[derefr]

Those are different things than what most people talking about iOS privacy mean by “privacy.”

The thing people usually mean by privacy is “security of personal data and metadata”—i.e. being able to use your phone to break the (perhaps unjust) law, without a state actor being able to then prove you broke the law by forensically analyzing your phone.

Phones already leak a lot of circumstantial forensic evidence just by being phones. They talk to cell towers, for instance. So there’s a certain level of information leakage you’re accepting by doing something private on a phone in the first place.

The point of choosing one phone over another, for its privacy, should be to secure the phone in all the other ways—to prevent any information from leaking that can be prevented from leaking while retaining the functionality of the phone.

In that regard, iOS is usually considered the winner.

(Also, iOS is frequently considered the winner just by the fact that Apple devices can’t be interfered with by OEMs at the behest of state actors; in est, the OEM is always Apple, and so the only applicable state actor is the US. If I’m e.g. a Canadian diplomat in China and my phone breaks, I’m not going to trust a Chinese-OEM Android phone, but I might be able to trust a phone I send a plainclothes gofer to buy me from a Chinese Apple Store.)

[lern_too_spel]

> In that regard, iOS is usually considered the winner.

That, too, is based in myth. More iPhones have had malware than Android phones available for purchase in Europe and the US by an order of magnitude, and Android vulnerabilities are more expensive than iOS vulnerabilities, so if your standard of privacy is protection from state actors, you should prefer Android devices.

> If I’m e.g. a Canadian diplomat in China and my phone breaks, I’m not going to trust a Chinese-OEM Android phone, but I might be able to trust a phone I send a plainclothes gofer to buy me from a Chinese Apple Store.)

If you're in China, you're in trouble because the CCP has access to all your iCloud data and any iMessage messages you send while there. Nobody is suggesting that you buy a Chinese OEM phone with who knows what modifications. Just get a Blackberry, Nokia, Google, or Android One device, and you'll be in a much better privacy situation than if you got an iPhone.

[derefr]

> More iPhones have had malware than Android phones available for purchase in Europe and the US by an order of magnitude

I'm assuming here that you're taking "standard precautions":

1. You get new phones from a trustworthy source, e.g. the official storefront of the relevant company.

2. You buy in person, so that the phone can't be intercepted in transit because some watchlist redirected it based on who you are.

3. You get someone likely to not be on any such watchlist to buy your phone for you (i.e. you hire some kid off the street to go into the store for you, and hand them a wad of cash to pay with.) This is to ensure that, for as long as possible, the phone's MAC address doesn't end up automatically associated with your activities. (It will eventually; but that's why you burn your phones pretty often.)

Under such rules, you won't get any "bonus with purchase" rootkits on the device. The device will only have a rootkit if all such devices in the current market have rootkits.

> Just get a Blackberry, Nokia, Google, or Android One device

You actually cannot buy Android phones in China—even from these brands—which haven't been passed through the hands of a Chinese distributor at the "OEM customization, root-of-trust-not-yet-signed" stage. (Heck, you can't even buy a Nintendo Switch in China without it going through the hands of Tencent.) Every one of these phones has a "Chinese edition" with different firmware, and that edition is the only one available for sale in China.

(How does it work for Android One phones? IIRC, the phones with these editions hit a different Android One firmware-update server, one run by the Chinese government. They still get "stock" Android firmware... in the sense that the only changes are a potential rootkit.)

The reason iPhones are trustable in that situation is that Apple has constrained their infrastructure such that they only have one firmware. That means that any China-specific customizations have to be built into that single global firmware, and activated by software (i.e. by choosing your "Region" in the phone setup.) And that means that your own diplomatic home office can inspect all such customizations using the full resources of your own state counterintelligence apparatus, and then give you the go-ahead (or not) for using the phone with such customizations.

The Chinese Android phone firmware is only distributed within China, so it's much harder to be sure you capture every version of it for security-analysis. And, even if you do, it may not tell you much about what they can do to specific people, as it may just contain "generalized backdoors" (e.g. cellular-carrier-triggered automatic firmware-update push) such that any code that actually spies on people is only pushed to the devices of People of Interest (likely with additional logic to delete itself if the phone leaves the country), such that it's nearly impossible to exfiltrate the device from China back to your own counterintelligence.

-----

But the larger consideration, if we're talking about e.g. populist recruitment into civic-action groups, is that none of those Western Android phone brands are popular in China, compared to Chinese-owned brands. Both because the state controls the advertising (so the Chinese brands get product placement on Chinese TV, and the Western brands do not); and because the Chinese phones are just plain cheaper for the same level of features (which mostly is down to vertical integration and simplified logistics with component manufacturers.) So, sure, you can try to buy one; but it'll be hard to find anyone carrying one. And you can't just rely on a random stranger to have one. Heck, just buying a phone from a Western phone-brand probably puts you on a watch-list.

...other than Apple, because Apple is unavoidably still seen as a fashionable brand in China, despite the Chinese's government's best efforts to quash this sentiment.

[lern_too_spel]

> I'm assuming here that you're taking "standard precautions":

Under the standard of "standard precautions," iOS has had multiple orders of magnitude more malware infections than Android instead of just one or two due to Xcodeghost.

Also, my statement was about people outside of China, as you can see by the end of the quoted sentence, so many of your reasonable precautions don't apply.

> You actually cannot buy Android phones in China [snip]

You misread my point. My point was that if you're in China, you're already screwed, no matter which device you legally purchase in China. For the rest of us outside of China (including you in Canada and me in the US), Android devices are clearly superior for privacy as I have shown earlier.

> IIRC, the phones with these editions hit a different Android One firmware-update server, one run by the Chinese government.

Android One phones are not legally sold in China because the update server is run by Google, which has no servers in China.