Summary of iPhone vs. Android Privacy: A deep-dive into the privacy practices of iPhone and Android reveals that both operating systems have their own privacy concerns. While Apple has a reputation for prioritizing user privacy, there are gaps in its privacy enforcement, such as collecting data without user consent and responding to government data requests. On the other hand, Android’s open-source architecture and reliance on advertising revenue raise privacy concerns, especially with the tracking of user data for targeted ads. To improve data privacy, users can use a VPN like NordVPN to hide their IP address and protect their online activities. Ultimately, users must advocate for their privacy rights and take proactive steps to safeguard their personal information.

**iPhone vs. Android: A Privacy Deep-Dive**

iPhone and Android are the most popular mobile operating systems in the world. Yet, both of them treat user privacy very differently.

We did an in-depth privacy comparison, and here’s what we found:

1. Apple collected data despite users asking them not to.
2. Apple closed off competitors to ramp up its advertising business.
3. Apple and Google responded to a whopping 85% of government requests.
4. Android’s lax enforcement of privacy policies with third-party manufacturers and app developers.
5. Android and iPhone app developers selling user data to government agencies and other interested parties without user consent leading to unauthorized data collection.
6. Android and Apple collect location data despite users turning it off.

To stay safe, we recommend users take their privacy into their own hands and use a VPN like NordVPN to hide their IP address (used by both Apple and Google to determine user location if GPS is turned off).

As iPhone and Android continue to monopolize the smartphone market, users are concerned about the privacy of their data. Just how much of your information does Google and Apple collect about you? What do they do with it? These are questions bugging millions of smartphone users.

Google earns 80 percent of its revenue from ads and heavily relies on user data to better target these ads. Apple, on the other hand, uses a closed architecture system, but they have a few questionable practices, too.

Here’s a detailed look at how each of these platforms manage user privacy.

**How iPhone Treats User Privacy**

According to Apple, “Privacy is built in from the beginning, from the moment you open your new device to every time you use an app.” So much so that the core of Apple’s marketing and advertising is centered around privacy.

From high-flying billboards plastered with “Privacy is King” and “What happens on your iPhone, stays on your iPhone” to entire ad campaigns that follow a privacy-centric theme (remember the “Privacy. That’s iPhone” ad campaign?).

But is all this true? Does Apple follow through with its strong privacy sentiments? In search of an answer, we ran tests on an iPhone, dug deep into Apple’s privacy policy, past and ongoing privacy lawsuits, and independent research from reputable sources. Here’s what we found:

We carefully researched Apple’s privacy policy to determine how privacy-friendly your iOS device is. Does Apple collect any of your iPhone data? If it does, what data does it collect? What is it used for? More importantly, does it collect user data without their consent? We provide all the answers.

**iPhone’s closed system architecture**

The closed nature of iPhones means that the operating system (iOS) is proprietary software owned by Apple. This means the source code is not available to the public.

The closed nature of iOS prevents hackers from analyzing the source code for vulnerabilities they can exploit or third-party manufacturers from modifying it and using it on their devices.

Furthermore, iOS implements the secure sandbox architecture for apps. A “sandbox” is a “space” in which an app is installed and operates. This limits an app to only the system resources, files, and directories it needs to operate and nothing more.

Permissions for GPS, camera, microphone, files, and so on are set by the user during app installation and on iPhone’s system settings.

The sandbox architecture is a fantastic security and privacy feature that prohibits insecure apps from affecting other apps, limits hacker access, and restricts apps’ access to resources.

**Third-party apps and permissions**

In 2021, Apple implemented a controversial but long-awaited privacy feature called App Tracking Transparency (ATT). This privacy landmark feature mandates apps to first seek consent from users before tracking their activity across apps and websites.

This means that if you ask an app not to track, the app developer can’t access the system advertising identifier (IDFA), which is used to track your behavior online so as to target you with ads based on this behavior.

The launch of App Tracking Transparency caused an uproar from apps such as Facebook, which took out full-page newspaper ads to oppose it.

However, shifting to users, Flurry Analytics reported that 85 percent of worldwide users clicked ‘ask app not to track’ when prompted, with the proportion rising to 94 percent in the US.

**Apple App Store privacy**

In their privacy policy, Apple confirms that it collects your IP address, information about your browsing habits, purchases, searches, and downloads.

According to the company’s privacy policy:

“To improve the experience in the App Store and other Apple online stores, we collect information about your usage of the stores, including when you open or close the App Store, what content you search for, the content you view and download, and your interactions with App Store push notifications and badges as well as messages from the App Store within apps.”

“We also collect information about your device such as the type of device, the version of your operating system, and the amount of free space on your device. We may use this information to assess whether requested content can be downloaded, to understand general trends in use of device storage, and whether your device is connected by Wi-Fi or cellular.”

Furthermore, when you download an app from the App Store, identifiers such as your device’s hardware ID and IP address are logged by Apple, along with your Apple ID.

You can turn off personalization features in the App Store, Apple Books, iTunes Store, Apple TV, Podcasts, and for subscriptions from Apple by turning off Personalized Recommendations for your Apple ID.

**Apple ID and iCloud privacy**

Apple states, “An Apple ID is the personal account you use to access Apple services like iCloud, the App Store and other Apple online stores, iMessage, and FaceTime, and to access your content across all your devices and the web.” It’s similar to a Gmail email address for accessing Android and other Google services.

If you use iCloud, certain data stored on your device will be automatically sent to and stored by Apple. This allows you to access your data on all your iCloud-enabled devices or computers (“devices”) automatically. This data includes:

Contacts

Calendars

Reminders

Bookmarks

Safari tabs

Health data

Home data

Notes

Freeform

Photos

Documents

Wallet data

Keychain and passwords

Device and account settings

Data from third-party apps that use iCloud

Apple claims, “iCloud Backup can help you restore your data in case you need to replace your device or restore it.”

For certain iCloud information, Apple uses end-to-end encryption, meaning no one besides you can access this information – not even Apple. There are two types of iCloud data protection:

Standard Data Protection: Default iCloud security setting. Your iCloud data is encrypted, the encryption keys are secured in Apple data centers to help with data recovery, and only 14 categories are end-to-end encrypted, excluding categories such as Photos, Notes, Safari Bookmarks, Siri Shortcuts, and more.

Advanced Data Protection: Introduced in iOS 16.2; most of your iCloud data (23 categories), only excluding iCloud Mail, Contacts, and Calendar will be end-to-end encrypted. Meaning, your trusted devices retain sole access to your iCloud Data.

However, you have to opt-in to this feature by going to Settings > tap your Apple ID > tap iCloud > iCloud Backup > Scroll down to Advanced Data Protection and tap on it.

**Analytics data**

Based on our analysis, Apple may provide partners and developers a subset of analytics data and information that may be relevant to them and statistics on how you use their app, product, or services.

On your iPhone, you can choose not to share this data by going to Settings > Privacy & Security > Analytics & Improvements, and turning off “Share With App Developers.” Once this is turned off, Crash Data and app usage statistics will no longer be shared with Apple or third-party developers.

**Location data**

Location Services allows Apple, third-party apps, and websites to gather and use information based on your iPhone’s location so as to provide location-based services.

For example, Location Services comes in handy when using ride-sharing apps to be picked from and go to certain locations or when searching for a vegan restaurant near you.

Apple says, “Location Services uses GPS and Bluetooth (where those are available) along with crowd-sourced Wi-Fi hotspots and cell tower locations to determine your device’s approximate location.”

Crowdflow.net aggregated data from 1000 iPhone logs in an attempt to create a map of Wi-Fi hotspots. Here’s an example of Wi-Fi networks in Germany.

Image source: crowdflow.net

Apple maintains a database of crowd-sourced Wi-Fi hotspots like this globally. According to Apple, all this Location Data that’s transmitted from your iPhone is collected by the company anonymously.

**Face ID and Touch ID**

Touch ID and Face ID (Apple’s facial recognition system) are biometric authentication methods used on iPhones to unlock the device and make purchases.

Apple stated that “The probability that a random person in the population could look at your iPhone or iPad Pro and unlock it using Face ID is less than 1 in 1,000,000.” Apple utilizes the TrueDepth camera and an infrared image of the face to form an image of your face.

Furthermore, due to COVID-19, Apple added a feature that allows Face ID while wearing a mask. With that said, there have been issues with Face ID such as twins and closely related relatives being able to unlock each other’s phones. Also, Face ID with a mask increases the probability of false positives.

Although discontinued, Touch ID “creates a mathematical representation of your fingerprint and compares this to your enrolled fingerprint data to identify a match and unlock your device.”

According to Apple, the probability of a random person unlocking your device using Touch ID on the first try is 1 in 50,000. However, security researchers have found that Touch ID could be fooled using 3D-printed fingerprints.

In regards to the privacy and security of your Face ID and Touch ID data, Apple assures users that the biometric data does not leave their device and is never backed up to iCloud or anywhere else.

Instead, it’s encrypted, stored on the device, and protected with a key available only to the Secure Enclave. Furthermore, disabling Face ID on your device also deletes the Face ID data, including mathematical representations of your face, from your device.

**Siri privacy**

Siri Data (the data Siri collects about you) is linked to a random identifier and not your Apple ID, email address, or other data Apple may have on you. Meaning, your Siri Data cannot be linked back to you, according to Apple.

With that said, Siri sends all your voice inputs to Siri servers for processing. This also includes transcripts of your interactions. When you use Siri and Dictation, your device will send other Siri data, such as contact names, nicknames such as “Dad”, music and podcasts you enjoy, names of apps installed on your iPhone and shortcuts added through Siri, and much more.

It’s good to note that Siri dictation, such as dictating notes or composing messages, is stored on your phone. However, dictating in a search box and other dictations are sent to and processed on Apple servers.

Siri Data and requests are not used to build a marketing profile or shared with third parties. According to Apple, they are only used to improve Siri and how it serves you.

**Health data privacy**

The Health app can consolidate data from your iOS device, Apple Watch, and other devices, health records, and apps you use so you can have a more comprehensive view of your health information in one convenient place.

You control which data is stored in the Health app and which data is shared with third-party apps and people you trust.

When your device is locked using a Passcode, Face ID, or Touch ID – all of your health and fitness data in the Health app — other than your Medical ID — is encrypted and inaccessible by default.

If you are using iOS 12 or later and turn on two-factor authentication, Apple will not be able to read your health and activity data synced to iCloud since it will be end-to-end encrypted.

Your iPhone allows you to share your health data with third-party apps that you trust. However, Apple expects you to review the privacy policy of each app that you grant access to your Health data to learn why it needs your data and how it will use it.

**Maps privacy**

Maps on iPhone collects information such as the time of your request, device model and software version, input language, device location, search terms and features you use, the places you view, and your interactions with notifications from Maps, and much more.

Apple says this information is not tied to your Apple ID, and it’s strictly used to improve upon services. Apple also doesn’t store your precise location; instead, they convert the exact location to less precise locations within 24 hours. This makes it difficult for them to identify you based on your location.

Furthermore, according to Apple, “Maps keeps your personal data in sync across all your devices using end‑to-end encryption. Your Significant Locations and collections are encrypted end‑to‑end so Apple cannot read them. And when you share your ETA with other Maps users, Apple can’t see your location.”

In relation to sharing Maps data with third parties, Apple maintains that:

Data that is sent to Apple may be processed and stored by trusted third-party service providers.

However, the company does not specify exactly what kind of Maps data they allow to be processed and stored by the third-parties.

**Gaps in iPhones’ Privacy Enforcement**

Despite Apple’s reputation for being a champion of user privacy, we’ve discovered gaps in iPhones’ privacy enforcement that leave users vulnerable to data breaches and other privacy violations.

These gaps range from security vulnerabilities in Apple’s software and hardware to third-party app developers’ lax privacy practices and the lack of transparency in Apple’s data collection and storage policies.

One of the biggest gaps in iPhones’ privacy enforcement is the lack of transparency in Apple’s data collection and storage policies. Apple collects a vast amount of data from its users, including location data, analytics data, and app usage, among others.

While Apple claims to use this data only to improve its products and services, there is little transparency in how this data is collected, processed, and shared with third parties.

**iPhone’s closed system architecture: privacy nightmare?**

Apple’s closed system is lauded to be an advantage to privacy and security, but is it? In a 2021 article, The Washington Post revealed how the nature of iOS makes it vulnerable to attacks. The article detailed how Pegasus spyware – developed by Israeli cyber-arms company, NSO Group – was successfully used to infiltrate iPhones belonging to journalists, human-rights activists, and public office officials.

The Washington Post reported out of the 34 iPhones tested by Amnesty International Lab — 23 showed signs of a successful Pegasus infection and 11 showed signs of attempted infection.

Once the Pegasus mobile spyware infects an iPhone, it can access all features and data just like the owner, effectively monitoring your phone.

Furthermore, due to the tight control Apple has over the hardware and software running on its devices, the company sometimes restricts access to companies offering competing services. By doing this, Apple ensures users stick to their services such as App Store, Apple Pay, Apple Music, Apple Books, and Apple Weather.

For example, in 2021, the European Union (E.U.) charged Apple on the grounds that Apple undercut competitors whose services competed with Apple Pay, such as PayPal.

The EU claimed that Apple restricted access to the hardware and software in its devices that enable communication with payment terminals in stores, known as Near Field Communications (NFC).

**Data collected without user consent**

Apple says it only collects data that users have consented to help the company improve services and user experience. However, according to security researcher Mysk, this is not the case.

Tommy Mysk found that despite users disallowing Apple from collecting their data for analytics, the company still went against their request and collected their data. Mysk filed a lawsuit against Apple for these practices.

Furthermore, in January 2023, CNIL – the French data protection watchdog – found that iOS 14.6 automatically read identifiers on the user’s iPhone that enabling Apple to personalize ads on the App Store.

The processing occurred without Apple obtaining proper consent from users. CNIL imposed a sanction of €8 million on Apple.

**How does Apple manage third-party data requests?**

Apple claims that privacy is at the center of everything it does. However, if we are to take a closer look at how it responds to data requests from authorities and other third parties, we quickly find this couldn’t be further from the truth.

For example, Apple’s transparency report revealed that the company responds on average to 85% of data requests (from all countries) from law enforcement.

To make it worse, a New York Times article found out that Apple uses a third-party company as a proxy to comply with China’s data requests on Chinese citizens. In other words, this allows Apple to say, “Hey, we are not handing over customer data to the Chinese government.” Well, at least not directly.

In the same article, the New York Times noted that Apple hands over data of oppressed groups