You don't have to use Play Services, and this is very easy to do. You can also use Play Services piecemeal. The choice really is between open or closed.
You can use Firefox as your default browser on Android but are limited to a bastardized version on iOS. You can run an OpenStreetMap app as your default map on Android, but you have no choice on iOS. You can build your own apps and run them indefinitely on Android, but you have to pay a $99 yearly fee (on top of the Mac tax) or rebuild every 7 days on iOS.
I don't recommend iOS to anybody. People who think it is more secure don't understand defense in depth, and people who think it is more private don't understand that Pixel and Android One builds actually collect less information by default (before opting in on any of the dialogs).
I tried the lineage version: I can't even register for signal (a messaging app) with microg enabled. The only workaround is to disable microg, register signal, then enable microg.
> People who think it is more secure don't understand defense in depth, and people who think it is more private don't understand that Pixel and Android One builds actually collect less information by default (before opting in on any of the dialogs).
For one, orders of magnitude more iOS users have been infected by malware than users of Google or Amazon flavors of Android even though there are orders of magnitude more users of the latter. See Xcodeghost, which Apple had to rely on Twitter users to find instances of in their own App Store. Compare to Google and Amazon, which run static and dynamic analysis of apps uploaded to their stores and allow third party security research on their stores, enabling both earlier detection of malware and faster takedown of all apps that share the same malware.
This is dangerously misleading nonsense. Yes, XCodeGhost was bad for iOS in China, but Android malware in China is of a different class entirely: it often comes pre-installed in the firmware [1]. Furthermore Play Store isn't available in China, and the Android app stores available in China are overflowing with malware.
500 million is the number of devices which potentially had access to an app store containing apps that had malware. It's not the number actually infected. I mean, come on.
> 500 million is the number of devices which potentially had access to an app store containing apps that had malware. It's not the number actually infected. I mean, come on.
From the article: "XcodeGhost potentially affects more than 500 million iOS users, primarily because messaging app WeChat is very popular in China and the Asia-Pacific region." After that article was published, Angry Birds 2 was also discovered to be infected.
Did you notice how I compared to Google and Amazon app stores? Those are the devices that HN readers would buy (those Chinese app store phones are not available for sale in the US), and they have vastly more users than the iTunes App Store yet in total infected devices can't come anywhere close to the toxic hellstew that is the App Store.
Again, source? Xcodeghost was one instance of limited impact.
> Compare to Google and Amazon, which run static and dynamic analysis of apps uploaded to their stores and allow third party security research on their stores, enabling both earlier detection of malware and faster takedown of all apps that share the same malware.
No need to assume. https://researchcenter.paloaltonetworks.com/2015/09/more-det... not only shows that there were thousands more apps affected by Xcodeghost than originally reported (and thus, more infected users than the approximately 500 million estimate from the earlier link based on the original 50 apps), but also that Apple was still taking down affected apps days later, waiting for third parties to report them. This despite that Xcodeghost represents a single malware that can be detected with a binary grep. That Apple didn't have the infrastructure to deal with even that demonstrates how woefully inadequate their app management infrastructure is for dealing with malware.
Where does the link say this? As far as I know Apple has all the information needed to make this decision themselves. As you said, a binary grep, coupled with many of Apple's static/dynamic analysis tools should be enough to find this issue.
"Starting September 18, Apple began to remove some iOS apps infected by XcodeGhost from its App Store.... As of this writing, on Monday, September 21, we notice that there are still some previously known infected iOS apps available in App Store."
> As you said, a binary grep, coupled with many of Apple's static/dynamic analysis tools should be enough to find this issue.
As I said, it should be so simple if Apple had set up the basic infrastructure for this. Since it had not, Xcodeghost remained on the App Store long after it was initially discovered, allowing researchers to find thousands more affected apps. Compare to Google's Play Store which not only performs static analysis but also crash analysis, battery usage analysis, and dynamic analysis through running the apps in cloud VMs (something Amazon did at launch).
Is it actually easy to avoid using Play Services on Android? The ways I've seen this done before requires rooting your Android phone, which is sketchy at best, and often cannot be done at all.
I don't understand why you are downvoted. The relative openness of Android is the reason something like GNU's Replicant, LineageOS or CopperheadOS (all without Google software) is possible in the first place.
To see proprietary and incredibly locked-down devices such as iPhones advocated for so strongly seems so weird. As if openness and security are at odds or something.
Though an iOS user myself, I was on board with the logic of your comment until this point:
> … or rebuild every 7 days on iOS.
By tossing in a flippant remark, you undermine the legitimacy of the other arguments. I don’t think a reasonable person would conclude that you actually believe the above statement to be true. This type of rhetoric, in which reality is knowingly distorted to make a point, may be less effective than you consider it to be.
You can use Firefox as your default browser on Android but are limited to a bastardized version on iOS. You can run an OpenStreetMap app as your default map on Android, but you have no choice on iOS. You can build your own apps and run them indefinitely on Android, but you have to pay a $99 yearly fee (on top of the Mac tax) or rebuild every 7 days on iOS.
I don't recommend iOS to anybody. People who think it is more secure don't understand defense in depth, and people who think it is more private don't understand that Pixel and Android One builds actually collect less information by default (before opting in on any of the dialogs).