[jackstraw42]

> Perhaps the barrier to entry is a bit higher to discourage some low-hanging fruit, but Apple does very little for the 30% commission it takes.

As someone who is diligent about staying on top of these things, I thank you for sharing this because this is what I'm talking about: it is not clear at all to an average user who is trying to do task X with their phone (note that's *not* "do task X securely while protecting personal data").

I figured Apple didn't do a whole lot, but I still feel the policies must do something. Please do tell if you know specifics though. And I am very disappointed with all the near-literal shit that's flooded the iOS app store the last few years. Overall, my opinion about it all is that we need to take some time to think about everything we've learned and rebuild something new from the ground up. GrapheneOS seems promising.

[smaudet]

> but I still feel the policies must do something

That has been the problem with Apple, a lot of feeling inspired by nice UI design, and a lot of screw-you-over in the background (draconian dev policies, nonsense security requirements that make you less, not more, secure, and money grubbing that doesn't make the users any better off)...

Maybe in a world with Steve Jobs, it could have been different, who knows. I don't get the sense that Tim Cook "gets" it.

[port11]

Companies are made of people, not just their figurehead.

Jobs wasn't a nice person, as it's been documented. And if he was surrounded by MBAs and PMs trying to make a career, the results might be similar to what we have.

I do think Cook is a terrible CEO on the product side. But he's made Apple richer than ever. I'm not upgrading to the 26 version of the OS'es (btw what a stupid version bump).

[oofbey]

Can you give examples of nonsense security policies that make you less secure? I’ve always thought Apple’s security policies have been exemplary, forward thinking, and balanced.

[jackstraw42]

I have lost faith in Apple as a current best choice because of the things you say. Maybe it's dumb for me to think of it this way, but I was just expressing that I'm happier overall with how Apple handled it while I've had an iPhone. I felt like I was in better hands, even though I know just about all their shortcomings that have been made public. Still, I don't think there was a better choice for the general average Joe than an iOS device. They have kept my parents safe from identity theft, any malware (that I know of), stolen credit cards, etc. And I think they deserve some (intangible, feelings-based) credit for that.

This morning I ordered a Pixel phone after realizing they are available in my price range after all (thanks to this discussion, specifically one of the few who didn't try to argue with me) so GrapheneOS is what I would personally recommend if anyone was thinking I was trying to say "iOS is better, prove me wrong". I was more looking for others to share similar thoughts, not attempt to shut me down, but such is life.

[kmeisthax]

To be clear, Apple's authoritarian tendencies are directly downstream of Steve Jobs' authoritarian tendencies. Tim Cook's just continuing what was already there in 2014. It was Apple policy to lock down everything with code signing since the iPhone. Hell, I think it started being a company mandate around the 4th or 5th gen iPod.

The one thing Jobs didn't account for[0] was that iOS apps were going to take off and thus owning the signing keys to iOS would be extremely lucrative. Jobs' original iOS development mandate was "webapps only", at least until the jailbreak developers embarrassed him enough to change his mind. Even then, he genuinely thought 30% was going to just barely defray the costs of running the App Store.

The actual difference between Jobs and Cook is that Tim Cook isn't nearly as charismatic. Jobs had the "reality distortion field" - the ability to confidently lie so hard that the engineers believe the lie and actually make it true. It's the sort of authoritarian manifestation that Donald Trump is desperately trying (and failing) to tap into.

[0] In Jobs' defense the last SDK they'd shipped for portable devices was iPod games.

[port11]

I've ran Graphene for a year to complement an iPhone; sadly, Device Attestation makes it non-viable as a main phone. Banking apps and what we used to id ourselves are a whack-a-mole of incompatibility. For everything else, I do think it's a great solution.

For reference on Nara, it tries to connect to domains such as dewrain.*, vaicore, akisinn, etc. (many TLDs) Little Snitch was the only way I'd know. Sadly it means we're unsafe on iOS and Android, so we've stopped using any features that might be or leak PII. Just milk and sleep.

This unnerved me so much that I'm building an app for parents on the side. I can't believe our options are free with trackers or expensive (with trackers). And Nara was clean before the update around March.

[jackstraw42]

Wow! Well you never know where simple frustrations will lead, or in your case noticing something that you just can't shake that no one else seems to think is important. I'd say keep me posted, but that's not on you especially while you're developing that app. I wish you the best of luck, and it sounds like you're doing it with a really unique and authentic perspective that I wouldn't be sure that any of the apps that become popular on either App Store can guarantee. Seriously, the world might depend on you :)

I had a feeling about what you described with GrapheneOS would be the case, and that's what kept me from really considering it as a replacement for my iPhone until talking with some folks in this thread. I really don't see myself getting out of using an iPhone as my "main phone" tied to my phone number since my wife is neck-deep in the whole Apple ecosystem (and I truly believe that being flexible in this regard is worth it and makes our lives a whole lot better, even when the issue in question is what I would consider a simple moral non-negotiable, securely protecting my and my family's personal data. just means that I have more solving to do before the solution).

My solution for now is to always run everything through a trusted VPN and NextDNS on the iPhone, or as much as iOS will let me I guess, and using this as my new Pixel's gateway to the internet when I'm away from a trusted connection. I will also be running everything through the VPN when I'm using GrapheneOS, so when I am out and about I'm not treating my not-entirely-trustworthy iPhone any differently than a Starbucks hotspot. Sometimes the convenience really makes a difference, not all the time but it does matter occasionally.

[port11]

That's a very good approach.

What I've been trying to do is have the critical apps on the iPhone, which stays home; then take the Graphene around as much as possible. It's making me use the phone less as well, since my Pixel isn't very interesting.

Now to convince more family members to connect via a VPN… hmm. No wonder we lost the war on privacy.

Maybe check that your partner has Advanced Data Protection on. iCloud without it is what got us all these iCloud leaks in the past.

And thank you for the kind words :)