GrapheneOS Organization Addresses Misunderstandings Of Android Security

There's a highly inaccurate article about Pixels from Cybernews making the rounds everywhere in privacy communities. It gets the details nearly completely wrong and thoroughly misrepresents things like the optional network-based location used nearly everywhere as Pixel specific.

Any non-Pixel device with the standard Google Play integration has similar Google service integration doing the same things. You don't avoid it at all by using a non-Pixel, but you do end up with a device that's far less secure and adds OEM services with their own privacy issues.

It goes through connections for the Google Play network-based location that's offering as an option during the initial setup wizard, the optional Google Play account-based device management, Google Play feature flags, Google Play telemetry, etc. It gets a lot of details wrong.

iOS has direct equivalents to everything that's covered.

If what people take from the article is that they should use a non-Pixel Android device with Google Play, they'll have a dramatically less secure device with the same privacy issues and additional ones from OEM services.

If what people take from the article is they should use an iPhone instead of a Pixel, they'll have a device with comparable security and similar privacy invasive default connections. iOS does provide better privacy from third party apps than AOSP or the stock Pixel OS, at least.

Unfortunately, the article contributes to people using typical highly insecure Android devices with additional privacy invasive connections, not fewer. If it was promoting iOS over Android, at least it would be helpful overall despite being highly inaccurate. Tech news is awful.

People are having their privacy and security harmed by journalists misleading them because most journalists don't do basic due diligence and simply repeat claims from elsewhere without verification. Many people in the privacy and security communities are doing the same thing.

GrapheneOS is a major security upgrade over the stock Pixel OS or iPhone, but it doesn't mean we're on board with spreading misinformation about either of those. They're the most secure smartphone options and iOS is a clear next best overall choice for privacy after GrapheneOS.

iOS has important privacy features missing in standard Android. Our Storage Scopes feature is needed for parity with iOS. Our Contact Scopes is better than what they added in iOS 18 but it's similar. iOS having better privacy FROM APPS than Android definitely does check out.

The idea that iPhones have better privacy from Apple than Pixels do from Google is largely just a misconception and there's a whole lot of confirmation bias happening. Apple does have better end-to-end encryption support which most users aren't actually enabling for iCloud, etc.

There are a lot of alternative operating systems and supposedly private/secure phone products. Nearly all of these have dramatically worse security than the stock Pixel OS or an iPhone. Nearly all have worse privacy from apps than iOS. They have their own problematic connections.

In terms of privacy from apps, GrapheneOS is competitive with iOS with both advantages and disadvantages. In terms of overall privacy, GrapheneOS is a significant upgrade. Security is a much clearer win for GrapheneOS since Pixels are quite competitive without our work anyway.

Android has useful privacy features unavailable in iOS such as user profiles, Private Space in Android 15, better VPN support, etc. GrapheneOS adds more advantages, and we address the weakness of privacy from apps but not yet to the point it's a clear upgrade in that one area.