Skip to content

update(blog)!: Add iOS vs Android Security article #3140

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 70 commits into
base: main
Choose a base branch
from
Open

update(blog)!: Add iOS vs Android Security article #3140

wants to merge 70 commits into from

Conversation

@friadev
Copy link
Contributor

@friadev friadev commented Sep 26, 2025
edited
Loading

List of changes proposed in this PR:

  • Add "iOS vs Android Security: What Each Can Learn from the Other"

closes privacyguides/article-ideas#39

@friadev friadev self-assigned this Sep 26, 2025
@github-project-automation github-project-automation bot moved this to Unreviewed in PR Review Status Sep 26, 2025
@github-actions
Copy link

github-actions bot commented Sep 26, 2025
edited
Loading

Your preview is ready!

Name Link
🔨 Latest commit e9a7b9d
😎 Preview https://pr3140.unreviewed.privacyguides.dev/en/

Please note that this preview was built from an untrusted source, so it was not granted access to all mkdocs-material features. Maintainers should ensure this PR has been reviewed locally with a full build before merging.

@friadev friadev marked this pull request as ready for review September 26, 2025 11:18
@redoomed1 redoomed1 added c:blog relating to privacyguides.org/blog ci:build blog Enable blog builds on a PR labels Sep 26, 2025
redoomed1
redoomed1 reviewed Sep 26, 2025
View reviewed changes
redoomed1
redoomed1 reviewed Sep 28, 2025
View reviewed changes
redoomed1
redoomed1 reviewed Sep 28, 2025
View reviewed changes
redoomed1
redoomed1 reviewed Sep 28, 2025
View reviewed changes
I-I-IT
I-I-IT reviewed Nov 6, 2025
View reviewed changes
Copy link
Contributor

@I-I-IT I-I-IT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very good article, but those are my suggestions

I-I-IT
I-I-IT reviewed Nov 9, 2025
View reviewed changes
Copy link
Contributor

@I-I-IT I-I-IT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updates

I-I-IT
I-I-IT reviewed Nov 10, 2025
View reviewed changes
Copy link
Contributor

@I-I-IT I-I-IT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

other remarks

blog/posts/ios-vs-android.md

There's also the matter of some permissions only being available in certain regions: Apparently, Chinese iPhones have a granular [network permission](https://sspai.com/post/35720) that can allow you grant specific apps network access. This would be a huge security improvement on iOS, and it's a feature that's already been implemented so it's quite confusing why they wouldn't ship this feature globally.

These permissions might protect you from third-party apps, but Apple's own apps can actually [bypass the system permissions](https://blog.xpnsec.com/bypassing-macos-privacy-controls/#:~:text=A%20quick%20review%20of%20Calendar's,How%20can%20we%20subvert%20this?). Allowing their own apps privileged access in the system is, in my opinion, both a privacy and security issue. This means that any Apple app could access your camera, microphone, etc without you knowing about it. I'd like to see Apple not make their own apps privileged, I think that would make users more comfortable and give them more control over their system.
Copy link
Contributor

@I-I-IT I-I-IT Nov 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The article linked mention them doing so on macOS. Is there more direct evidence of them doing so on iOS? I know they bypass the VPN Tunnel.

blog/posts/ios-vs-android.md

FingerprintJS supports [Android devices](https://dev.fingerprint.com/docs/native-android-integration) and claims it can identify the same device after it restarts, after app data/cache is cleared, after the app is deleted and reinstalled, after a factory reset, even if the app is installed in different profiles or user accounts. This is particularly upsetting since many people use Android profiles to separate out their activities.

I hope Google will see app fingerprinting as a real problem and take steps to mitigate it, especially between factory resets and profiles. I feel that those are the most important boundaries to uphold: a factory reset should be a clean slate, and a separate profile should be almost like a separate phone.
Copy link
Contributor

@I-I-IT I-I-IT Nov 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel like this should be tested by you or other team members who have a secondary Android (ideally Pixel GrapheneOS) device. Especially the factory reset claim. Fingerprint.com have an obvious economic interest to pump up their claim.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@redoomed1 redoomed1 redoomed1 left review comments

@jonaharagon jonaharagon Awaiting requested review from jonaharagon jonaharagon is a code owner

+1 more reviewer

@I-I-IT I-I-IT I-I-IT left review comments

Reviewers whose approvals may not affect merge requirements

At least 2 approving reviews are required to merge this pull request.

Assignees

@friadev friadev

Labels

c:blog relating to privacyguides.org/blog ci:build blog Enable blog builds on a PR

Projects

PR Review Status
Status: Unreviewed

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@friadev @I-I-IT @redoomed1 @jonaharagon