Funny article about Apple’s ‘perfect privacy’

Hey everyone! This is the kind of post that will start a dumpster fire drama amongst the Apple fanboys. I’m not here to start a fight, but I’m here to share with all of you a funny article I found on the Internet. This article comes from a small website talking about tech news. That type of website that shows up when you make a search, but you never dig deeper because it looks like a scam. It is owned by Dotdash Meredith, that sort of company no one knows about, but owns a lot of small things. Their primary target audience is people from the US.

When I saw the title, I started laughing at the fact that Apple users will try to defend claims on closed source software, and how Apple is “more secure” than Android. I’m not here to say that Android is more secure than Apple (it’s impossible to prove as long as Apple keeps their source code closed), but I’m here to tell you that you can’t trust anyone on the Internet, even websites owned by companies you’ve never heard of. Again, we’re reviewing a single article written by one guy who’s obviously very qualified in privacy and security:

His expertise

• iPhone and iOS
• Android
• Smart Home Assistants
• Streaming
• Consumer Technology
• Microsoft Office
• Software and Apps

His gear:

My daily-use computer is a 2020 16” MacBook Pro (finally upgraded after years of using a much older, slower machine!) with two external monitors. I’ve also got an iPhone 11 Pro, an 11” iPad Pro with Apple Pencil and Brydge keyboard, AirPods Pro, a HomePod, a couple of Amazon Echos that I keep unplugged at all times for security, a three-room, 5-piece Sonos speaker system, a series 4 Apple Watch, and a pair of Apple TVs. Elsewhere in the house are a Nintendo Switch, a PlayStation 3 and PlayStation 4 with PS VR, a set of Philips Hue lights, and a turntable attached to a classic, quad-channel stereo receiver from the 70s that still sounds amazing.

Don’t worry guys! For security, he turned off his Amazon Echos! I’m sure that’ll help. Oh, and he even wrote two amazing books about iPads and Apple TVs! Yup, he’s definitely qualified to talk about privacy and security.

Anyway, let’s get into the “facts” from the article:

On smartphones, Android has the largest market share worldwide; about 85% compared to iOS’s 15%. Because of that, Android is the #1 smartphone target for hackers and criminals.

Android devices are very popular in the world, especially Asia, Africa, and South America. But for most readers of his article, the US market share is the most relevant. A quick online search will yield about 60% iOS and 40% Android.

So, market share is a good thing to have, except when it comes to security. In that case, being smaller, and thus a smaller target is best.

The market share thing is not really a point as it’s not really directly related to security. If you have a 20 years old unmaintained device connected to the Internet, people have probably found tons of backdoors and exploits to get into your device. If such an old device gets crawled by a bot, there’s probably tons of automation scripts that will try to get into it and grab all the data it can find.

According to one study, 97 percent of all malware attacking smartphones targets Android.

Now that’s just a number he made up? I’m not sure about that. Did I mention that all the links in the article either go to another article written by him, or to those types of random websites with either AI-generated articles super optimized for SEO, or just articles that can’t be trusted because there’s no sources (like this one, probably).

Still, if this number is true, it’s related to the worldwide market share for phones, it’s pretty logical that most malware will target Android. But does that mean Android is “less secure”?

According to this study 0% of the malware they found targeted the iPhone (that’s probably due to rounding. Some malware targets the iPhone, but it’s likely less than 1%). The last 3% took aim at Nokia’s old, but widely used, Symbian platform. That’s just one study, of course, but the basic trend is that Android is overwhelmingly most targeted by virus writers.

I’d appreciate a link to this study, please! Didn’t know though that Nokia’s Symbian was still used. I’m not sure if it’s still relevant to talk about it, and almost say that’s it’s based on Android.

The way Apple and Google have designed their operating systems and the way they allow apps to run is very different and leads to very different security situations. These situations should absolutely be considered if you’re choosing between an iPhone or Android.

Classic, the sandboxing argument. Surely it’s a good point, but can you compare SELinux, or AOSP implementations of sandboxing to closed source Apple code? Surely not. You can’t definitively ascertain whether Apple adheres to their stated practices. The joys of proprietary software! People get influenced by marketing and then will make up stuff about software they don’t have access to, as they try remember what they read in the marketing material. What a world we live in.

On the other hand, Google designed Android for maximum openness and flexibility. That has a lot of benefits to users and developers, but it also means that the platform is more open to attacks. Even the head of Google’s Android team admitted that Android is less secure, saying: “We can not guarantee that Android is designed to be safe, the format was designed to give more freedom … If I had a company dedicated to malware, I should also be addressing my attacks on Android.”

We got a source! “9to5Mac - Apple News & Mac Rumors Breaking All Day”, should be pretty tiresome to read that. Anyway, the quote is from 2014, is it a good source for an article written in 2021? For reference, 2014 was the year of Android 4 and iOS 7. SELinux was fully enforced in Android 5. No mention of that in the article. Weird.

Some Apple fan could say that iOS was secure from day one, but this official Apple documentation for iOS 7 defined “sandboxing” as permission-based access control and a single directory per app, which is not really “true sandboxing” (process isolation, etc) by today’s standards. You can’t definitively claim that both systems were completely secure in 2014, they had as many security holes as Swiss cheese. What’s crucial is that the system needs to be maintained and updated, which, to my knowledge, both systems do. Open source certainly doesn’t equate to ‘less secure.’ It depends on how you use it, how well the code is audited by different people, and how well it’s maintained—two things you can’t really know with closed-source software.

The article from 9to5Mac also cites Sundar Pichai (back then when he was Google’s Android head):

He also downplayed Samsung’s decision to use Tizen rather than Android for its Gear 2 watches, describing it as just one of many hundreds of products and that he was confident that Samsung would stick with Android for its high-end smartphones, even looking ahead a full year to the Galaxy S6.

You can see that this article didn’t age well! You can’t just apply information from 2014 to 2021. Samsung uses Wear OS since 2021 (when the article we’re reviewing was written, how convenient).

I know that I’m criticizing an article made 2 years ago, but it’s not like it will change anything, you can just paste what he wrote onto a new article and it will be the same. The article vaguely talks about basic security features, it doesn’t even go into details. It’s just a bunch of marketing material. Let’s continue though, because it’s fun.

Now the article is talking about app stores:

Another place that security comes into play is the two platforms’ app stores. Your phone can generally stay secure if you avoid getting a virus or hacked, but what if there’s an attack hiding in an app that claims to be something else entirely? In that case, you’ve installed the security threat on your phone without even knowing it.

While it’s possible that that could happen on either platform, it’s much less likely to happen on iPhone. That’s because Apple reviews all apps submitted to the App Store before they’re published. While that review isn’t conducted by programming experts and doesn’t involve an exhaustive review of an app’s code, it does provide some security and very, very few malicious apps have ever made it into the App Store (and some that did were from security researchers testing the system).

Could I again have some sort of source for this? Reading this article would only make an idiot believe what’s written here, nothing is backed up by facts or sources. Atleast the Apple fanboy website was some sort of source, but now this is just a random claim. Maybe, it’s true though, he heard or read that somewhere but we don’t know where. It’s just a claim.

Google’s process of publishing apps involves much less review. You can submit an app to Google Play and have it available to users in a couple of hours (Apple’s process can take up to two weeks).

I’m just gonna skip this, as it’s outdated, or he was just spreading wrong information. I’m not sure if it’s relevant as a privacy conscious user doesn’t use Google Play, but gets APKs directly, or uses F-Droid or some other alternative.

Both Apple and Samsung offer facial-recognition features built into their phones that make your face the password used to unlock the phone or authorize payments using Apple Pay and Samsung Pay. Apple’s implementation of this feature, called Face ID and available on the iPhone X, XS, and XR, is more secure.

Love this part personally, “therefore Apple is more secure.” - “Why?” - “Because it’s Apple.” - “Oh, okay.”

At this point he’s comparing Samsung and Apple, which is like comparing car brands and not caring about the model or engine. It’s just very random. We also don’t know why Face ID is more secure at this point. Let’s continue:

Security researchers have shown that Samsung’s system can be tricked with just a photo of a face, rather than the real thing. Samsung has even gone so far as to provide a disclaimer to the feature, warning users that it’s not as secure as fingerprint scanning. Apple, on the other hand, has created a system that can’t be fooled by photos, can recognize your face even if you grow a beard or wear glasses, and is the first line of security on the iPhone X, XS, and XR.

Biometrics can be safer than your regular 1234 PIN, but fingerprints are definitely more secure as it’s harder for a single person to fake your fingerprint than your face. Again, this is Apple vs Samsung, not Apple vs Android. I’m not sure why he’s comparing those two, but it’s probably because Samsung are often considered the “Apple of Android”, the main difference being they don’t have a big notch on their phones with sensors mapping your entire face, probably not only kept locally on the device, but also sent to Apple’s servers for processing, and help improving “the user experience” and “machine learning” (fancy words for “we’re spying on you”). Oh yes, Samsung probably does that too, you can’t compare two proprietary systems, you don’t know what they do (Samsung One UI is closed source too, whilst being based on Android).

One thing that can dramatically reduce iPhone security is whether the phone is jailbroken. Jailbreaking is the process of removing a lot of the restrictions that Apple places on iPhones to allow the user to install virtually whatever apps they want. This gives the users a tremendous amount of flexibility with their phones, but it also opens them up to a lot more trouble.

Ah yes, 3rd party (everything except what Apple thinks is safe) == unsafe. Seriously, what is this guy talking about? Installing 3rd party apps is totally safe if the source code and their dependencies are fully open-sourced, the code has been audited, etc. Of course, iPhone users don’t care about privacy, they care about convenience. When most of them think of privacy, they think of their lock screen passcode. It really seems like they live in a different world, where iOS is different and more secure. When in fact, it’s just a closed source system, with a lot of marketing and a lot of people who don’t know anything about privacy and security. Privacy isn’t just about “not getting hacked”, it’s about not getting tracked, not getting spied on, not getting your data sold to advertisers, etc. It’s not just about “security”. Most of end users think that security is a PIN code or a fingerprint, and that’s it, no RCE vulnerabilities or anything like that exist for iOS, right? Anyway, let’s go on:

In the history of the iPhone, there have been very, very few hacks and viruses, but those that have existed almost all attacked jailbroken phones only.

No source, and didn’t he mention earlier that there was less than 1% of viruses targeted at iPhones? So there were viruses? I’m confused. Does he also know that what his phone does is not limited to what he can see on his display? Reading this is making me feel like I’m in a parallel universe. I’m not sure if I’m the only one who feels like that.

So, if you’re thinking about jailbreaking your phone, keep in mind that it will make your device much less secure.

Of course, doing something you aren’t supposed to do on proprietary hardware is not the safest thing to do. It’s like rooting on Android or installing a custom ROM. It’s not the safest thing to do, but it’s not like you’re gonna get hacked the second you do it. GrapheneOS is a good example of a custom ROM that’s arguably more secure than stock Android, but it’s not 100% secure, just like any other system.

One could argue that most vulnerabilities stem from users themselves. If you decide never to connect to the Internet, there’s no way an individual or corporation could access your data. This is just one example of how to prevent your photos, notes, and other data on your phone from being uploaded to a server somewhere. That’s why sandboxing multiple systems with Internet or not is the safest, QubesOS is a good example of that, but that’s for another article.

The article just ends here, alright then.

Thanks for sticking with me until the end, I hope you enjoyed my suffering due to reading those types of articles, and I’ll see you in the next one!