And on the other side, the benefits of using iOS over Android spyware outweighs the cons now.
Apple lost my confidence after they removed Advanced Device Encryption for British users (plus implemented age verification for them).
https://discuss.grapheneos.org/d/14344-cellebrite-premium-ju...
https://support.apple.com/en-ca/105120
You're thinking of Apple saying they haven't detected a case of a device with Lockdown Mode exploited in the wild themselves. Extremely few devices use Lockdown Mode and Apple has very little insight into successful exploits so there isn't much opportunity for them to detect it in the first place. Lockdown Mode bundles everything together and has very inconvenient changes many people won't accept. That greatly reduces usage even by people fully aware of it who want a lot of what it provides. For example, there's
Apple has said they haven't seen a case of a device with Lockdown Mode being exploited which is extremely misleading. Apple doesn't have that much visibility into devices being exploited and would mostly seen failed attempts. All of the Lockdown Mode functionality being bundled together contributes to it barely being used. There's no opt-out system for most of it beyond disabling it as a whole. Only a subset of the Safari restrictions can be partially disabled per-app and per-site which doesn't fully restore web compatibility. It's more that hardly anyone is using it and that Apple doesn't have much insight into apps and the OS being exploited successfully in the first place. Lockdown Mode is definitely useful but people should read about what it actually does and compare that to how devices get exploited. Apple's memory corruption exploit protections aren't tied to Lockdown Mode.
https://developer.apple.com/documentation/Xcode/enabling-enh...
You can use iPhone being blissfully unaware it has malware on it even in Lockdown mode (which is essentially cope mechanism and Apple way of saying "we care about security, trust us bro").
But yeah, there is no doubt in my mind that they both collect as much as they can.
There are multiple objective reasons to believe that Apple is a more trustworthy actor here than other companies, including vulgar capitalistic reasons.
You can just say “pfft, wow, you really believe that?”, I guess, but if that’s your position there’s no reason to argue about this with you.
Also, for anybody from outside of US, its US 3-letter agencies that pose biggest actual security risk since US laws treat us as sub-humans. Apple is as translucent to those as Android. But I get it, its still much easier to make PR campaign based on security for Apple than Android.
The biggest loss for me was Termux. I had lots of scripts and such that I ran, plus just having a Linux environment in my pocket was nice. Luckily I found ish which gives me alpine Linux on top of a virtual x86 machine as provided by a JITC layer. I can host PWA apps out of that environment for local use. Of course I can also ssh to my unix like machines from there too.
I am starting to tinker with swift a bit more too. As with google, I could buy a dev key to deploy my own apps only this way I have all the window dressing and end to end encryption on cloud storage.
Maybe this will be a catalyst towards further evolution of the web app as Android devs want to carve out some freedom from the world domination corporate shadow government walled gardens.
That’s what forced me to finally bite the bullet and pay Apple yearly so I could develop an app for my friends and I to use. Would have much rather kept it as a PWA.
At some point you have the thing working to your satisfaction and just want to continue using it.
Or maybe everything is normal, but, oops, you forgot the last renewal and it stops working exactly the moment you needed it most.
Or maybe it's a normal day, and, oops, you forgot the last manual renewal, and now it's busted at exactly the moment you needed it most.
You forgot to factor in the cost of a Mac.
So I feel like, Something like this was/is possible but its immensely hard for something like this being used especially when a desktop os on a phone is so bad ergonomically speaking unless you have a keyboard mouse connected
A better option iirc is to use something like kivy[0] directly with termux, not sure if java might have direct options too or not.
What's the next step when ADB requires some hoops to enable? Will we say that but the eMMC has an unencrypted EXT4 partition, we can just desolder and write into it?
Still unacceptable, a better option would be to use something like lineage or some other aosp distro without the google services (hoping that nothing makes you dependent on them).
This still doesn't address the vast majority of people though (and that's what I'm concerned about the most).
What we need now is:
- short term, work on pushing apps not to depend on the google services so phones preinstalled with something like /e/ become a viable option for most people. Push our public services to stop mandating Google and Apple OSes for random stuff.
- longer term, work on making alternatives to Android and iOS viable options for most people (stability, usability and availability of services people use). The best candidate for that today is Linux mobile.
Breaking network effect around proprietary services is one of the strategies towards this.
Another one is reducing our reliance on computers (of any shape) altogether, maybe.
Jolla has a prelaunch campaign, decent phones for 200€. I might just as well grab one. Sick of having a phone which is more expensive than my laptop but I can barely use.
This is much worse than nagging about "untrusted sources".
each adb host has to be individually white-listed by an unlocked device. also the current behavior is that it auto forgets any white listed host that hasn't connected within 7 days.
So even when adb is on an attacker can't just plug into your phone and use it. Besides, I just switch it off when I don't use it