update(blog)!: Add iOS vs Android Security article#3140
Draft
friadev wants to merge 70 commits intoprivacyguides:mainfrom
Draft
update(blog)!: Add iOS vs Android Security article#3140friadev wants to merge 70 commits intoprivacyguides:mainfrom
friadev wants to merge 70 commits intoprivacyguides:mainfrom
Conversation
✅ Your preview is ready!
Please note that this preview was built from an untrusted source, so it was not granted access to all mkdocs-material features. Maintainers should ensure this PR has been reviewed locally with a full build before merging. |
redoomed1
added
c:blog
redoomed1
reviewed
Sep 26, 2025
Signed-off-by: redoomed1 <redoomed1@privacyguides.org>
redoomed1
reviewed
Sep 28, 2025
Signed-off-by: redoomed1 <redoomed1@privacyguides.org>
redoomed1
reviewed
Sep 28, 2025
Signed-off-by: redoomed1 <redoomed1@privacyguides.org>
redoomed1
reviewed
Sep 28, 2025
I-I-IT
reviewed
Nov 6, 2025
Contributor
I-I-IT
left a comment
I-I-IT
left a comment
There was a problem hiding this comment.
Very good article, but those are my suggestions
I-I-IT
reviewed
Nov 10, 2025
|
|
||
| There's also the matter of some permissions only being available in certain regions: Apparently, Chinese iPhones have a granular [network permission](https://sspai.com/post/35720) that can allow you grant specific apps network access. This would be a huge security improvement on iOS, and it's a feature that's already been implemented so it's quite confusing why they wouldn't ship this feature globally. | ||
|
|
||
| These permissions might protect you from third-party apps, but Apple's own apps can actually [bypass the system permissions](https://blog.xpnsec.com/bypassing-macos-privacy-controls/#:~:text=A%20quick%20review%20of%20Calendar's,How%20can%20we%20subvert%20this?). Allowing their own apps privileged access in the system is, in my opinion, both a privacy and security issue. This means that any Apple app could access your camera, microphone, etc without you knowing about it. I'd like to see Apple not make their own apps privileged, I think that would make users more comfortable and give them more control over their system. |
Contributor
There was a problem hiding this comment.
The article linked mention them doing so on macOS. Is there more direct evidence of them doing so on iOS? I know they bypass the VPN Tunnel.
|
|
||
| FingerprintJS supports [Android devices](https://dev.fingerprint.com/docs/native-android-integration) and claims it can identify the same device after it restarts, after app data/cache is cleared, after the app is deleted and reinstalled, after a factory reset, even if the app is installed in different profiles or user accounts. This is particularly upsetting since many people use Android profiles to separate out their activities. | ||
|
|
||
| I hope Google will see app fingerprinting as a real problem and take steps to mitigate it, especially between factory resets and profiles. I feel that those are the most important boundaries to uphold: a factory reset should be a clean slate, and a separate profile should be almost like a separate phone. |
Contributor
There was a problem hiding this comment.
I feel like this should be tested by you or other team members who have a secondary Android (ideally Pixel GrapheneOS) device. Especially the factory reset claim. Fingerprint.com have an obvious economic interest to pump up their claim.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
List of changes proposed in this PR:
closes privacyguides/article-ideas#39