Comment by jackstraw42
15 days ago
> F-Droid's curation saved me at least once when I wanted to upgrade my Simple™ apps and couldn't find them in F-Droid anymore, which led me to learn that SimpleMobileTools was sold to a company that closed sourced the apps[1] and that there's a free fork called Fossify[2].
> Had I installed these through Google Play, they wouldn't have cared about this particular change and I would've gotten whatever random upgrades the new owners pushed.
sheesh. I've spent my whole mobile device life on iOS and am just now learning an Android device. While I feel I have more control over the finer details of my personal privacy and security, this ecosystem is a total minefield if you care about avoiding spyware and malware.
I'm glad I trusted my instincts and only installed F-Droid first before any apps from the Play Store. Just now found the Isolation app so I can create a Work Profile and separate personal life from the life that the relentless data vacuums are constantly trying to pull from the simplest apps these days.
Neither mobile OS is perfect, but I feel like I was correct about Apple having the user's personal privacy still much more of a priority than Google. There was never any question if those were the two options, IMO. But it does seems like now, finally, Android might be ready to deploy as a mobile operating system for the public. I'm fairly certain that this Android ecosystem that's used its users for so long as guinea pigs (not just Android, but the full unrefined and frankly unsophisticated media sphere as a whole that's been figuring out how to effectively work on us) has harmed the last generation or two beyond repair.
This became all too clear when the first thing I did on my first Android device a few weeks ago was install an offline keyboard from devs with my privacy interests in mind. Spent a few minutes thinking about what it would have been like living with this shitty keyboard system on iOS and realized that honestly, I am lucky that I stuck with iOS through all of this and feel like my mental health is much better than it would have been had I been fighting a malware-riddled Android device this whole time.
edit: I'm not saying you shouldn't use Android or that it's a bad idea, I do think that it is solid enough now (and maybe has been for a while, I don't know) that I can safely protect myself after learning. But ask yourself if all Android users would take the time to properly learn? What about kids?
We use Nara to track our baby's food intake and sleep.
A couple of months ago I noticed Little Snitch complaining about the app making new connections to malware domains. Thankfully I can run the app on macOS and noticed it.
When confronted with how this violated their Privay Policy, they gave a condescending reply. When I contacted Apple about this new update to the app, they ignored my report.
So… no, we're not safer on iOS. Perhaps the barrier to entry is a bit higher to discourage some low-hanging fruit, but Apple does very little for the 30% commission it takes.
They mean safer from apps like NewPipe which threaten their margins by giving users their attention back.
Safer from apps that do insane but legal data collection is what I am worried about. Why would a foreign adversary need a hacking team when they can just buy what they need from an American company built to sell detailed personal information on Americans using shitty malware-riddled products?
It's not like they're the only bullies in town (@bigG: try to remember "do no evil" and you were an actually cool tech company rather worth applying to, worth having on your resume).
I paid for Prime Video to remove ads only to find that now they'll play skipable ads again at the start of a movie and this time I don't even have the option of paying again..
I'm not against big profits, and I'm definitely not in favor of more regulation to attempt to fix it but I am against mico-maximization of profit with obviously consumer-unfriendly behavior. The way to fix it, IMHO, is to start over with yet another small guy that comes in and does it right. Angel Studios is doing pretty good and although the content selection is much more limited, the overall vibe is great, feels safe to leave children around for more than 2 minutes (unlike youtube kids).
we must think of the shareholders!!! No, how can you! I want to give billionaires more profits that would most likely just be a number to them while selling myself for them, Noo.
(satirical post)
> Perhaps the barrier to entry is a bit higher to discourage some low-hanging fruit, but Apple does very little for the 30% commission it takes.
As someone who is diligent about staying on top of these things, I thank you for sharing this because this is what I'm talking about: it is not clear at all to an average user who is trying to do task X with their phone (note that's *not* "do task X securely while protecting personal data").
I figured Apple didn't do a whole lot, but I still feel the policies must do something. Please do tell if you know specifics though. And I am very disappointed with all the near-literal shit that's flooded the iOS app store the last few years. Overall, my opinion about it all is that we need to take some time to think about everything we've learned and rebuild something new from the ground up. GrapheneOS seems promising.
> but I still feel the policies must do something
That has been the problem with Apple, a lot of feeling inspired by nice UI design, and a lot of screw-you-over in the background (draconian dev policies, nonsense security requirements that make you less, not more, secure, and money grubbing that doesn't make the users any better off)...
Maybe in a world with Steve Jobs, it could have been different, who knows. I don't get the sense that Tim Cook "gets" it.
4 replies →
I've ran Graphene for a year to complement an iPhone; sadly, Device Attestation makes it non-viable as a main phone. Banking apps and what we used to id ourselves are a whack-a-mole of incompatibility. For everything else, I do think it's a great solution.
For reference on Nara, it tries to connect to domains such as dewrain.*, vaicore, akisinn, etc. (many TLDs) Little Snitch was the only way I'd know. Sadly it means we're unsafe on iOS and Android, so we've stopped using any features that might be or leak PII. Just milk and sleep.
This unnerved me so much that I'm building an app for parents on the side. I can't believe our options are free with trackers or expensive (with trackers). And Nara was clean before the update around March.
2 replies →
:( Would you be willing to share Nara's full reply?
Oh, I remembered it wrong. It's just an automatic reply. The condescending one was to my suggestion to use median values instead of averages.
Would you even find out if an app has been sold to another company on iOS app store? It's confusing to see all of that diatribe when it doesn't even do much (if anything it almost lulls you into a false sense of security), and you just have less options to choose from to get around being locked out of using your device for apps you want.
> Would you even find out if an app has been sold to another company on iOS app store?
On this particular issue, no. But I also make a habit of not leaving old apps that I don't use lingering around on my phone. And I'm pretty sure I know all of those haven't been bought out by a data predator, apart from 23andme.
I just trust what Apple has done in other areas for my personal privacy and security, and I know they have insanely high and probably unreasonable standards for their app stores. and I don't install obviously predatory garbage apps. I feel like I could have only achieved this level of confidence in my mobile device with iOS. And to be clear that's just an opinion :)
Insane and unreasonable standards sounds right, but I'm not sure about privacy and security all that much. It's just naive to assume something is totally malware free, and they're not actually disincentivized from just keeping some more subtle scammy apps around if they just generate them 30% fee revenue anyway. There's a bit of magical thinking that goes into assuming just how "good" they are at it, when they literally just don't even do some of those vaguely insinuated things.
(to me, if some os is unable to have both freedom of installing apps/sideloading and security (with help of malware checking and other measures that keep bad stuff away), and only able to achieve that "security" only by completely locking down what apps can be run and how apps are obtained, it seems like either a failure to accomplish actual security there, or rather just a pretense to keep a platform locked down.)
14 replies →
> I know they have insanely high and probably unreasonable standards for their app store
[2022] https://www.bbc.com/news/technology-34338362
5 replies →
"What about kids?"
They usually have someone more mature watching over them as there are also other dangers in life except malware on their phones.
(Also, when I was a kid there was no one to explain me the internet, so I learned on my own and understood it better then those responsible for me.
But it was a different internet back then. )
Don't know about a mature but I wanted to play pokemon yellow on my mum's phone and I was in 2nd grade iirc and my brother just told me to search pokemon yellow rom myself and learn how to download/pirate it. He didn't help me at all, even though. he had pirated it earlier.
Made me learn pirating which went into more and more technical untill I think nowadays I dabble in playing pirated games in linux and linux scripting and just general coding.
There was no mature watching over me. I was downloading everything dude, heck I had once downloaded hollow knight as an apk to play it and I am pretty sure that it was a malware which i had quickly deleted as it wasn't working but now yes we've even migrated over from the phone.
So in a way my mature watching over me was saying, Idk learn it yourself, fuck around and find out.
I kinda think that grapheneos would be really nice for protecting your phone from something like malware from what I've heard.
downloading ROMs helped me learn how to do things the right way too. but even back then those kinds of places were filled with traps, remember pop-ups and pop-under ads? from that point forward, learning how to safely download ROMs and whatever else I wanted to do on the internet just felt natural.
What worries me though is that maybe we weren't the norm, maybe we were the exceptions.
1 reply →
Odd take. On iOS there is no F-Droid so your options for simple apps is the same ad riddled “in app purchases” crap it is on GPlay.
Apple has made policy changes and changes to the app store to make it clearer which apps to avoid. Apple really cares about my privacy, or they tell me they do and I believe them. I think they do because they know how important brand loyalty is to their customers. It's pretty much the thing Apple lives on, never losing the customer's trust. Google clearly leaves it more or less up to nature.
>Apple really cares about my privacy, or they tell me they do and I believe them.
https://en.wikipedia.org/wiki/PRISM
5 replies →
And yet, SparkCat ran around on the iOS store for at least a year. [0]
[0] https://www.tomsguide.com/computing/malware-adware/malicious...
1 reply →
To be honest, Apple lives on their walled ecosystem and people fanboying them.
I am sure that you aren't a fanboy but I would be skeptical of any company saying that they value about your privacy when the recent debacle went on.
Like hear me out, Apple encryption was being backdoored and the only reason that it got leaked was by a whistleblower and it was illegal for apple to even discuss it.
So chances are, that if that whistleblower hadn't leaked, I am not sure if he's facing jail time or not and if Apple wanted to live in the UK which I am sure they are, then they most likely would've enforced a backdoor.
Would we be any better knowing it? Like when a company's profits incentives is affected because a country wants them to have a backdoor in secret closed doors and not even reveal to the public...
I wonder how many other backdoors there are that we just don't know of y'know.
So I wouldn't say that they care about your privacy. They show that they care about your privacy because that's become a USP to them and quite frankly, after this whole scene, I am not sure how they can prove that back.
The only thing that's literally not tracking you is open source for the most part. That is the only thing and f-droid takes open source apps.
There are even games on f-droid but yes I know that games are just a weird niche which has a lot of malware/exploitative. I hope that more people can create open source games and we can contribute to them along the way.
Whenever, there is a company involved, Deep down, they care about themselves and not you, they really care about the shareholders,everything else is temporary imo.
But there are some companies run by people who have a moral spine and we need to applaud them/use them but in my opinion apple is too big to have a moral spine when they can repackage the same Iphone for god knows how long, but they are still better than google whose literally an ad company but open source graphene os with f-droid is a better option and you are showing a false dichotomy of sorts.
I hope that I can point you into better direction with graphene os + f-droid, both are open source and they are the only one I would sort of trust with my privacy because its code and the code is generally neutral, it has no incentives to sell me anything most of the times yknow. It is like clippy of sorts lol.
11 replies →
The topic of kids is a whole another debate - whether or not it is wise to give them an Internet-connected device - beause the same general concerns regarding the Internet exist on iOS as well.
Regardless, if I had to give them a device, it'll definitely be a Linux-based one.
Billions of people use android phones without malware, you are exagerating slightly.
I had never seen Android malware until my mom showed me her phone. I think she's barely ever installed an app on purpose in her life, but there it was this malware that looked like the husk of a legit app repurposed to show banner ads after every phone call
My MIL has an ungoogled huawei phone. She was trying to get some app and family told her she needs to get the play store to get the app.
Holy fucking shit. What a hive of scum and villany you encounter when searching for the play store. The first link on google launches a full screen PWA that looks _exactly_ like the play store. It took me a hot minute to realize that I was about to install something unsavoury. I almost wanted to dunk the phone in some bleach.
I'm an android user, and I prefer it over iPhone, but the surface area for attacks is way way way too large. Users who are less technically inclined are so damn vulnerable. I don't know how to fix this.
2 replies →
Depends on your definition of malware.
If you consider adware to be malware, which I personally do, then I would estimate close to zero Android phones are operating without malware.
I don't really see how you can guarantee your Android phone doesn't have malware, I feel like you may be exaggerating here.
I also don't mind the downvote, but if you would please tell me how you are able to guarantee your Android phone doesn't have malware, please tell me instead of hiding behind a downvote. Otherwise my solution is don't use an Android device.
wow, downvotes on all three comments! thanks, stranger.
> I don't really see how you can guarantee your Android phone doesn't have malware, I feel like you may be exaggerating here.
Can you do it on an iPhone? (You can't.)
Between android and ios, which platform is considered more secure or safer? It's not easy to find out directly, but bug bounty programs can be used as a heuristic. Guess which one it is, after both being the same for a long time? (It's android).
You can check out https://www.wired.com/story/android-zero-day-more-than-ios-z... and https://cyberscoop.com/ios-zero-day-zerodium-high-supply/
> I also don't mind the downvote, but if you would please tell me how you are able to guarantee your Android phone doesn't have malware, please tell me instead of hiding behind a downvote. Otherwise my solution is don't use an Android device.
The same way you guarantee it on any other OS, be it windows or macos or linux. You do your best, don't download sketchy apps, and don't be a political figure. Of course that doesn't guarantee it, just makes it 99% likely.
> Otherwise my solution is don't use an Android device.
Do you think you can guarantee this on an iPhone? May I ask you how you are able to guarantee this on iOS?
(I haven't downvoted you)
12 replies →
You're getting down-voted because you're structuring the argument in an unwinnable way, and I think you know that. None of us can prove that any phone doesn't have malware. Seems like you're arguing in bad faith.
1 reply →
I guarantee no malware by using fdroid
2 replies →
I didn't downvote you, and it's against the rules to focus on the voting anyway.
1 reply →