Generally speaking, Apple is drastically better about location services privacy. For instance, Apple Maps does not tie any location data nor direction requests to your Apple ID, and regularly rotates identifiers for devices used by the service: https://support.apple.com/en-us/HT212039
Another big thing about Android is anti-abuse, keeping people from running ad click fraud in apps running on emulators. That is the whole DroidGuard thing that the paper mentions and doesn't explore further. It is a device-specific virtual machine and bytecode for the virtual machine which is intended to authenticate it as a real device, not an emulator.
Anyway check out this slide deck for how Google SRE views mobile as being in their world: https://www.usenix.org/sites/default/files/conference/protec...
PS that team is called MISRE, pronounced "misery" and some of the founders of that team migrated from "SAD SRE" make of that what you will.
https://www.androidpolice.com/2019/10/08/how-to-fully-disabl...
How to disable personalized ads on Android:
https://www.androidguys.com/tips-tools/how-to-disable-person...
If you're serious enough to use impractical solutions, you probably want a non-google Android distro: https://en.wikipedia.org/wiki/List_of_custom_Android_distrib...
They send only a list of functions on the stack without any of the arguments or data.
Example: https://retrace.fedoraproject.org/faf/problems/bthash/?bth=3...
Where Google goes too far is sending everything in the name of security or better yet to "serve" the user.
Most people seem to say "oh I know they're collecting data." Unfortunately they don't - likely can't - grasp the depth and breadth. And the motive? Most will never make it that far.
The Age of Surveillance Capitalism rips off the bandaid, one greepy greedy power move at a time.
https://www.wnycstudios.org/podcasts/otm/segments/living-und...
Apple established a standard for the Apple app store. There was a lot of complaint about "Apple Tax" and Apple merely pointed out that it wasn't a "Apple Tax". Sure, Apple started it but others which are not even connected to the Apple ecosystem simply followed. They could have not decided to but they did (Re:Table 1) [0]. Microsoft, Samsung, Google and Amazon all have the same 30% tax. Heck, even commission rates for Xbox, Playstation, Nintendo have the same rate (Re : Table 2). I am sure Apple is not forcing them to have those rates.
Somehow, this conversation turns into an "Apple" vs rest conversation. There's no conversation had upon the charges on a digital distribution store. I'd say - let's have that conversation and come up with a number. Currently, the number is decided in a "free market". I would be open to come up to an alternate number. Most arguments against the 30% is that it is too high. Well, every penny that goes out from the developer's pocket is too high. The cost of an iPhone might be too high. Something, being too high is not an argument to not have that rate.
[0] https://www.analysisgroup.com/globalassets/insights/publishi...
In addition to https://searchads.apple.com there's ads in the stock and news apps.
https://support.apple.com/en-us/HT203033
They do send nearly WiFi hotspots for crowd sourcing purposes but it is never in conjunction with your local IP address (which is an identifying piece of information).
[0] https://therecord.media/wp-content/uploads/2021/03/Telemetry...
Reminder that Google literally provides a location database for US cops, who are getting bulk data on people simply being in some place at some time and doing nothing wrong: https://www.nytimes.com/2019/04/13/technology/google-sensorv... Meanwhile other countries want to make Google store that data on their territory when it's about their citizens.
It's very true. Google acts in an anticompetitive manner to prevent competition in the mobile app distribution market, as well.
Google prevents mobile app distribution competitors from competing with the Play Store on feature parity because user installable 3rd party mobile app stores cannot implement automatic upgrades, background installation of apps, or batch installs of apps like the Play Store can.
Also, iOS has 60% of the market in the US[1], which is the highest in the world. Apple's App Store is responsible for 100% more app store revenue than the Play Store[2].
> Maybe these stores converged on 30% because it's a nice round number and a roughly 1:2 split makes intuitive sense
Instead of guessing, we should let real competition in the mobile app distribution market increase efficiency and drive costs down to their true values instead of letting a cartel decide what they are.
- - - - -
https://www.filfre.net/2016/04/generation-nintendo/
> In a landmark ruling against Tengen in March of 1991, Judge Fern Smith stated that Nintendo had the right to “exclude others” from the NES if they so chose, thus providing the legal soil on which many more walled gardens would be tilled in the years to come.
- - - - -
The simple fact that Apple feels they have to enforce this proves they're afraid. If they <<knew>> that their model is absolutely superior, they'd just let people choose.
But if they do that, they'll lose tens of billions of dollars in revenue. So it's not about "security" or whatever, it's just about money.
This is the same company that nickels and dimes every Lightning cable maker to the tune of several billions of dollars, when USB C has been around for many years.
The same company that removed the headphone jack for bogus reasons just to create a market for wireless headphones, worth several billion dollars.
I could go on and on and on about their anti-competitive and anti-consumer practices.
Local IP isn't identifying, but it's a weird thing to include. And the paper clearly shows that being sent to Apple.
> Later during the startup process the local IP address of the handset (i.e. not of the gateway, but of the handset itself) is sent in a POST request to /lcdn-locator.apple.com: POST https://lcdn-locator.apple.com/lcdn/locate Headers User-Agent: AssetCacheLocatorService/111 CFNetwork /1128.0.1 Darwin/19.6.0 POST body {"locator-tag":"#eefc633e","local-addresses":[" 192.168.2.6"],"ranked-results":true,"locator-software":[{" build":"17G80","type":"system","name":"iPhone OS","version ":"13.6.1"},{"id":"com.apple.AssetCacheLocatorService"," executable":"AssetCacheLocatorService",<...>
So no the article isn't wrong. I suggest you give the paper a read (or at least a skim) if you're going to try and claim they are wrong about something.
The article is specifically about the mobile OSes and the default apps and services. I'm not sure why your general complaint about third parties using FAANG tracking is relevant here, but I have no argument against it.
>Distros may, Linux itself does not. The fact that the majority of Linux Distros work just fine without telemetry shows that large scale software developement and deployment work just fine without invading peoples privacy needlessly.
You are doing the same thing again. You are assuming a level of "work just fine" without having a comparison for what it would look like with telemetry. Ignoring the privacy issues for a second, can you say definitively that Linux would see no technical improvements from developers having access to telemetry data?
>so, if given the fair and free choice everyone will chose against telemetry? And that doesn't make you ask yourself "are we the baddies?".
Because the benefits of telemetry are widespread while the downsides are localized. The incentive for an individual user to participate is low and isn't well understood so they will default to off. Expand that to everyone and you end up with the tragedy of the commons.[1] It has nothing to do with skulls on a cap, it is basic individualized economic incentives playing out that lead to less than ideal results for the whole.
>So, wheres the problem here? Sounds EXACTLY how a good telemetry system should work. If the bugs don't bother the users there's no need to invade their privacy to fix them, if they do bother them, telemetry can be a tool to help them. There's no need to generate "valuable data" except to invade peoples privacy.
>Why is it any of your effing buisness what my workflow is like? If i need a feature i request it. This shit is only accepted because the majority of users lack a meaningful understanding of the depth of invasion by app and web developers into their privacy.
Once again you are returning to bugs. This is about more than just bugs. Very few pieces of software are published and then abandoned beyond bug fixes. Today most software needs to constantly evolve and add new features. Maybe you are the type who will request those features from a developer in official channels, but that isn't common.
Also most users will simply decline when presented with the option to submit a bug report. They just don't see the a strong enough or immediate enough connection between a bug report and the bug being fixed. I would bet any developer who has spent time informally talking to their users would have heard some complaints about their software that were never previously voiced through official channels. That is just the nature of things. A developer will get more valuable data if they don't leave the sending of this information up to the whims of the user in the moment when a bug report screen might appear in front of them.
And, as with most things, there’s an XKCD for that: https://xkcd.com/978/
> However, the geod process uploads binary messages to gsp85-ssl.ls.apple.com... While it is not clear what information is contained in this binary message, it can be seen to contain the MAC addresses of nearby devices sharing the same WiFi network as the handset e.g. f2:18:98:92:17:5 is the WiFi MAC address of a nearby laptop, 70:4d:7b:95:14:c0 the MAC address of the WiFi access point.
Idk what they do with this info, and I'd much rather Apple have it than Google, but you can imagine the "God mode" they could create at Apple HQ if they were so inclined. The data is absurd... imagine what you could do if you knew where billions of people were at every second of every day for years.
> "People buy smartphones because you need one to function in the modern society. They choose either Google or Apple. Neither of these corporations deserves all the credit they feel entitled to."
And you can sideload on Android, and they chose not-Android. and you could do so on Blackberry, and WindowsPhone, and Maemo and Symbian, and they all failed for not offering what people want. The only remaining good experience left is Apple, and you want to take that away as well. We know what that world looks like. It's not paradise of free choice, it's this: https://i.imgur.com/Ko5QcQl.jpg
And by "this", that's what an Android phone looks like. If you want to live in that world as a personal choice, you can easily not install the toolbars. But if there is an ecosystem you can buy into which avoids that, that should be an option. You want people who chose a limited experience to have the limits removed - but they chosing the limited experience in the first place, who are you to say that shouldn't be allowed?
> "Apple is successful by building great hardware and mostly good UX. Macs have had no app store for most of their history, and even though presently do have restrictions by default, there's a manual override to allow running unsigned or self-signed code."
Agreed, so people who want unsigned or self-signed code can buy macs, right? Choice. Nobody is forced to buy an iOS device, nobody is surprised when they can't side-load a program, because that has been the same for 10+ years and 10+ major iPhone versions, it's never been an expectation.
> "I'm having issue with there being a gatekeeper AT ALL."
I'm having issue with the idea that people willingly buying into an optional gatekeeper is some problem you think will be improved by forbidding people from having that option. The good it does is removing floods of junk from iOS users attention. It's like saying "My email isn't spam" and ignoring that spam is a huge problem and people willingly subscribe to gatekeepers at massive effort and cost industry-wide to try and protect themselves. So are robocalls, and dredmorbius suggests they might bring down the phone networks entirely[1] in the coming few years from a complete inability and unwillingness to defend itself. "Pay to send me an email or call me" would stop it in its tracks. Buying into a gatekeeper environment is another. "I should be able to bypass your spam filter because my emails aren't spam"?
Microsoft used to charge ridiculous fees for things as simple as submitting a patch for an XBox 360 game.
>Double Fine's Tim Schaefer pegged the cost of submitting an Xbox 360 patch at $40,000 in an interview with Hookshot Inc. earlier this year.
"We already owe Microsoft a LOT of money for the privilege of being on their platform," he said. "People often mistakenly believe that we got paid by Microsoft for being exclusive to their platform. Nothing could be further from the truth. WE pay THEM."
https://arstechnica.com/gaming/2012/07/microsoft-comes-under...
People who think a 30% fee is outsized tend to have no idea whatsoever what the costs were previous to that.
"Steam keys are meant to be a convenient tool for game developers to sell their game on other stores and at retail. Steam keys are free and can be activated by customers on Steam to grant a license to a product."
"Several pre-installed system apps make regular network connections that share device identifiers and details ... The Clock app connects to Google Analytics ssl. google-analytics.com/batch."
Really, the clock app calls analytics on a regular basis. That is just ridiculous.
https://www.google.com/search?hl=en&q=%22apple%27s%20custome...
> "You are not helping your case by making these daft comparisons."
The person I was originally replying to is the one who brought up washing machines as having general purpose computers inside them. It's not my comparison, it's me using their comparison to make a point. The point being, that because Alice bought a device that contains a microchip, doesn't entitle you to be allowed to sell software that runs on that microchip, and worsen her experience to do that. Like if Alice chooses to live in a gated community and pays someone to filter her mail, it would be obviously unreasonable to say "I object to gates, I should be allowed to post my fliers through her mailbox for free", as if that's your decision to make, not hers.
For instance, Verizon was sued for disabling the ability of phones on their network to transfer photos using Bluetooth, because they wanted to charge you money for a simple file transfer.
https://www.eweek.com/mobile/verizon-wireless-users-sue-over...
They were, Sony and Microsoft just believed CDPR when they lied about fixing it before release [1]
[1] https://screenrant.com/cyberpunk-2077-developer-cdpr-admits-...
Minority? Probably. Tiny? Absolutely not.
Here [0] is a breakdown of 70 popular Steam games by the source of purchase for their reviewers as of a year ago. About 28% of all Steam purchases happen outside of Steam itself, with Valve getting a 0% cut. Note that for many games a majority of reviewers did not purchase it on Steam itself.
0: https://docs.google.com/spreadsheets/u/0/d/1ICv-UE4i651yMkpD...
EDIT And this just in, more third party cookies:
https://www.eff.org/deeplinks/2021/03/google-testing-its-controversial-new-ad-targeting-tech-millions-browsers-heresIt isn't; over the past decade the tech world has shifted more and more towards telemetry, advertising, and low quality user experience. Popular sites like Instagram, Reddit, Facebook, YouTube have added more and more adverts and less and less social connection, become more centralized (Microsoft buying LinkedIn and GitHub, Facebook buying WhatsApp and Instagram), Windows has added more advertisements and telemetry, and iOS has held out as a comparatively stable, predictable, clean, low-ad, low-telemetry, user focused platform through all of this.
> "blatant anti-trust issues"
Allowing my proverbial elderly mother to buy a device which cannot, in any way, be the subject of a scam like this:
https://old.reddit.com/r/personalfinance/comments/mfy1sw/my_...
by having someone talk her through disabling the sideload protection and installing a malware, is not "anti-trust", it's "pro-trust". And yes I do understand that I'm swapping the meaning of "trust" here between your use and mine, and that's deliberate. Look at the comments in that thread:
"Sounds dumb, but my 79 year old dad fell for it completely. Something like $100 and they got him to install remote control software while they ran a virus scan. Of course that was just what was on the screen, who knows what they were really doing."
"My parents were scammed in a very similar way out of $50,000 about a month ago."
"This happened to a relative of mine, but for $80K. Though the thieves claimed they were working with the Shanghai police. The thieves were brazen enough to get her to not only transfer everything she had in her bank account, but to also cash in her 401K"
"I know somebody who fell for something similar about two years ago. Also out about $20k"
"My SO was inches away from walking through the finale of the scam, I caught it before we lost money"
The argument "nobody should be able to buy a system which has some protections in the design, because I want {geek code} on every device" just isn't good enough. And neither is the tech-world answer "they're dumb and deserve it". Buy an iPad and someone can maybe be conned into setting up a bank transfer, but not into side-loading a crypto coin ransomware, it's one level of defense in depth.
> "I'm currently forced to use one of those two mobile platform for my daily use"
And your solution is to drag iOS down to the level of Android or Windows? Who is forcing you? Why can't you use a dumbphone? Is this a "forced because I don't want to change jobs" thing?
> "and both choices are terrible in their own way due to anti-trust issues. You have absolutely zero power over Apple which owns your device anyway so I'm not sure why you would say that"
Apple owns your device is a lie, you bought it, you own it. Take it apart, take the LCD out and plug it into something else, see if Apple comes at you for breaking "their" device. They won't, because they don't own it. Turning "they didn't build it so I can run Linux on it" is not the same thing as them owning it, any more than Bosch not building a washing machine to let you run Linux on the controller does not imply Bosch own your washing machine in perpetuity.
Don't forget the fact that iOS exploits are cheaper than Android exploits because iOS exploits are so plentiful[1][2].
[1] https://www.theregister.com/2020/05/14/zerodium_ios_flaws/
This is a pretty pessimistic view. I'm sure the patches will be upstreamed soon. Even Purism works on that according to their "Fund Your App" page: https://puri.sm/fund-your-app/.
https://www.amazon.com/dp/B086H69SJ2/
I’d like to see the Apple 1 emulator please. I’d like to know which of iOS’ permissions you hit first.