a fine of up to (5%? 10%?) of their annual turnover fined by the EU under GDPR if they did.
How will the EU audit Apple to confirm the privacy policy is not being breeched, or how will people know about such a breech on Apple's part in order to notify the authorities?
You've got to do a lot more than installing free software if you're that paranoid. You've got to check the code, ensure the code that you're installing is the same code that you've read, etc. etc.
