I disagree.

Google’s entire business model is dependent on personal data. AOSP may have privacy features that are verifiable but Google Play Services is not open source and undoubtedly collect lots of data for Google. Most AOSP-based phones all largely include GPS. Sure, you can limit what access GPS has but then you’re sacrificing features. The majority of people probably opt-in.

In contrast, Apple doesn’t need your data for most of the products / services they sell. Privacy is a selling point, so they’re incentivized to build robust privacy features. I’d love to see more commitment to open-sourcing underlying technologies but imo Apple is way more privacy conscious than Google.

I will however give Google credit for their privacy initiatives in recent years. They seem to be taking it more seriously.

> Google Play Services is not open source and undoubtedly collect lots of data for Google

Google Play services is not everything though, and Android being what it is, you can actually replace and spoof most of these features to your heart's content. Having used Android without Play Services for a few years now, I honest to god do not notice the difference. microG coming preinstalled on most Android derivatives helps a lot there.

> Privacy is a selling point, so they’re incentivized to build robust privacy features.

Problem is, that's a tautology. Apple says that, and certainly stand to gain quite a bit from claiming it. But nobody is holding them accountable besides themselves; if Apple was asked to compromise their privacy by a third party, their users may never know. Nobody can earnestly say that iOS is a comparatively private operating system, because we literally cannot see how it behaves!

Apple's approach to "privacy" is publishing whitepapers and then absolving themselves of real accountability. That's how they approached iPhone security, that's how they approached Mac security, and lord only knows how they approach iCloud security. When you say that Apple is "privacy conscious", you mean to say they market privacy better. You don't know how conscious Apple is of privacy, you only know what they claim to be true.

As I said; it's not a competition. Marketing-based security is not a threat model; transparency is.

Why is this downvoted? Any counter-arguments?

i actually dont know how you can say this with a straight face

I don't know how you can include "Apple" and "privacy" in the same sentence without some kind of source code to back it up.

How does source code backs Google privacy claims?

AOSP so different than even Google own pixel phones it's code is basically irrelevant.

It's an option. AOSP isn't identical to OEM-distributed ROMs, but it's certainly a great basis for private OSes like CalyxOS and GrapheneOS. For individuals that are serious about privacy, there aren't any options to compile your own iOS with Apple services disabled.

I'm not saying that the AOSP absolves all of Google's server-side behavior (or even that it proves they're benevolent; neither company is). My point is that Google presents a realistic threat model to their users, that takes them seriously and even provides escape hatches for any potentially concerning features. iOS presents a comparatively cartoonish outlook that relies more on the strength of their marketing than the self-evidence of their security. Apple's position is indefensible but claims to be altruistic; Google's position is honest, so much that it treats themselves as a threat.

Are you running AOSP without GMS?

GNU/Linux cellular devices are not more private than an appropriately secured Android handset. Given the modem vulnerabilities and poor support for Linux ARM SOCs, I would much rather trust an OS designed from the ground-up to incorporate cellular security. There's a reason Linux was forked to create Android, and not built as an upstream effort. Linux is perfectly secure for a physically secured server rack. It is a nightmare scenario for GSM privacy.

> Linux is perfectly secure for a physically secured server rack. It is a nightmare scenario for GSM privacy.

What is the difference?

Endpoint security, IP-based GSM networking vs RIL telephony, isolation measures, ISP trust and fingerprinting mitigation, modem transparency, privledged baseband access and SIM vulnerability, to name a few big ones.

Again - Linux for desktops and servers can be great for privacy. For pretty much every single smartphone-based threat vector, it is a free lunch for attackers. We're talking off-the-shelf CVE exploits versus blowing a multi-million dollar zero-day here.

This is all very theoretical and unclear. For example, on Pinephone, the modem runs FLOSS software (except for a small blob managing the tower connections). Also, it's connected via USB, so there is no privileged access for it. I have no idea what ISP trust has to do with that. You can install Tor on the phone. And so on.