I like to refer smartphones as voluntary tracking devices. Cellular technology provides your location to the network provide as a side effect. Smartphones can also leak your location through other means. But location isn’t the only type of information collected by smartphones. Android has a sordid reputation when it comes to data collection. Part of this is because Google’s primary business is collecting information to sell to advertisers. Another part is that handset manufacturers can bake additional data collection into their Android devices. Another part is that Android lacked granular application permissions until more recent versions, which allowed application developers to collect more information.
Apple on the other hand has enjoyed a much better reputation. Part of this is because Apple’s primary business model was selling hardware (now its primary business model is selling services). But Apple also invested a lot in securing its platform. iOS provided users more granular control over what applications could access earlier than Android. It also included a lot of privacy enhancements. However, Apple’s reputation isn’t as deserved as one might think. Research shows that iOS collects a lot of information:
“Both iOS and Google Android share data with Apple/Google on average every 4.5 [minutes],” a research paper published last week by Trinity College in Dublin says. “The ‘essential’ data collection is extensive, and likely at odds with reasonable user expectations.”
Much of this data collection takes place after the phone is first turned on, before the user logs into an Apple or Google account, and even when all optional data-sharing settings are disabled.
“Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this,” the paper adds. “However, Google collects a notably larger volume of handset data than Apple.”
I can’t say that this surprises me. Apple is a publicly traded company, which means its executives are beholden to share holders interested almost exclusively in increasing the price of their shares. That means Apple’s executives needs to constantly increase the company’s revenue. User information is incredibly valuable. Mark Zuckerberg made a multi-billion dollar company out of collective user information. So it was unrealistic to expect Apple to leave that kind of potential revenue on the table. Even if Apple isn’t currently selling the information, it can start at any time. Moreover, if it has the information, it can be obtained by state agents via a warrant.
This brings up an obvious question. What smartphone should individuals concerned about privacy get? Unfortunately, Android and iOS are the two biggest players in the smartphone market. They are also the only two players readily available to consumers who aren’t tech savvy. GrapheneOS is an example of an Android version that offers better privacy than the stock versions found on most devices. But using it requires buying a supported Pixel and flashing GrapheneOS to it yourself. There are also phones that run mainline Linux such as the PinePhone and Librem 5. The problem with those devices is the state of the available software. Mainline Linux distributions designed for those phones are still in development and likely won’t meet the needs of most consumers.
Right now the market looks grim if you want a smartphone, are concerned about privacy, and aren’t tech savvy enough to flash third-party firmware to your phone.