I doubt they are anti gaming - they spotlighted League of Legends mobile in the iPhone 12 launch.
They just want to milk everything on the app store. I'm so torn on Apple - on the one hand their ecosystem is the most complete and works the best, but on the other hand they try to take a cut from every revenue stream on their platforms, keep a walled garden and often lock out things that are useful to me.
For example iPad pro is an amazing tablet - hardware wise - I would use it as a on the go dev machine - but iOS is so pointlessly locked down I couldn't use it for anything non-trivial. Compare that to an Android device where I can get Linux userland running or Windows tablets. But then Apple couldn't monetise all my apps on the device.
Samsung is the closest you can get to Apple ecosystem but they suck badly - their hardware is acceptable but software is nowhere near close - apps are bad, bixby is horrible, tizen OS is missing basic stuff.
Microsoft could be a player here but they just started experimenting with mobile after a long time, they have no wearable, and the surface line seems promising but always has that one or two flaws that makes it unsatisfying. I'm hoping they can create something in the future, I have no expectations from Samsung - they seem both incompetent and insistent on doing their own thing when it comes to software.
It's imo not possible to have perfect privacy on Android and a good experience, you must make a tradeoff: Here is my completely subjective list of steps, from easy to hard: 1. Go to google privacy for your account and disable all tracking. 2. Do not connect your main google account to your phone. 3. Use firefox. 4. Use a 3rd party map app with offline maps. 5. Do not connect any google account to your phone. This locks you out of the app store, so you have to rely on other stores. 6. Use linageos. 7. Do not use gapps or google play services.
It really depends where you fall between John Doe and Richard Stallman. In no particular order:
- Disable GApps. Note that this can absolutely be done without root [1], as I've done so on my BlackBerry KeyOne and a previous LG G6. This has the additional benefit of a dramatically faster UI on nearly any device.
- Use F-Droid instead of the Google Play Store when possible. If you've disabled GApps like I have, the Aurora Store can be used to fill in the few apps your employer may require.
- Use web versions of apps when possible. mbasic.facebook.com or simply facebook.com is a reasonable alternative to the app, and won't steal you contacts. The former even allows messages to be sent without the app :)
- Use a custom ROM. Note that this will require an unlocked bootloader and either a maintainer for your phone, or to build LineageOS for yourself.
- Minimize permissions you give apps. Don't get thrown when some apps request Location when you don't think they need though: Google has tied Location to Network Access, meaning you must grant Location Access for most apps to see Bluetooth & WiFi networks (which could reasonably be used as a proxy for your location).
- Unless you need it, don't leave Bluetooth on all the time. Retail locations use Bluetooth beacons to ping devices and follow consumers through the store. Bluetooth is reasonably localized, and gives the retailer fascinating data relating to where you went, how long (or if) you lingered in front of junk food, if you had to search for something, where you went first, and possibly payment card information (waiting in line vs walking away after a payment is made at a certain terminal).
The only thing you can do to retain some level of privacy is find a phone with great lineageOS support, install with no gapps, install fdroid as a system app so it can manage updates.
You still won't get kernel updates when security issues come around because not even the OEM can update that without convincing all the vendors to update their blobs.
Why would you tunnel your DNS requests when you can just switch DNS on the phone to a filtering one and also use blocklists, IE. with Blokada? Unless you route everything, not only default DNS, through the VPN, any app can just hardcode its own DNS ip and if you route everything through the VPN Blokada will do exactly the same but without an extra hop. Sounds terribly complicated for something that gives less security and privacy. Mind you that is coming from someone who runs 3 Piholes on a homelab.
There's no extra hop? Do you carry the pihole around with you?
Do you have a firewall running on your phone to block or redirect DNS requests? Since hardcoding and bypassing the one in network settings is extremely easy and done by default by even some Google apps. DNS leaking VPN is trivial.
What logs are you talking about? Blokada can use the same upstream DNS as your pihole so the logs are exactly the same if any exists.
Without a firewall and a VPN (both on the phone) you are not secure. With a VPN and a custom DNS service with blocklists you have an identical setup as one who uses Blokada, but without an external service.
>Do you have a firewall running on your phone to block or redirect DNS requests? Since hardcoding and bypassing the one in network settings is extremely easy and done by default by even some Google apps. DNS leaking VPN is trivial.
I assume wireguard's DNS field sets/redirects all DNS traffic through the VPN. If it ignores that setting, then Android's VPN design itself is broken. Switching to blokada won't fix this problem either.
Either way, Android's Firewall/Network aspects don't give me enough control here. But I can see enough hits on my pihole to have some reasonable confidence.
>What logs are you talking about? Blokada can use the same upstream DNS as your pihole so the logs are exactly the same if any exists.
I don't have to trust the owners of blokada aren't keeping logs? Why would I need to trust them when I can use my pihole which I know doesn't keep logs?
You are offering no advantages here compared to using my setup.
>Without a firewall and a VPN (both on the phone) you are not secure.
Well there is no competent firewall on the phone without root. Yes there is a VPN on both and it seems to work.
>With a VPN and a custom DNS service with blocklists you have an identical setup as one who uses Blokada, but without an external service.
Yes, I have an identical setup that I run myself without trusting some random owner of blokada. It runs externally just fine using my home network.
Apple makes sure iOS apps don't ask for anymore permissions than they need. Google doesn't really care. That is the ONLY major difference. If you're mindful of what apps are asking for what permissions, you aren't gaining much from Apple's garden.
If you're going 1:1 on the apps that run on both android and iOS, you'll soon see that there's very little difference.
One more area where iOS is better is security. Your iPhone is basically a paperweight if it's stolen and the thief doesn't know your password. But that's another story.
I don't know what other manufacturers are doing but Google on stock android and on Pixel does mandate asking for permissions. Even Google's own apps ask for them.
If your Pixel is stolen you have remote wipe options and newer Pixels contain Titan M chips that disallow tampering to gain access.
You can do all the stuff people say, or if you already use gmail and google search, you can understand they already have a lot of your info, and still use the GApps. Definitely don't give third party apps permissions they dont need, and if you do root, the app that lets you spoof the gps given to apps is wonderful (as well as the one that lets you spoof other info).
Their App Store team is completely shooting the rest of Apple in the foot, and I’m amazed that no one there seems to realize this. They are burning good will faster than they can create it.
I don't feel the same way any more, and I've been happier with an Android device since.