But you're definitely letting perfect be the enemy of good if you think that closed-sourced drivers means that e.g., a closed source web browser doesn't increase your privacy attack surface.
Life is full of choices between imperfect options. And security/privacy is always qualified with "from whom". Sure, closed source drivers are not ideal and I am more vulnerable to privacy attacks from state actors. But why should my response to that be to just willingly give all of my personally identifiable information to Google, Inc?
Yes, that's what I mean. But you're moving the goalposts. I, too, fear that there will not be a usable, open source OS for smartphones in the near future. But that's not what I said above and it's not what you appear to be arguing.
Today, AOSP is absolutely open source. You're acting like it's not.
And absolutely useless for any company that wants to sell a phone outside of China without Google Play Services. Most phones run with Google’s closed source equivalents not the unmaintained AOSP versions.
You don’t know what the apps on your Android phone is doing because they all interact with Google Play Services. Most phones don’t even use the open source dialer.
That's all true and fine. But is there anything I said that hints that I'm a company trying to sell an Android phone without Google? If not, what are you refuting exactly?
I said that we don't know what Apple software is doing because it's all closed source. You then spent the last several replies trying to convince us that the same is effectively true of Android. It's not. You know how I know? I'm writing this reply from a Pixel 2 running LineageOS without Google Play Services. Is it a pain in the ass to do this kind of setup? Yep. Do I miss out on TikTok? Probably (I don't want it, so I don't know if it requires Play Services). Is it closed source? No.
In any case, refuting my claim that we can't trust Apple by arguing that we also can't trust Google doesn't actually refute a thing.
But you're definitely letting perfect be the enemy of good if you think that closed-sourced drivers means that e.g., a closed source web browser doesn't increase your privacy attack surface.
Life is full of choices between imperfect options. And security/privacy is always qualified with "from whom". Sure, closed source drivers are not ideal and I am more vulnerable to privacy attacks from state actors. But why should my response to that be to just willingly give all of my personally identifiable information to Google, Inc?