Why trying to preserve control over your privacy for me means running Android
Background
I switched from Android to iOS roughly a year ago. The main reasons for this were:
Apple released “affordable” hardware for the masses
The lowest end iPhones went into a range that “normal” people also can afford. Of course, they are a bit more expensive than the cheapest Android phones you can find but taken Apples update strategy into account (and combining this with the fact that the phone cycle slows down) this has become a real alternative for anyone.
This fact removes the “if you can afford it you can have privacy” label (at least a bit) from Apple that I really disliked.
Apple really puts their marketing into privacy
You can argue if Apple does this because they really think it is the best for their users or - like some people think - because they had no other choice (no way to beat Google, Microsoft or Amazon in the Cloud and data game) but they put privacy on top of almost every marketing material.
So the assumption is that they will try their very best to make sure to deliver on that end because they would really, really harm themselves by violating that rule.
Phones get more “boring”
The speed in which mobile phones evolve has slowed down significantly. There is no major breakthrough every year and therefore no real need (there was no real need before but even for geeks like me) to jump on the latest and greatest phone once a year because “the camera got much better” or “now app transitions are much smoother”.
This also leads to less desire to “play” with the mobile phone as a computing device. This might also come from me getting older (not sure which effect has more weight, but the outcome is the same 😁)
I moved towards a mindset of “as long as it does its job, it’s fine, and I can adapt to little things that it makes differently than I would like it to do”. Less thinking about that device as it “just works”
Apples ecosystem
The wish for being part of that shiny ecosystem of stuff that seamlessly works together has been become stronger and stronger over the years from watching it grow from the sideline.
The switch
This all made me switch to Apples ecosystem completely. I already had a MacBook and an iPad, so I got myself a used iPhone 11 Pro shortly after the iPhone 12 has been released.
A few months after that (my 40th birthday) I got an Apple Watch SE and AirPod Pros and was really happy living the Apple ecosystem life.
Then came Apple
But it seems Apple doesn’t like me to live in that privacy-friendly Apple bubble not having to fear bad Google or bad Amazon to steal my data.
Apple decided to do photo scanning on the device.
I know, I know. It’s not what the phrase “photo scanning” makes it sound like. I know that they use a really, really clever mechanism that makes sure that the local scanning part doesn’t know if it has a hit and the server part can’t decrypt your photos before a certain threshold of database hits has been reached.
I also know that this only happens for photos that are synced with iCloud Photos.
Furthermore, I also know that this has not been released yet and Apple wants to talk with experts again to tune that approach after they got a big backlash from the security community and were flooded by comments and emails from informed users.
The problem
For me, the problem is not really that Apple wants to scan my photos. I have my photos synced with Google Photos (because of a missing alternative that can replace it completely) so I’m the last one being concerned of scanned photos.
There are two major issues I have with that:
- It happens on the device and there is no way to control what it is actually doing - As Apple’s system is closed source we can’t know if it is only doing what Apple says it is doing. We have to trust them.
We end up with a thing on our devices that scans photos (and messages and who knows what) and reports findings to the server. You can twist that and put multiple layers of privacy-friendly technology on top of that but in the end it remains exactly that. A scanner on your device letting the server know when it has found enough scan hits. - You have to take it - Once Apple decides it wants to have that functionality everyone has to install it on their device. No way out.
Of course, you could refuse to install the update, but then you will also refuse to install any security or bug fix updates, so this is not really an option.
In general, I think Apple is really trying to preserve their #1 marketing claim (privacy) and I really think it is putting huge efforts in providing as privacy-friendly solutions as possible.
On the other hand: We all know what happened in China. There is no privacy in running the Chinese iCloud servers in China’s hands.
This only shows that in the end Apple is a for-profit organization that has to earn money (who would have thought). It also has to fulfill any regulations of the countries it wants to operate (and earn money) in.
This makes my second problem point a real bummer. This has been true before all that CSAM stuff, but this made it crystal clear to me:
By using the iPhone you are doomed to accept any decision Apple makes for you. Those decisions are mostly beneficial for you (or don’t really matter) but when - one day - this might become a problem for you (or anyone) then you have no way out. This is the nature of how iPhones / iOS work.
The solution
There is no real solution to that dilemma. The only real alternative to iPhones (Android) are not only “probably” privacy problematic but for sure 😁
The real advantage on the Android side is that if you select the right device then you have a really, huge potpourri of alternative ROMs that can provide what you want to have.
You can even ride the Google train and if someday you have enough or some leaker shows the world that Google is doing bad things with your data or phone then you can “just” switch the ROM as you are in control over your device.
I personally landed on a Pixel 4a 5G with CalyxOS. Explaining how to exactly set this up and what the implications are would be too much for this post. Maybe I will make a separate one on that topic.
In a Nutshell:
CalyxOS is an alternative ROM for Pixel Phones (and a few others, but the main focus is Pixel) that has no Google inside (no Google Play Services for instance).
As this has a couple of problems (many apps need the Google Play Services in order to work) CalyxOS provides the option install MicroG. This is basically a Google Play Services implementation that uses other services behind the scenes to fulfill the API. So you basically can use Google Play Services without using Google.
It comes with F-Droid preinstalled, so the main App Store is an Open Source store that delivers a wide range of Open Source Apps.
Inside F-Droid there is Aurora - A frontend for the Google Play Store. Using this you can install apps from the Google Play Store and use them on your Google free device. Isn’t that cool?
Of course there are some problems. It was quite a hassle to get the Google Camera on that device and running and there are a few apps that just don’t work (no dealbreakers till now)
I’m running this setup for a couple of weeks now, and I’m really impressed with what the Android community has achieved here.
This is not for everyone as you have to be a bit tech-savvy to drive this setup, but it’s worth it.
I do miss wearing my Apple Watch though :/