You can easily get far more privacy with Android than iOS, even using a factory, unrooted, rom.
Though I’d say iOS is more private out of the gate than Android.
Once you start installing apps, it’s arguable which is worse - while Apple restricts a lot of stuff, I’ve had apps on iOS that eat battery to pull ads constantly (specifically one Solitaire game, but others too) and lots of Android apps are notorious for wanting every permission and to run at boot. “Free” games on both platforms are notably guilty.
At least with Android you can choose a lot of apps that don’t collect data, and don’t even want a network connection. Unrooted, you can use a VPN full time, that can block network access for apps, or even specific network connections (NoRoot Firewall is one, and ThinkDNS can do this too, IIRC). Like free games - on Android (even unrooted), I can block their network access. And I know it’s effective because it breaks some games.
I’ve used a stock, unrootable phone, and stripped down a lot of stuff using the Universal Android Debloat Utility. It can disable bloatware like all the Facebook components.
Though if OP wants to have a more private and more secure device, I’d go Android with a custom rom, especially Graphene, but Lineage and DivestOS can get you close to Graphene, especially is you manage your layers of privacy and security.
As others have said, the Pixel line is the easiest if you want to have full control over the phone.
There are others, but it will take more effort to get there (I say this after flashing and rooting all my phones since 2010).
Take a look at lineageos.org/devices to see what devices they support, it’s a good approximation of which phones can be boot loader unlocked.
After lots of looking around, I decided to finally jump to Pixel, and I’m running DivestOS (a fork of Lineage with a little bit more tweaked, like sandboxing MicroG).
Once you decide to go down this road, I’d suggest downloading the factory rom image for your phone, and practice flashing it, before trying with a custom rom, just so you have some experience with a known-good image. Plus, sometimes you have to flash back to stock - I just did one the other day because I screwed up the custom rom flash.
For what OS?
Why not just run your own calendar server, then the sync issue is resolved by extant sync mechanism, rather than trying to make your own with Syncthing?
I use Syncthing to sync some stuff that doesn’t have standard server sync solutions, like some text files that may get updated at either end. But I don’t think it’s the way to sync calendar stuff, as calendaring is an established system.
And if you’re worried about getting to your calendar server, Mesh networks like Tailscale can provide an encrypted tunnel. You don’t even need the client on devices, if you use the Funnel feature (which funnels specific traffic from the internet into your tunnel, courtesy of Tailscale).
(That said, I’m curious to see what more knowledgeable people come up with, I can’t think of any calendar apps that auto import/export calendars).
I generally agree.
But any decent code review process would’ve exposed this, or at least a data surveillance system that checks this stuff. I’ve received a few notifications about my logs storing inappropriate data, as a result of a scanning system.
Some manager knew about this during a code review, and signed off on the risk because it was only in-house.
Not to excuse MS crap, but you consented by not managing the system during setup. If you accept defaults, you’re consenting to what someone else thinks about how your system runs.
I’ve never once had Windows do updates behind my back, because I configure the update system as part of setup. At work, we manage the updates for all systems.
And that makes this thing OK?
“More for security”. How does boot taste?
These things track every Bluetooth device, every phone, every watch, every headset, etc, etc.
It’s yet another increase in surveillance, and “it’s not a big deal because that’s already happening” is your response?
Oh, and I’d bet a year’s salary these are leased, and the vendor owns all the collected data.
This is about data collection, not security.
I think they still have an associated number, just that it can’t be used for voice or sms (it may have changed, but the number was effectively the equivalent of an IP address in the telco system - it’s what all the switching relies on to route). They probably just don’t provision voice or sms for it.
You can also try Universal android debloat.
It can disable Gallery, though that has its own issues on Samsung.
Meh. I only read a translated version, so it’s hard to tell nuance.
But nothing in there is inaccurate. Maybe overstated.
Personally Signal seems trustworthy, but… I have some ambivalence, given their bullshit reasons for dropping SMS support. They claimed it cost them engineering, which is at best wrong, at worst a flat out lie. Signal has nothing to do with how SMS is managed - it merely hands the message to Android’s SMS system. It’s trivial. So why would they drop support and use that lie?
When I’m being misled, I start to look at everything else as having a bit more validity.
Plus UI/UX on signal sucks. It’s no better than the lamest SMS app. Hell, old SMS apps are better. And no multi-device sync. They claim it can’t be done and maintain encryption. Right. Clients just need to use the same encryption key…like Telegram does, and now Teleguard - and they’re claiming full e2e at all times.
Agreed.
No audit…then we don’t know.
Have you seen an audit for SwissCows’ Teleguard?
I’ve been testing it for a few days now, after a comment about it here.
They claim to not store your chats, they’re deleted after delivery. To sync a new device requires an encrypted backup from an existing device.
I’ve tested this by restoring a backup from yesterday to sync a new device, and it only has data from yesterday.
That said, I really don’t know how trustworthy they are.
It also depends on your layering, or lack of. It’s the complexity issue you ran into.
Great post by the way.