Oh yeah, they can spread malware for months, but I submit one fucking app that allows you create signs for your business for COVID-19 and all of a sudden I get a 'Sensitive Events Violation Suspension' and get a ding on my Google Play account.
Google has become Apple except worse because at least Apple is reachable.
Apple is pretty much the same, I've been trying to create a developer account for three entire weeks and it still shows as "pending" without info. I saw on the forums that for some people it can take months. It looks like some bureaucratic government body from the 90s.
I now advise my friends to switch to Android if they want to see the app, there's a limit on what I can put with. These companies should just be broken up in pieces.
Apps in the iOS App Store are allowed to embed silent spying that you can't disable (also known as spyware) that upload your location and activity data to third parties without your consent.
You're deemed to have agreed to this as a user based on the App Store Terms of Service.
Don't buy Apple's lies about privacy. It's just marketing.
Yes, but the permission is per-app. Let’s say I approve location for the app because the app’s function requires it: the third party spying SDKs embedded in the app send that location data off to third parties without notifying me or permitting me to stop it.
Apple permits this behavior in the App Store.
Furthermore, IP address is coarse location even if you don’t grant the app permission, via GeoIP databases.
Long story short, Apple allows apps in the store to embed silent, nonconsensual spyware that you can’t disable.
If an app's function requires location, how is it Apple's fault that the user decides it's better to enable that app to spy on him?
If I use Waze do I expect privacy from it when it's essential that it knows my location?
Furthermore, on iPhone you get a warning when an app abuses the location permission, unlike Android.
At least on iPhones you have per app control, on Android it's either "location on" or "location off"
> If an app's function requires location, how is it Apple's fault that the user decides it's better to enable that app to spy on him
Apple makes the iOS SDK and writes all the app store policies. They could deny apps that embed third party location data mining/spying that is nonessential to the app’s functionality, just as they do that now for checkouts/payments of subscription services that don’t use App Store IAPs.
Apple has taken an aggressive stance regarding the curation (alternately, censorship) of the App Store. Everything that is or isn’t in it is “Apple’s fault”.
They let App Store apps spy and harvest data for shady data and location miner companies.
> At least on iPhones you have per app control, on Android it's either "location on" or "location off"
Where did you get that notion? Location permission has been per-app since before Android launched. Even better, you can get your location without telling Google, unlike on iOS, which always tells Apple.
> Furthermore, on iPhone you get a warning when an app abuses the location permission, unlike Android.
If you're talking about https://www.cpomagazine.com/data-privacy/apples-new-ios-13-w..., this warning just covers a bug in iOS. Android already requires the app to request location permission to use any API that will allow the location to be inferred (e.g., Bluetooth and WiFi scanning). Therefore, no such warning is required on Android. The app already had to explicitly request location permission.
This argument is very much the same as saying “just don’t install spyware” and literally proves the point that neither store is trustworthy.
On Android you too have this featureset, though the settings app is very limited and also has the same problem as OP mentioned. Just look at whatsapp, constantly trying to launch all other facebook apps in the background (verify this with a freezing app).
On Android (or AOSP, Omni, Lineage and the like) you at least have fdroid as an alternative.
Apple also uses your GPS data to update its location service (for profit), and unlike Android offers no way to opt out — if you want to get your location on an iDevice, Apple will get it, too. If you want to do something crazy like write apps for your own device without having to reinstall weekly, you have to deanonymize yourself with payment.
>unlike Android offers no way to opt out — if you want to get your location on an iDevice, Apple will get it, too.
As far as I know there is not a way to opt out of this in (Googlified) Android. If you have Play Services installed (which you do, unless you've taken unreasonable steps to avoid it such as rooting and installing a 3rd party ROM), you get a dialog box popup whenever you enable location services which informs you that Google will be watching (it's framed as a consent dialog, but if you decline then location services will not be enabled). And you need location services even to use the GPS.
> And you need location services even to use the GPS.
This is the part that's wrong. Unlike on iOS, you can use the location API directly on Android without Location Services enabled, and the Location Services get location updates API will fall back to using that if Location Services is disabled.
If you don't like Google, installing a community ROM that doesn't violate your privacy would be perfectly reasonable. If you want a megacorp service but not from a megacorp, I think you won't find that anywhere.
But then all banking apps stop working (including the 2FA apps "required" for using credit cards from some EU Banks; for EC cards you luckily still can use ChipTAN).
Also mobile payment will stop working, normally I wouldn't care about that but currently paying without touching anything is nice.
Then some apps you need for work might stop working.
Not even speaking about hounded of other apps.
The problem is to many app depend strongly on Google services which are not part of Android itself but shipped with every Google Android phone.
And to many institutions except you to either have a Google Android phone or a iPhone.
I could get away most of the time with a non Google Android phone but I will would need a second Google Android phone like 5 times a month or so.
Not true. With things like magisk and systemless root, the banking apps continue to work. At least my 4-5 banking/payment/credit card apps all work, with lineageos and magisk.
But how do you replace FCM? I mean most apps which where not intentional distributed over alternate app stores will just try to send notification through it.
Also I'm not so sure how legal it is to side load a app which is only meant to be distributed over google play.
That's interesting to know, I was originally convinced by their marketing claiming the walled garden was at least helping a bit for security purpose but even that seems false.
I separate their concept of the sandbox (app permissions) from the walled garden (the App Store & the lockdown of user install). You can totally have a sandbox without a walled garden. It seems that in this case, the walled garden did not help in any ways.
The malware removes information off the device like the device’s name, country, and unique identifiers.
This part is complete conjecture.
According to Palo Alto Networks, it may also have the ability to push dialogue boxes to your iPhone or iPad’s screen. Theoretically, a bad guy could use one of these dialogues to steal your username and password or other personal information.
The malware may also be able to open websites in your mobile browser, which could be used for a variety of malicious purposes again including phishing and installing other potentially malicious software.
App stores are a trap. As developers we should be doing everything we can to keep the web alive. Every power you cede to a third party gets abused sooner or later.
Google has become Apple except worse because at least Apple is reachable.