Skip Navigation

Phones and Tablets

In previous lessons, we’ve seen that smartphone apps can be major privacy risks. However, the devices themselves raise privacy concerns straight out of the box, even if no additional apps have been installed. Built-in functionality, privileged access for manufacturer-supplied apps, and preloaded carrier apps all contribute to these privacy issues.

Page Contents

Walled Gardens

Mobile devices, such as cell phones and tablets, collectively provide a robust platform for tracking users’ behaviors. This is due in no small part to the fact that these devices are walled gardens in which only certain applications are permitted to be installed through a centralized app store. Although this approach is marketed as a means of improving security by controlling what apps can be run, both the Google Play Store1 and the Apple App Store2 have been found to contain malware. From a privacy perspective, the use of a single, curated source of apps is problematic. For starters, this central service collects fees and commissions from developers, typically to the tune of 15% for Android apps3 to 30% for iOS apps.4 This “pay to play” model of app distribution cuts into developer revenues, pushing them to increase app monetization. Since neither company currently charges a commission on revenue earned by collecting user data and advertising, app developers have an incentive to take this route over simply charging a fee for the app.

A second major problem with the walled garden approach is that these companies get to decide what a person can and cannot do with their own device. Both companies have rules as to what is and isn’t allowed in their app stores, and these rules tend to favor data collection. For example, Google explicitly considers an app that blocks ads to be committing “Device and Network Abuse” and thus banishes them from the Play Store.5 Apple prohibits browser engines other than WebKit from being used on iOS, except in the European Union now that they have been legally compelled to change their position there.6 These restrictions, although ostensibly aimed at developers, effectively dictate how people are allowed the use the phones for which they paid hundreds or thousands of dollars.

Cloud Services

Both Google and Apple provide cloud service integration with their phones. Out of the box, an Android phone prompts the user to log in with a Google account, while an iPhone asks for a person’s Apple ID. These cloud connections offer the user the ability to synchronize data with the cloud service, enabling the share of contacts and calendars, for example. Both brands of device also “helpfully” prompt the user to “back up” their photos to their cloud accounts. Like any other online service, these cloud accounts can be compromised through various types of cyberattacks, such as one in 2014 (known online as “The Fappening”) in which nude photos of a number of celebrities were stolen from their iCloud accounts and posted online.7

Absent cybersecurity threats, constantly sending data to a cloud account creates other privacy issues. In 2021, Apple announced a plan to start scanning photos backed up to iCloud in order to detect Child Sexual Abuse Material (CSAM). The company abandoned this effort after significant backlash from privacy and civil liberties advocates.8 Not to be outdone, Google maintains a database known as Sensorvault, which logs detailed location data for Android phones and maintains these data points indefinitely.9 Law enforcement can gain access to this saved data via a geofence warrant, enabling them to identify potential suspects based on who was near the scene of a crime at a given time.10 This approach to policing has already led to the suspicion of innocent people who merely happened to be in the same area that a crime took place.11

Privileged Apps

One of the security features touted by both Google and Apple is that phone apps are “sandboxed” and have a restricted set of permissions, improving security. However, both companies give their own apps special permissions to break out of the sandbox and access information that third-party apps are prohibited from using. Google’s Play Services and Android Auto apps, for example, get special permissions on the device and can access sensitive profile data.12 Apple has been accused of favoring its own apps over those from competitors, to the extent that it shows different privacy wording when asking for a user’s permission to collect data. The privacy risks of Apple’s own apps are allegedly downplayed when compared to those of other developers.13

Phone Carriers

Most consumers do not buy their phones directly from Google or Apple. Instead, they often finance their devices through the phone carrier. In some cases, an extra fee is added to the monthly phone bill until the device has been paid in full. For some older generation devices or less popular models, the carrier might offer a customer a “free” phone in exchange for some kind of service commitment. Phones acquired from carriers are thus subject to a subsidy lock, which prevents the phone from being used on another carrier’s network, until the device has been paid in full.14 Carriers can also ship customized versions of the phone operating system, which prevent the phone’s bootloader from being unlocked and thus make it difficult or impossible to install an alternate operating system on the device.15

In addition to locking devices purchased through the carrier, these companies can also ship their devices with preinstalled (and non-removable) crapware, which can both slow down the phone and present privacy concerns. Carriers can also block apps that provide services for which the carrier wants to charge a separate subscription fee, such as the ability to tether another device to the phone and share Internet access.16 Thus, the privacy issues with a given phone stem not only from the company that makes the phone but also from the company that sells the phone.

Mitigation

To put it succinctly, there is no way to mitigate privacy risks created by an iPhone or other iOS device, since Apple’s Software License Agreement prohibits modifying iOS devices (colloquially known as “jailbreaking”) in any way.17 The only way to escape privacy issues with Apple is to switch to a different kind of device. In the case of a smartphone, this different kind of device is usually an Android phone. Fortunately, there are ways to improve privacy on Android devices as long as the original Android software can be replaced with a third-party build like LineageOS18 or GrapheneOS.19 Using a third-party Android distribution without Google Play Services (or using GrapheneOS with Sandboxed Google Play Services confined in a work profile) can greatly improve user privacy on these devices.

Switching to a third-party Android distribution (or “ROM”) requires that the device’s bootloader be unlocked, which might not be possible if the phone has been purchased through a wireless carrier. For this reason, I advise only purchasing fully unlocked Android phones for which bootloader unlocking is known to be possible. Google Pixel phones are targeted at developers and thus are normally good choices in this regard, as long as they are purchased unlocked through a retail store (such as Best Buy or Target) and not from a carrier’s store.

In the long term, switching to a third-party Android distribution without Play Services is likely to become less and less of an option. Google has recently announced that development of Android will occur internally between the company and certain manufacturers who make Android phones. Source code for the Android Open Source Project (AOSP) will continue to be released – for now, at least – but only after Google makes an official Android release. Since Google has slowly been shifting important features from AOSP into its proprietary Play apps, this move is raising some concerns in the Android developer community.20 Google is also making services like the Play Integrity API available to app developers, enabling the creation of apps that refuse to run if the user has switched to a privacy-focused Android distribution. Some popular apps, including Uber, TikTok, and Stripe, evidently already make use of this API.21

The best long-term approach to mobile devices is to use an open-source software stack that is not tied to a single company. Devices that are currently available for this purpose include the PINE64 PinePhone22 and PinePhone Pro23, the Purism Librem 5,24 and the American-made Purism Liberty Phone.25 All these devices run a non-Android version of Linux, with phone-specific software that is still a bit less mature than Android or iOS applications. However, if these devices can be successful in the marketplace, they will ultimately provide much better user privacy, since the user will have complete control over the phone’s operating system and software stack.

Notes and References

  1. Bill Toulas. “Over 200 malicious apps on Google Play downloaded millions of times.” BleepingComputer. October 15, 2024. 

  2. Brendan Hesse. “Great, Now the Apple App Store Has Malware Too.” Lifehacker. August 8, 2022. 

  3. Service fees. Google Play Console Help. 

  4. Apple Developer Program: Membership Details

  5. Device and Network Abuse. Google Play Console Help. 

  6. App Review Guidelines. Apple Developer. 

  7. Martin Landi. “Stars’ nude photo attack may have been down to password codes.” Irish Independent. September 1, 2014. 

  8. Lily Hay Newman. “Apple Kills Its Plan to Scan Your Photos for CSAM. Here’s What’s Next.” Wired. December 7, 2022. 

  9. Jennifer Lynch. Google’s Sensorvault Can Tell Police Where You’ve Been. Electronic Frontier Foundation. April 18, 2019. 

  10. Jennifer Valentino-DeVries. “Tracking Phones, Google Is a Dragnet for the Police.” New York Times. April 13, 2019. 

  11. Jon Schuppe. “Google tracked his bike ride past a burglarized home. That made him a suspect.” NBC News. March 7, 2020. 

  12. Features overview: Sandboxed Google Play. GrapheneOS. 

  13. Oliver Haslam. “Antitrust probe accuses Apple of favoring its own apps over others.” iMore. May 12, 2023. 

  14. Mario Tomás Serrafero. “Reminder: Free Your Phone! - American Carrier Unlock.” XDA Developers. February 11, 2015. 

  15. Bootloader Unlock: Wall of Shame

  16. Cameron Summerson and Chris Hoffman. “How Carriers and Manufacturers Make Your Android Phone’s Software Worse.” How-To Geek. December 31, 2017. 

  17. Unauthorized modification of iOS. Apple iPhone User Guide. 

  18. LineageOS

  19. GrapheneOS

  20. Ryan Whitwam. “Google makes Android development private, will continue open source releases.” Ars Technica. March 26, 2025. 

  21. Play Integrity API. Google Android Developers. 

  22. PinePhone. PINE64. 

  23. PinePhone Pro. PINE64. 

  24. Librem 5. Purism. 

  25. Liberty Phone. Purism. 

Computers

Devices
Internet of Things (IoT) Devices