[pxoe]

Would you even find out if an app has been sold to another company on iOS app store? It's confusing to see all of that diatribe when it doesn't even do much (if anything it almost lulls you into a false sense of security), and you just have less options to choose from to get around being locked out of using your device for apps you want.

[jackstraw42]

> Would you even find out if an app has been sold to another company on iOS app store?

On this particular issue, no. But I also make a habit of not leaving old apps that I don't use lingering around on my phone. And I'm pretty sure I know all of those haven't been bought out by a data predator, apart from 23andme.

I just trust what Apple has done in other areas for my personal privacy and security, and I know they have insanely high and probably unreasonable standards for their app stores. and I don't install obviously predatory garbage apps. I feel like I could have only achieved this level of confidence in my mobile device with iOS. And to be clear that's just an opinion :)

[pxoe]

Insane and unreasonable standards sounds right, but I'm not sure about privacy and security all that much. It's just naive to assume something is totally malware free, and they're not actually disincentivized from just keeping some more subtle scammy apps around if they just generate them 30% fee revenue anyway. There's a bit of magical thinking that goes into assuming just how "good" they are at it, when they literally just don't even do some of those vaguely insinuated things.

(to me, if some os is unable to have both freedom of installing apps/sideloading and security (with help of malware checking and other measures that keep bad stuff away), and only able to achieve that "security" only by completely locking down what apps can be run and how apps are obtained, it seems like either a failure to accomplish actual security there, or rather just a pretense to keep a platform locked down.)

[ElectricalUnion]

Information security's primary focus is the balanced protection of data confidentiality, integrity, and availability, so, not having availability of the things the user wants to do is a failing grade. In this case you can pretend you value other things, not security.

[jackstraw42]

That's fair. Unfortunately, like with the national politics here, we have two shitty options.

[pxoe]

Well, like with "national politics" (what nation?), even if there may be only two options functionally, it's also just pretending that there are only two options there at all. (while almost actively ignoring any other options)

Like, while it may sound annoying and nitpicky, android is not just "one option of the two", it has a bunch of versions/flavors/forks/whatever you wanna call it, that vary between manufacturers, and also alternative distributions that can be installed on devices, situations that iphone just does not have, at all or to that extent. (quite linuxy in that way if you squint real hard.) I'm struggling to worry about this whole debacle with google floating about whatever they're floating about (currently it's that vague) all that much, when android is that malleable.

There are also actual Linux phones and distributions, postmarketOS, environments like Phosh and Plasma Mobile, Ubuntu Touch, Sailfish, and so on. These can also end up being treated as a "third option" when it's a bunch of different options, or even treated as non-existent, but these options are out there, available, modern, with phones you could just buy. The only case where "one option" is actually just one option is with iPhones.

[jackstraw42]

Sorry, Google and Apple are American companies so "here" was the USA in my comment.

I agree completely with you about the Android forks. That does allow for people do things right more than the way Apple does it. But it also allows people to do things wrong, and how many predatory mobile phone companies would see an opportunity to spy on customers if they won't notice? Just like none of us would buy a computer and use it without formatting and reinstalling the OS first, there are tons of people who didn't reinstall the OS and kept installing shitty malware. That's the case that I'm worried is much more prevalent among the American population than we realized. Tons of factors go into it, but I think the fact that we distilled all of our information received regularly down to something that's processed thru two operating systems before reaching human eyes and ears is something worth looking more into. Or at least I think it's a damn good reason to start over and begin with doing things the right way, given everything that we know now.

[pxoe]

This just sounds like two different sets of standards, although for two different platforms, but one is getting goalposts shifted to 'but flashing is scary and nobody does it and also what if other phone makers spy on people' (just spreading FUD, really), while the other gets a pass pretty much on every one of those things while blindly buying into privacy marketing. Kinda reminds me of those lawsuits about app stores on ios and android that were running in parallel, where ios also kinda got a pass pretty much just because it's more locked down.

While regular people probably aren't going to mess with custom roms on android and it's kind of self-selecting situation there, they very much might pick a Samsung phone, or Motorola phone, or some other phone, that will have different flavors of android, and may have some meaningful differences and will have some amount of control over them that phone makers have be spread out between their manufacturer and not just google.

Some people also aren't really gonna be any less susceptible to scams that aren't tied to app stores or apps at all. Might as well lock down the browser and phone app then as well.

[UnreachableCode]

GrapheneOS.

[jackstraw42]

This does look like the one from what I've read. Will definitely be giving it a try once I can afford to pick up a Pixel phone.

[grepex]

I'm running it on a secondhand pixel 8a I picked up for 200 bucks! It's great

[yownie]

is revolut workable on it atm?

[dns_snek]

> I know they have insanely high and probably unreasonable standards for their app store

[2022] https://lifehacker.com/great-now-the-apple-app-store-has-mal...

[2022] https://www.darkreading.com/cyberattacks-data-breaches/malic...

[2024] Fraudulent LastPass-impersonating app allowed in App Store: https://blog.lastpass.com/posts/2024/02/warning-fraudulent-a...

[2024] "Scammed by the top result for 'Bitcoin wallet' in Apple App Store": https://news.ycombinator.com/item?id=39685272

[2020] Scam subscriptions: https://blog.lockdownprivacy.com/2020/11/25/how-to-make-8000...

[2015] Thousands of malware-containing apps built using infected version of XCode slip through App Store review: https://www.bbc.com/news/technology-34338362

[jackstraw42]

Quickly looked at all those links and without any more commentary from you, I guess I feel like my point stands.

Those all fall under the category of shitty apps I would never install on my iPhone or Android phone. So, Apple's privacy standards and policies, and walled gardens for better or worse, kept me closer to what I was looking for regarding personal privacy and security than I could have gotten with Android. Who knows if anyone checked those same apps I use to see if the Android versions are different or contain malware, but my sense is that it's much easier to slip it in the Play Store than Apple's App Store.

[rpdillon]

I think the point is that you're putting too much faith in App Store Review. App Store Review is neither necessary nor sufficient to protect you.

[jackstraw42]

Probably so. But still, I feel like Apple did a better job than Google did and I understand that’s an opinion and everyone has one.

[mcny]

One more example since you mentioned shitty apps...

https://old.reddit.com/r/apple/comments/672xcq/nytimes_how_u...

Uber did this and didn't get abruptly terminated from Apple developer program...

[happymellon]

Fdroid had none of these issues, Apple had lots of examples.

Walled garden - 0

3rd Party store - 1

> Apple's privacy standards and policies, and walled gardens for better or worse, kept me closer to what I was looking for regarding personal privacy and security

Apples privacy policy allowed bad actors into the App Store. Considering the levels of Kafkaesque pissing about we see reported on here from devs for non-issues, on a weekly basis, you should have a zero tolerance.