Don't hold your breath. XPrivacy software for rooted Android could give fake data to apps 7+ years ago [1], effectively accomplishing what that policy would. But rooting has become more difficult and more undesirable due to SafetyNet, and Google has not implemented such a feature in official Android.
These lines are wild. Android has great privacy controls and has had them as long or longer than Apple has.
Android gives 0 permissions by default in an app. Android requires 1 by 1 permission granting following a standard of least-required. Android's default permission selection is "Only this time" and not "Forever", meaning most users only grant temporary permission to the app. Android then automatically removes "forever" permissions that are unused after a period of 30-90 days without user input. Android is so aggressive about it that most "background" apps (widgets/battery monitors/weather) silently stop working as Google ruthlessly rips permissions away.
Heck -- unlike Apple, Google distributes nearly all of their apps and even system components through the App Store and still relies on standard user permissioning! You still have to grant Google the same permissions you grant any other app, even though it's "OS level". Imagine Apple authentically asking you for permission when you open a first party app and respecting it!
It's basically impossible to have an app use a permission you didn't know about on Android these days.
And in light of the great reality we live in, you have some crazy Apple stans in here saying "Google is actively hostile to user control". That line is wild considering almost every major iOS UX or hardware enhancement was ripped straight from an Android device that debuted it years prior... Between Apple and Google, there is no argument that Apple is the most hostile device company to "user control" in history. That's their thing! There's one way to do it, the Apple way, and if you want to customize it differently, you're the problem! ("Hostile to user control")
> Android has great privacy controls and has had them as long or longer than Apple has.
These can both be true. Android can have great privacy & permission controls, and also be better at many of these things than Apple, and also have systematically cut back on users control of their own devices, time and time again (Android 7 making it impossible to manage your own CA certificates, Android 14 tightening that further, sideloading restrictions, SafetyNet/Play Integrity making custom OSs & rooting unusable, etc).
There's a lot more to user control of devices than just app permissions, and "Better than Apple" on this stuff is not a high bar.
> Heck -- unlike Apple, Google distributes nearly all of their apps and even system components through the App Store and still relies on standard user permissioning! You still have to grant Google the same permissions you grant any other app, even though it's "OS level". Imagine Apple authentically asking you for permission when you open a first party app and respecting it!
That's clearly the big difference between both. Who knows what the internal apps are using on iOS, certainly not anything standard. That's also why it's usually the first attack vector on zero days.
Yeah but that also help that they don't have the same access as any random app. When you manage to get access to iMessage, that's not exactly the same thing as getting access to the sms app on Android.
Nobody really knows except from a few security researchers? I'm not working at Apple and I can't access the device internals. You can't build a third-party iMessage yourself unlike on Android anyways so there's some system apis somewhere enabling that for sure.
There's at least some special security keys, a custom notification system, extended access to device storage and custom wakeup exceptions from what I could deduce myself looking at it. Of course there's for sure more than that but that's at least what's visible.
Go ahead and prove me wrong then, link me an alternative iMessage client built with the normal apis or even explain how you could even do it. Good luck.
I can do that on Android, that's impossible on iOS because it's a custom system app with custom apis.
Slightly unrelated but we really need an equivalent to userscripts on mobile so that users can inject modifications to their apps for adding changes they need.
I really liked the xprivacy concept and it should be extended to full scripts.
That's effectively what Xposed, the framework used by Xprivacy was. Of course the security implications of malicious code running inside Xposed would be nightmarish.
They are actively hostile to user control.
[1] https://news.ycombinator.com/item?id=36645100