Search - 4rchive

>>42736399
>>42737246
>>42737495
In case you are interested in my rambling comment on this topic, I think it's important not to accidentally mix up security with privacy, optionally with anonymity as well. This makes such discussions less productive.
Does Apple and Google do decent job at security? To my best knowledge, I would argue they do. GrapheneOS autists seem to be even more passionate about this, e.g. they rightfully threw some comments at Apple announcing MTE like they're the hottest shit around. Pixels had this in hardware a couple of years earlier, but stock OS didn't enable that (at all or everywhere), GOS being more dedicated to this cause did enable it early. Caught some bugs in third party and first party software, so I understand why Google might've kept it quiet. Recent bug bounty changes on Apple side do reassure me someone there wants company to stay financially invested in this topic.
Does Apple and Google do decent job at retaining user's right to privacy? I would say it depends on your personal threat model. Sometimes the proprietary solutions might be better on paper, but it'll be difficult to validate their claims. It's not like open source = private, proprietary = not private. Of course I would prefer all software to be open source instead of black boxes, but it's not the world we live in, yet.
Privacy does require security - if someone can elevate privileges on your phone by sending you a funny pony picture with attached exploit for ten year old hole which the manufacturer of your phone didn't bother to patch, the privacy is lost. We do live in a sad world where phones need software put together for each model, and vendors seem financially encouraged to put out more models than they can feasibly support. I would say Apple's approach is better here - release mostly only flagships, release few of them, and poorfags can buy older models which you'll still support for years. Because it's still fewer models to support for 5y (or whatever) than Xiaomi's yearly lineup.
I applauded Google's Pixel team for keeping similar approach and even extending firmware+OS security patches to 7 years, but then some other team fucked with AOSP and made security patches embargoed for 3 months (1m previously). As GOS devs pointed out, this does seem irresponsible and only extends the time for exploiting known vulnerabilities by bad actors. And again, seemingly only GOS treats this seriously and using their contract with some phone vendor they can access those patches and do apply them quickly. Pixel's OS team doesn't, yet.
It's a clusterfuck, really, but as random anon with my current knowledge I am most inclined to recommend whatever hardware GOS devs claim solid, or a Pixel/iPhone on stock OS. Other vendors appear to treat security less seriously, unfortunately.