I see what you're getting at but that decision has little/nothing to do with Apple's stance on privacy.
* iMessage still uses end-to-end encryption for messages in China.
* iPhones sold in China still utilize Secure Enclave for privacy/encryption.
* Aggregate data still uses differential privacy in China.
The government made a request of them which did not compromise their user's security, and they obliged.
Compare that to when the US government requested backdoor access pass Secure Enclave and they absolutely denied that request.
I agree that it's unfortunate for Chinese users that their government is placing additional limits on the available software in that ecosystem (as well as other ecosystems, I'm sure). But so long as the government is not asking Apple to compromise its users privacy I don't see any strong relation to corroborate the idea: "privacy matters, unless it's in your fastest-growing market".
This also shows that if we care about the preservation of privacy, we can't depend on technology to solve the problem on its own. No matter how well-engineered software might be, it's ultimately subordiate to national and international law. A company can refuse to cooperate up to a point, but a government can always force it to either comply or cease doing business.
The Verge's recent technology survey showed that at least its audience believes that Google and Amazon are better protectors of personal privacy than Apple, so their strong stance on encryption and privacy is not yet completely effective in differentiating them from competitors. Hopefully articles like this will enhance the perceived value of privacy, because we need both private and public entities to agree on privacy for it to be effective.
"it's ultimately subordiate to national and international law"
That is true, but in the US a big problem is that part of the government is breaking the law with its surveillance. In that situation technology can help quite a bit. The constitution states that the government needs a warrant to search ones private papers. Encryption works great against illegal government snooping. When the intelligence agencies and Congress starts talking about requiring back doors, like the Clipper Chip or the Apple request, society can hear about it and push to keep the back doors out. Worked with the Clipper Chip at least.
Yeah I tend to agree with you - if Tim Cook refused China's request and subsequently got all iPhone sales banned in China, the stock would tank and there would be chaos / folks calling for Tim to resign, etc etc.
I agree with you. I'd even bet that in 10-20 years, the primary purpose of nation-states will be technology management, if that isn't already the case. Administration by software seems inevitable, with the main problem being ensuring that the software is acting in our interests. We'll likely encode policies into something like Ethereum contracts once we have more reliable infrastructure.
Ethereum does not have that broad of an application. You are engaging in rather wishful thinking. Nation states exist because people have different traditions, values, language, history, economic and political systems.
Yes, there are important differences, and I don’t think Ethereum will fill the various needs, which is why I said “something like Ethereum.” With all the differences in nation-states, we have come to a kind of equilibrium today where each one has a convertable fiat currency through historical convergence. Each one has a similar hierarchical government claming authority through popular mandate. That’s an amazing consistency considering the different origins.
I’m not wishing for any particular outcome, but considering past convergences and future potential, I’m simply saying it’s likely that some kind of smart contracts operating on distributed computing platforms will eventually become standard processes for law enforcement once computation is more ubiquitous.
>* iMessage still uses end-to-end encryption for messages in China.
Do you think Apple would refuse to swap out the public keys if ordered to by the government? Have you ever wondered why iMessage doesn't allow out-of-band key verification?
This is my fear. Apple nicely shows all devices on my account, but how do I trust there aren't some invisible NSA devices on my account that also get all my iMessages?
I still think there is a market driver (China TAM) that motivates the behavior as much as anything here. I guess we'll see if the slope is slippery or not.
China is indeed a major exception to most tech companies policies. It's either play by their rules or don't do business in that country, and unfortunately it's not just Apple who makes the financial decision over the human rights decision.
It's one of those things we choose not to talk about because it's very uncomfortable to see where our loyalties actually lie.
It has always been clear to me that this privacy stand is maybe 20% Tim Cook and 80% strategy. The privacy card works well as a differentiating feature from Google products. So, we have a situation where the interests of Apple and a chunk of users are temporarily aligned.
We have stay continuously aware that this is probably a temporary situation and laying all your eggs in one basket is a bad idea. When governments of larger economies start forcing their hands with bans, etc., they will follow the money.
In hindsight, I think the popularity of macOS among UNIX fans has been detrimental to the development of open source software and open ecosystems that can provide more long-term privacy, by sucking a lot of manpower/energy out of the Linux/BSD ecosystem. (I am also guilty as charged.)
Quite the contrary, macOS has been a boost to Unix. You are rather naive idf you think all macOS users are potential Linux users. macOS helped make Unix a strong competitor to Windows. It helped demonstrate that a Unix system CAN be user friendly something many people used to think was impossible.
Thanks to the rise of macOS windows has become a second class citizen for many development tools.
The non-gui layer of macOS and Linux can for the most part easily be shared. It means open source developers of non-gui tools have a much bigger usergroup and potential contributors.
That way, Chinese people would be worse off security and privacy wise though. Think it through: Apple pulls out of China, the Chinese government makes the use of iPhones illegal, the Chinese people lose access to iPhones and with that to the secure enclave, end-to-end encrypted iMessage, secure boot, etc.
So in the end, Chinese people wouldn't just lose 3rd party VPNs (the first party ones are AFAIK still present in iOS), they would lose all the security features.
Wasn’t that a response of one of their Chinese offices being hacked with the intention of corporate espionage?
As far as I’m aware, from a privacy perspective, Google never had moral problems doing business in China. They’re just using it as a convenient excuse that makes them look good.
>These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all.
In other words, government censorship and attempts by the government to undermine user privacy were ultimately what led to the move out of China. The straw does appear to have been the hack, but the ultimate goal of the hack appeared to be to steal user data.
>Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists.
> You can’t do that. It’s China. It’s one of the largest markets on Earth and Apple is a public company. Cook would immediately be fired by the board. They’d put someone new in, and that someone new would comply with China’s demand.
Somehow, that didn't happen when Google effectively withdrew from China.
Yes. They also have all manufacturing there. I imagine if Apple did pull out it would be so embarrassing to the Chinese govt they would close the foxconn facilities too.
If Apple were to pull out, even if the board didn’t fire Cook for that... would they be able to make phones? Is ANYWHERE on Earth capable of that other than China? I suppose you could buy all the parts from China and have them shipped somewhere else to be assembled but what would that do to the cost of the devices?
Would anyone buy an iPhone that starts at $1500 or $2000?
> Cook would immediately be fired by the board. They’d put someone new in, and that someone new would comply with China’s demand.
That would indeed take courage and principles on Cook's part. If the board had courage & principles they wouldn't fire him. And if they did — they'd demonstrate what sort of men they are.
I imagine a lot of stock holders would move to replace the board if the board agreed with Cook.
> Tim Cook would have his self-respect.
I agree. And I hope he’d hold the line.
But I think the people of China would be worse off. Stockholders would be worse off. Apple would be worse off, which means as an American buying heir products it might make them slightly worse for me.
I don't support their decision, but that is a weak argument. All major companies have factories they work with in China. They are already funneling money to the Chinese government via taxes, fees, etc. In the privacy pie, removing the apps is this tiny sliver, the major chunk of the pie is where the Chinese government continues to get revenue to fund their censorship apparatus.
They need to comply with laws in all markets in which they operate. We can disagree with those laws and speak out against them but it is not our place to decide laws for others. But should Apple pull out of the market in protest? I think that iPhones being available is probably better for China than no iPhone as a protest over the law requiring all VPNs to have a valid “license”. Definitely there is a line that can’t be crossed (i.e. if the chinese government forced Apple to enable GPS tracking of all citizens I would expect them to say no) but to me this does not cross that line. People can still compile and install the app on their phone themselves (though it is harder than if it were on the AppStore). What is happening in China is so tragic and I truly hope things change in the near future so they can reach their full potential as a nation.
let’s not forget, in China the government controls the entire internet. If Apple didn’t want to take down the listing, they could easily pull down the entire AppStore (if not all Apple services) with one phone call, just as they did with facebook.
It is unfortunate that the Chinese government made those demands. By no means I am trying to defend the Chinese government. That said, there is a difference here. Apply was trying to comply with the laws in China (I cannot think of a single country where you can operate above the local laws). However, here in the US, it was requested by FBI, not a court order or subpoena. It is not fair to Apple or other companies by forcing them to enforce human rights while doing business. Google pulled out of China not because of human rights but because they were losing to Baidu in China market. It was more a business decision than anything else (Google spins it differently of course).
Never forget people, Apple's emphasis on privacy is only a means to an end, that end being "making money". If Apple needs to relax privacy to help its bottom line, it will, as this example so incisively demonstrates.
It's not that anyone is "forgetting it". Right now Apple's chosen way of making money - charging more than its competitors so it doesn't have to collect and sell users data (Google) or install third party crapware on its devices (almost every OEM) aligns with my interests.
I am not bombarded with ads when I use iMessage on my Mac like I am when I use Skype on my Windows PC.
Apple has built in support for third party ad blockers. Google would never develop a system to allow ad blockers in Chrome for Android.
Reading about all of this is so surreal for me as a German. I read about these "great" policy and all I can think is ... "so, they do the minimum required" .. what's there to praise? Then I remember how US (companies) tend to think about privacy and get very sad. Stronger penalties for anyone breaking relevant privacy rules cannot come fast enough.
In everything that keeps happening in the US with regard to leaks and advertisers watching you and Facebook profiling you... I’m not sure it’s fixable.
Until a large chunk of congress, and probably the R chunk due to their privacy law stance, gets a TON of embarrassing stuff leaked to the public or better yet ‘shared’ when they weren’t expecting it... I don’t think anything will change. We won’t get real laws to protect people.
And a decent sized part of me says not even incidents like that would do it. It would just be blame-the-victim and you-accepted-that-policy and the laws wouldn’t really change.
Germanys data protection laws bind the government too. The government cannot request any data they like without a valid reason (though still too much in my opinion).
There are a lot of checks in the US that require a "valid reason", but in the end the people granting those requests tend to rubber stamp everything that goes across their desk, and the only rejections are for people who make errors on the request form.
It might stop a really egregious violation (spying on political rivals for example), but for general public the protection is pretty weak.
> Wired recently deployed a team of experts to deconstruct Apple’s code and found its differential privacy practices to be lacking, a characterization that the company strongly disputes.
If by "deployed" they mean "interviewed about their work". I don't understand Time crediting Wired with the research[0], which does a disservice to their actual sources of funding.
I’m a big fan of this - want to point out that the motivation behind this is as much economic as it is philosophical. Apple’s stance on privacy is 100% in their economic interest because it negatively impacts Google, Facebook and Amazon’s data-driven business models without Apple looking like a bad actor in the ecosystem. These companies are its biggest threats in software and it puts moats around Apple’s hardware business
From what I've heard from a friend who works for Apple, it's more than skin-deep, they have a strict internal culture of user privacy. It's difficult to get permission to report any kind of user data or to bypass the sandbox, for example.
I don't mean accessing data on their servers, but rather analytics and the like. They don't get shader content in their crash reports because it might have been generated from user data somehow.
This might as well be titled - Forget Iphone X-Apple's Best Product is that they are not out to sell you anything else - ads (Google) or other products (Amazon). If a stance on something is due not having a particular type of business, is it really worth the praise?
But it's chicken and egg, right? They don't have that particular business because they made the choice of privacy long ago? Even if they're not in the ads business because of a series of lucky decisions that just happened to steer them this way, there's nothing wrong with touting a selling point.
No. Apple has had the same business model always, which is to sell you hardware differentiated by software at a premium. Apple doesn't have an advertising-based business model[1] because such a model is fundamentally incompatible with their existing business model. The reason is that for an advertising based model to be truly successful, you have to reach as many consumers as possible, which ultimately means that your product must be free to use for consumers.
Apple's stance on privacy is making a virtue out of necessity.
[1] Yes, yes, I know: iAd. But how well did that work?
There are reports that Apple has an internal committee, including a high level executive, dubbed their "privacy czars" which are required to unanimously sign off on any instance of user data collection, and this committee has actively limited products like Siri over concerns [1]
There's also the San Bernadino customer letter, which has become a defining point in their privacy history [2]. They didn't have to publish that letter; they could have fought it privately or not fought it.
There's really no fundamental reason why iAd couldn't have become a more powerful revenue generating part of their platform. They sell enough iPhones to reach a broad market. But, per [1], reports say that the team ran into internal privacy concerns which constantly forced limiting its capabilities.
Apple is fundamentally different, in ways that can't solely be explained by their product history and revenue sources. Companies like HP and Samsung make consumer hardware, but also generate revenue by selling their customers' data to third parties. Its clear to me that Apple does consider Privacy a revenue-generating product that they sell.
Of course, you can argue that maybe they wouldn't take that stance if they weren't so successful in hardware; that Privacy is a privilege afforded to them because of their success, and less successful companies need that advertising revenue. But now we're arguing hypotheticals, and I'm not going to partake in that.
There's really no fundamental reason why iAd couldn't have become a more powerful revenue generating part of their platform.
Maybe iAd could have performed slightly better if certain policies had been different. But iAd still had to compete with Google and Facebook whom by virtue of reaching effectively everybody, offer a much more attractive value proposition to most advertisers. Apple simply can't compete with that. And every decision Apple would have to make in order to be more competitive would be at cost of harming the user experience of their products, ie. the very thing that makes them able to charge a premium in the first place.
Of course, you can argue that maybe they wouldn't take that stance if they weren't so successful in hardware
That's not the argument I'm making. At all. My argument is that advertising as a business model is fundamentally incompatible with selling premium hardware products. To be succesful at one means making strategy choices that prevents you from succesful at the other.
My experience leads me to believe that many other companies have privacy reviews only to the level required to keep them out of legal trouble. It is an inconvenience, not a feature.
Apple's advertising customers certainly felt they were doing things differently.
>advertisers became increasingly perturbed that Apple refused to give them access to the wealth of data iAd had on its consumers from Apple's hundreds of millions of iTunes accounts. And it moved slowly to keep up with the latest ad-tech developments, such as cross-device retargeting.
Stefan Bardega, media agency ZenithOptimedia's chief digital officer, told us: "iAd has long been a story of unfulfilled potential. Apple has unique customer-level data that is hugely interesting to advertisers but has struggled (despite talented sales teams) to access that data in a way that doesn't conflict with the core business."
Another media-agency director who asked not to be named told us iAd got little support from the wider Apple organization
He said: "For me, they never understood that they needed to behave like a media owner, rather they could go it alone charging what they wanted, not sharing data, no third-party tracking
Even iAd was a way to allow the sale of ads while still respecting their user's privacy.
For instance:
>Apple doesn’t like to hand over information about its users, not even to benefit its own business. When the iAd team wanted to use information about users’ iTunes purchases to target ads, Apple execs said no way.
I feel this is a legitimate criticism of Apple. Not only do they sell the product at a price that funds development (and gives them a healthy profit) they also sell unavoidable Ads (in the AppStore).
Ads in apps themselves I'm reasonably ok with (just avoid those apps). But having an unavoidable advert in the Appstore is annoying.
Overall however, I find it to be a minor annoyance.
Yes, Apple itself gives me more control over privacy than just about anyone. On the other hand, it facilitated an app ecosystem where most apps have to make money through ads, data collection, or crappy in-game purchases, and there goes my privacy. Maybe the largest company in the world is powerless to stop people from wanting free software, but that's also a major reason it's the largest company in the world.
Seriously? The App Store ads? Great. I was getting really sick of searching for exactly the app I want then having the first result be an ad for something else. So user-hostile.
Why would you want to "praise" a company. Publicly traded companies operate for financial gain. If you feel a company is supporting your interests you might want to consider buy their products.
Make sure it's known that you're buying their product because they support your interests. They will hopefully see that it's good business to continue doing so.
That's a much more robust way to get the products (and ecosystem) that you want than by praising them.
Facebook, Microsoft and Google collect all your private information and share it with themselves, the government and some with the advertisement industry.
Apple collects some of your private information and is forced to share it with themselves, Nuance and the government (subvertly see snowden and interpolate).
That's what I thought. So my private information isn't really shared with anybody, is it? I mean I guess if I were to place an ad targeted to black men that speak french and you answered it, I would learn that about you.
Apple's position on privacy also led me to switch to iCloud recently. I migrated my mail and drive to iCloud (from GMail, Google Drive) for this very reason and while there isn't always a 1-1 feature parity, I prefer to know that my data won't be used to analyze and categorize me for the purpose of advertising.
I suppose I should clarify that I'm referring to the data being used to classify me into various (increasingly specific) categories and that resulting output being sold to the highest bidder in the form of a targeted advertisement. Dropbox I'm less familiar with, so I can't speak to their model.
There's not a great way unfortunately. I just switched all of my accounts that send transactional emails (Amazon receipts, Uber, etc) over to iCloud and then forwarded my old Gmail. There's no turn-key method I'm aware of, but It was important to me that I could have my purchase and trip logs stored somewhere that respects my privacy.
The iPhone is unbelievably fragile, before you look at the high price. Apple bends over backwards to deny the existence of design flaws, to the point of blaming users for doing it wrong. Despite this I am seriously considering an iPhone, their stance on privacy is the only reason.
You have absolutely no control over what runs on your phone. You cannot even audit the software without breaking into your own device. The broadband firmware is known to be bad quality security-wise and it's tightly connected to the rest of the system. It's a walled garden where specific corporation has complete control over your privacy and you have no other choice than to trust them. Plus Apple has been already seen granting exceptional permissions to some apps like Uber for unclear reasons, so you have to trust third parties as well.
As someone who uses free software and worked closely with some mobile privacy-related projects, it's headscrambling to see iPhone users talking about privacy. I won't use it; you're free to do so, but when it comes to your privacy, it's just a delusion. At least be aware of what you've got - no security and privacy is way better than a false sense of it.
Apple's documented history of working with the NSA to undermine the privacy of its users: PRISM. Tim Cook struck that deal with the NSA and remains CEO today.
It is not true that Tim Cook struck a deal with the NSA. Nor is it true that Apple has worked with the NSA for PRISM.
NSA likely exploited the SSL vulnerability in iOS 6.0 (released Sept 2012, NSA added Apple Oct 2012) and got access to snoop on Apple's data.
After pulling the phrase "participate knowingly" out of thin air, Washington Post was forced to walk back that statement:
"Hours after the news broke, and every company bar PalTalk and AOL denied any knowledge of the program and allegations of their involvement, the Post has changed its stance. The phrase “participate knowingly” has been removed from the article, a new passage suggests the firms were unaware of PRISM"
How did you arrive at the conclusion that it was an SSL vulnerability that constituted inclusion in PRISM? There are zero-days discovered all the time.
Are you really suggesting that prior to Sept 2012 there were no critical zero-day vulnerabilities to which the NSA had access? Surely by your reasoning, Apple should have been included in PRISM years prior. And yet, it wasn't until after Steve Jobs died that Apple began to participate.
The only reason I would consider getting an iPhone too is Apple's privacy stance. They seem like the only company in the big five (Alphabet, Amazon, Apple, Facebook, Microsoft) that don't seem to be that interested in my data. They just want to sell me the product, and that product is, in essence, a piece of hardware.
Apple always refuses to comment on bugs, security holes and basically anything they can not use for marketing. You WANT to believe that Apple is better.
I clicked on this to see why too. My understanding is that they were just as anti-privacy as Google or Samsung.
They signed on to PRISM https://en.wikipedia.org/wiki/PRISM_(surveillance_program) , they happily work with the government over user privacy in articles all the time, and those are just the things we know about. I'm sure there are more PRISM-like back room government deals that we haven't heard of out there, and I haven't seen anything that would make me believe that Apple wouldn't sign on to them.
Is this related to Purism announcing that they had successfully disabled the Intel Management Engine on their laptops? Or is that unrelated? Sorry, this is all new info to me.
> Is this related to Purism announcing that they had successfully disabled the Intel Management Engine on their laptops? Or is that unrelated?
It is completely unrelated.
Intel ME is about a remote servicing interface that exists on all current Intel processors. While it has some usages for managing computers in a corporate setting or managing servers (keyword to look for: Intel Active Management Technology (Intel AMT), which needs Intel vPro), it exists on nearly all current Intel processors (except, I think, Intel, Quark; but this processor is built for completely different purposes). Thus there are rumors that it is a backdoor for, say, 3-letter agencies. I don't want to spread any rumors here, but just say: Because Intel ME is very large and complicated (according to https://www.youtube.com/watch?v=iffTJ1vPCSo 5 MB in size) it is a real concern that lots of security gaps will be found (and some have been found in the past), which, because of Intel ME's structure (according to https://schd.ws/hosted_files/osseu17/84/Replace%20UEFI%20wit... it runs on ring -3) can easily lead to really dangerous security holes. Just for this reason alone any responsible admin should try to disable Intel ME so that this security liability does not have to stay open.
No, from a security stand point I can feel pretty confidant that Apple is better so long as iOS 0days are still selling for 10x that of their counterparts.
how hard would it be for a bunch of semiconductor / cpu designers / cs students to team up and release a nice open hardware so that we can forget about PRISM and the likes ?
That's the whole idea behind the RISC-V platform [1]. It's well-funded, well-designed, has amazing pedigree (David Patterson literally wrote the book on computer architecture). It's even licensed such that companies can use it in proprietary designs.
And yet, making the actual switch is a tremendously difficult task. On the software side alone, it requires recompiling every application you want to run on your platform. That doesn't even touch the cost of rolling the actual hardware. There are more than a few examples of this: Intel's Itanium, Oracle's SPARC, Berkeley's MIPS, Transmeta's Crusoe, etc. Sure, these all had niches (embedded systems, research hardware, a few high-end servers) -- but breaking out into the mainstream (a.k.a. like x86-64 and ARM/ARM64) is damn near impossible.
>
This would be a bit different. Itanium, Sparc, Crusoe, ARM... all these CPUs were offering is the promise of better performance in some aspect.
Crusoe and ARM were not about the promise of better performance, but of being much more energy-efficient for the intended purpose (though since a few years ARM tries to get into a (more) high-performance field).
Energy efficiency kind of falls under the "performance" category. Just not raw MIPS performance but "performance per watt".
What I wanted to say is that the major selling point of RISC-V would be its open-ness rather than anything performance (or power) related. In that respect it has already captured the attention of interested parties, regardless of that the actual performance will be.
I heard that so far riscv chips (a few were taped IIRC) were just too slow. I deeply believe that with simple and open silicon (cpu, gpu) you'd get a huge amount of visible benefits for end users that don't require Apple A10 levels of performance.
- Less bugs
- Potentially better applications since the lower layers are stable and don't require you to fight it (as an example, pre vulkan drivers were hell, linux software has to circle around that)
The iPhone is unbelievably fragile, before you look at the high price. Apple bends over backwards to deny the existence of design flaws, to the point of blaming users for doing it wrong.
I'd say I _mostly_ disagree.
Many times over the years there have been "major" problems (i.e. antenna-gate and bendgate to name a couple). I've never experienced those issues, and I'm sure neither have many others. The iPhones through the years have been mostly solid for me in terms of hardware without significant design flaws.
Now, I don't try to claim iPhones are perfect, but I think this is an over-reaction.
Anecdotally (but with n = many), I see many more scratched/broken iPhone screens than premium Android. Similar prices, same peer group. There are probably other sources of selection bias I'm not seeing, but it's a large enough effect that I'm cautiously positive of my determination absent an actual survey.
It took two years for Apple to acknowledge[1] that #staingate was a real issue.
I do think their hardware is generally high quality, but there are holes, and they are magnified by their positioning as a premium brand and certain high-profile denials of said holes. Which for a brand that lives and dies on its reputation seems less than smart. Adding to the weirdness is that I've alternately received excellent support in cases of hardware issues, and next to none. My guess is that the frontline has a whitelist of issues that they can okay, and have no little latitude beyond that.
The only real reason I haven't switched is because they won't give me control of my phone. At least with Android I can root it, install custom roms, and mess with pretty much any non-google software that I have on there.
Android is far from perfect, and I still hate it, but at least I can still control most of it.
The iOS equivalent of rooting your device is called a jailbreak.
>Jailbreaking permits root access to iOS, allowing the downloading and installation of additional applications, extensions, and themes that are unavailable through the official Apple App Store.
> Anecdotally (but with n = many), I see many more scratched/broken iPhone screens than premium Android. Similar prices, same peer group. There are probably other sources of selection bias I'm not seeing, but it's a large enough effect that I'm cautiously positive of my determination absent an actual survey.
> Anecdotally (but with n = many), I see many more scratched/broken iPhone screens than premium Android. Similar prices, same peer group. There are probably other sources of selection bias I'm not seeing, but it's a large enough effect that I'm cautiously positive of my determination absent an actual survey.
Apple itself may well have a pro-privacy stance regarding the data associated with their products & services, but if I can't even install a firewall on one of their phones then that doesn't protect my privacy much against malicious or deceptive third-parties.
I don't much like Android as a system but at least I can strip it of Google services and install a firewall and feel reasonably private. It's not an ideal option but it works.
It does have a firewall. The configuration is static: no incoming connections.
You might be thinking about not being able to have an antivirus? In which case, that is certainly a feature - not a bug. Allowing the privileges required to enable an AV to operate on iOS would severely degrade the security of your device. The losses would massively outweigh any potential benefits of having an AV.
Blocking incoming connections on a mobile device is less important than blocking outgoing connections given the threat model of a multitude of mobile devices running basically black-box applications which have access to a range of sensors. The main threat here is applications gathering data - of any sort, from positional to audiovisual to network traffic to (financial) transactional - and sending it off to their masters. The threat is, so to say, inside the walls already, not outside. The task it to make sure it does not communicate to the outside world.
iOS does not allow fine-grained control over outgoing network access. The assumption is that the user trusts the application to not do anything untoward, after all it was vetted by Apple before it appeared in the store. There are ways to get this type of control on iOS but since the first step you need to take is to 'jailbreak' the device this is not a real solution.
Android does allow this type of control through a multitude of firewall (i.e. Linux iptables) configuration applications. Android devices running version 3.x or earlier need to be 'rooted' to gain access to the firewall configuration, later versions (from 4.0) don't require rooting. The 'no-root' firewall works by routing all traffic through an on-device VPN (which can be instantiated without root access as of Android 4.0). This does mean the firewall application gets access to all network traffic, making that type of application a good target for those who wish to subvert Android network security.
I ran an outgoing firewall on ios from about ios5 to ios8 (FirewallIP -- jb only). I lament every day since ios9 (and not jailbreaking) about its loss. Its a killer feature that apple should implement.
Many apps connects back frequently -- sometimes every action I take. Enough!
Indeed, Occam's razor says poor IP geolocation. What are the chances that you are being monitored by NSA from Texas, or that the geolocation database is stale or wrong?
Out of curiosity, what are the chances this geolocation error also exists 170 miles away? I had the exact same thing happen a few weeks ago, from just east of Chicago.
I believed everything in this until something that happened in late July this past summer.
In China, their fastest-growing market, China demanded all secure messaging and VPN apps be removed from the App Store and Apple complied.[1]
So privacy matters, unless it's in your fastest-growing market.
I intend to discuss with Tim next time I see him.
1: https://techcrunch.com/2017/07/29/apple-removes-vpn-apps-fro...