The truth of "users want control" depends on how closely your users' preferences resemble each other with regards to the particular service you're providing. If you can make one set of choices that works for all users, then no, users don't want control. If you can't, then the users will be demanding that control whether you give it to them or not, and if you don't they'll go elsewhere.
If you're small, you get to sidestep this distinction by defining your market carefully. Apple is one company that famously does not give users control. Is it true that PC users don't want control? No. That's why Windows has 80% market share in PCs and Android has 75% market share in mobile. But it's true of Apple customers, and in return for giving up control, they get a well-integrated user experience that's relatively bug-free, just works, and requires no extra thought on their part. You could look at dealing with hardware incompatibilities, avoiding crapware, integrating systems, and so on as services that Apple provides to its customers, and as a result they can charge a premium on their devices and make handsome profits.
This model falls down for public policy, like privacy, because people have different priorities that lead to different tradeoffs. I will happily give Google my location if it helps me avoid traffic jams, something many HN readers object to. I will post semi-identifiable comments on Hacker News, because I've derived fairly significant benefit from comments here. I don't generally post pictures of my family on Facebook. I certainly don't document my every waking moment with Instagram. Many other people make different tradeoffs, and that's their right.
It's debatable which bucket health care falls into - I suspect most people are in the "just make it work" camp until they dig into the details of exactly what experience and cost "just make it work" entails. I'll point out that the Apple experience for health care is completely possible with Kaiser Permanente and other managed HMOs, if you are willing to give up your choice of providers. Stay within their network and everything "just works", but then you have to stay within their network.
Apple gives their users forms of control, but not necessarily the forms that HN commenters agree with.
For example, this week I was explaining to someone how different the iOS (possible) and Android (impossible) processes are for finding and removing spying crap if you don’t know how to operate technology very well.
I showed them Settings > General > Profiles on my phone, explained briefly that I’d opted in to them, and that they wouldn’t have that because they weren’t a developer.
They had it! For a coupon email spam account. That they’d tried out a year ago and were now unable to completely remove. They removed it immediately.
No, we can’t root iOS devices reliably (rarely at all), but in exchange, non-technical users gain control over their device to a degree that rootable devices make impossible.
It’s not about whether you have control, it’s about whether you have the degree of control you desire, and whether that control provides the needs you desire.
I, an advanced technical user, use iOS because I can prove efficiently that it’s unharmed. I consciously gave up a rooted device with a keyboard for it. I have a 50% typo rate and I miss a lot of things. But the need for safety is paramount, or else everyone protected by my MFA tokens is at risk from attacks so severe I can’t even fathom.
I can't use iOS because it doesn't meet my needs: T9 Dialer, Homescreen customization, Guest mode/Multiuser (not Guided Access), better notifications, real Firefox, better multi-tasking etc.
Add: I also think it's unfair to compare the security capabilities of a handful of Apple phones with the countless Android phones out there. People have the option of buying Android phones from Google, which have comparable security guarantees as any iOS device (while allowing root access to people who actually desire that).
If it can be rooted by you, it can be rooted by someone close to you, at which point it can be modified to install competent spyware tooling that hides that it’s rooted. Women who have been stalked by their exes will be quite familiar with the risk this poses. So will people who need Tor Browser to keep them safe from their governments.
I’d accept this as fine if I had to order it rooted from Google in hardware, so that the bootloader could show an unskippable “This is a rooted device and lacks critical security protections against malware attacks” warning.
Sadly, that’s not currently on offer. While your needs are legitimate, offering rooting in software on consumer-facing devices is more dangerous than they can afford. To me, the harm that comes to others isn’t worth it.
> I'd accept this as fine if the bootloader could show an unskippable “This is a rooted device and lacks critical security protections against malware attacks” warning. Sadly, that's not currently on offer.
It is on offer, that is already how Android rooting works on most phones (at least, every Nexus, Motorola, HTC, and LG I've used already does this). You already get that warning you requested and your phone shows some sort of "unlocked" icon on every single startup to remind you your phone has been rooted and your phone auto-wipes all data itself before unlocking too.
We can argue over the particular clarity of the wording and icons and such. But generally speaking, the functionality you are asking for has already been Android standard default for many years now.
The Motorola one is partially acceptable. I had no idea, thank you! It’s unfortunate they fail to mention the threat of spyware, since that would make more sense to a typical consumer than “you’ll shoot your eye out, kid” as shown here. More work to do here, Motorola.
Do all manufacturers offer that sort of clear warning text, or just Motorola? The unlock icon alone is meaningless.
Do they warn non-technical users on every boot that their device could be used to spy on them in language plainly understandable to a consumer?
I’m glad they have any warning at all - but warning in tech developer terms and warning in consumer-understood terms are entirely separate problems, as Motorola’s insufficient developer-focused terminology demonstrates.
You have moved the goalpost quite a bit by expecting such high standards from Android. As in you're asking for a message that absolutely every user can understand, while for iOS you've been totally fine with power users being necessary to identifying threats.
My Sony and a Huawei I set up for a family member show similar warnings after unlocking them, btw.
At least on my Motorola phone (which isn't the very very latest model, but still), the warning can certainly be bypassed by simply swapping out the boot logo animation (and personally I'm glad about that).
> and your phone auto-wipes all data itself before unlocking too.
This is something I hate with a passion, at least until Google manages to provide a solution that allows me to do a full device backup including all media, game data, Authenticator tokens, whatever, and restore it to another device with nothing missing, and that does NOT work via uploading everything in clear to the cloud.
Apple does this, Android requires rooting via hacks to do a real backup.
> offering rooting in software on consumer-facing devices is more dangerous than they can afford
Mac books have offered "rooting in software" for years and years. And it has not been "more dangerous than [consumers] can afford".
> So will people who need Tor Browser to keep them safe from their governments.
Remember the Apple vs. FBI saga from a few years ago? There, a "non-rootable" device protected someone (briefly) from a government. But remember, that a "non-rootable" device is actually a device that only the manufacturer and their authorized agents can root. In other words, the device is secure against the user to prevent the user from doing as he pleases and for the manufacturer. This is exactly what a malevolent governement would need to spy on people.
It does, because the only way to infect an iOS device is to install a profile, which is immediately apparent upon a three tap inspection, and can be then removed with no technical skills at all.
However - in light of the Motorola approach I think Apple should forcefully notify users that there are profiles installed at every boot, which will be once a month or so on their usual update cycles. That would be perfect. I’ll open a bug for them now.
It means it cannot be secretly "rooted by someone close to you", or any one else for that matter.
If you grab your phone one day, and it is completely wiped, you will notice this right away. At this point, you can investigate -- this can be as simple as looking at screen during the boot; or non-trivial key combo, as Samsung requires [0]. If indicator shows non-tripped, you can be sure the phone is not rooted.
I agree that this is more complex than Apple, but in practice, it never happens -- I had a few phones slowly fail on me, and they never spontaneously self-wiped. So if your non-technical relative wants to get Android phone, just tell them: "Phone suddenly forgetting every single account is VERY BAD and a sign of EVIL HACKERS. If this happens, call me right right away from a landline, do not use this phone at all". And they will be as secure as if they had Apple.
I used to regularly backup and restore an Android phone after rooting it, because I was updating carrier files and testing out different releases. I’m sure that the capability to take a backup and restore it is available to spyware software developers. If I have competent software in-hand to use the root access to copy over non-HSM internals, then this argument is void.
And for non-technical folks, the same spyware devices that police use to make perfect replicas could just as easily restore them with a spyware infection.
They’d lose HSM-stored things like fingerprints and NFC payment tokens, but people shrug off things like that and just go set it up again or enter their passwords when a pop up appears.
If this Knox throws up an unavoidable, non-technical warning in that scenario, that openly cautions them not to enter any passwords and to take their phone to the authorities, then I will happily accept that things are better than I expected for Android today.
Huh. The last time I tried to take a normal backup and restore it, it got less than half the apps. I absolutely depend on Titanium Backup and without it I have to reinstall everything.
> No, we can’t root iOS devices reliably (rarely at all), but in exchange, non-technical users gain control over their device to a degree that rootable devices make impossible.
Can you elaborate on that? I read up on Apple's configuration profiles and they sound like Android's device administrators -- which can be easily removed from Settings -> Security -> Device Administrators [0]
The dominance of Windows and Android has nothing to do with whether users want control. It is because they are cheaper.
If you compared how many people buy a $1000 iPhone vs. a $1000 high-end Android phone, you would see completely different numbers.
My anecdotal observation is that when people aren’t price-conscious (either because someone else is paying for their device, or because they have a lot of disposable income themselves), they prefer Apple >95% of the time.
Your assumption doesn't account for the fact that the most common devices are Samsung Galaxy phones which aren't the cheapest on the market. While pricing certainly has an impact on some markets, in others it's more about prestige and surpringly iPhones have lost a lot of their prestige as they aren't far and away better phones than Android phones. They're still good phones and the Apple watch is hands down the best smartwatch on the market. My evidence is based on sales figures year after year. Currently devices like the Xiaomi Redmi and Samsung Galaxy lines are tops. When Apple tried a cheaper line it didn't sell as well as their higher end line. I'd argue that Android dominance isn't currently because of control either, it's because of ecosystem. It's easier to find an Android phone that meets your needs than an iPhone. That because there's only a few iPhones and hundreds of Android devices.
> I will happily give Google my location if it helps me avoid traffic jams, something many HN readers object to.
The fact remains, you have no clue what they do with that information, how long they keep it, and how many other people have done so. You can't review the code that collects the data, sends the data, processes the data, purges the data. You can't predict how the data will be combined with other data, and you can't control whether or not they share it with third parties, law enforcement, or intelligence agencies. You can clear your history and hope they abide by their word and comply with relevant laws, but fundamentally you don't know.
In essence, you have no clue what you are getting yourself into. Because traffic, or something.
Society-scale, this is a serious issue, especially when the default is "on". Opt out!
While I agree with the rest of your post I want to respond to this particular part of it:
>I will happily give Google my location if it helps me avoid traffic jams, something many HN readers object to.
The premise of this statement is that you have to give them this data to avoid traffic jams as part of an inherent bargain, but that's not the case. Yes at a very basic level maps apps need to access GPS to work, but the implementations matter. Apple Maps was specifically designed so that you can have those features in a privacy-preserving manner [1]:
>“We specifically don’t collect data, even from point A to point B,” notes Cue. “We collect data — when we do it — in an anonymous fashion, in subsections of the whole, so we couldn’t even say that there is a person that went from point A to point B. We’re collecting the segments of it. As you can imagine, that’s always been a key part of doing this. Honestly, we don’t think it buys us anything [to collect more]. We’re not losing any features or capabilities by doing this.”
>The segments that he is referring to are sliced out of any given person’s navigation session. Neither the beginning or the end of any trip is ever transmitted to Apple. Rotating identifiers, not personal information, are assigned to any data or requests sent to Apple and it augments the “ground truth” data provided by its own mapping vehicles with this “probe data” sent back from iPhones.
>Because only random segments of any person’s drive is ever sent and that data is completely anonymized, there is never a way to tell if any trip was ever a single individual. The local system signs the IDs and only it knows to whom that ID refers. Apple is working very hard here to not know anything about its users. This kind of privacy can’t be added on at the end, it has to be woven in at the ground level.
Google is obviously trying to reframe the privacy debate into "yes we take your data, but it's necessary to give you valuable services" [2][3][4] (these last two takes seem to have just gone with the Google PR rep's package, given the titles) but that obfuscates that they're collecting way more data in a completely unfettered way outside of a specific purpose in connection with providing a service (something GDPR addresses but will probably need to be litigated). Apple repeatedly insists that providing great features/functionality doesn't have to come at the expense of your privacy. And I believe them for the simple fact that Google hasn't really been able to demonstrate what value they offer that only the Surveillance Capitalism model can provide.
Apple Maps not being as good as Google Maps has nothing to do with data collection. The privacy part is just an aside in that article, the main part is how they're making their maps better.
That's a big claim, knowing the GPS coordinates along a whole road, for example, instead of a segment means that road can be mapped. Knowing hotspots of users allows both reporting of congestion likelihood and focus for manual corrections.
I mean a full journey record is useful in itself for some people; no data collection means no telling when someone set off, no feature to keep relatives informed of your location, all sorts of things are ruled out.
Perhaps you mean they only keep anonymised data, but even that rules out some of these neat features.
location sharing is brilliant, i've shared my location with every one of my close friends. if they want to hang out they just ask me if i'm free and instantly show up. of course i disable it on vacations and such but it's really pleasant to not have to coordinate carefully when i'm out and about in everyday life.also makes life amazingly simple in amusement parks to the point where i don't know why amusement parks don't give out location sharing devices to families - no setup, just go
If you're small, you get to sidestep this distinction by defining your market carefully. Apple is one company that famously does not give users control. Is it true that PC users don't want control? No. That's why Windows has 80% market share in PCs and Android has 75% market share in mobile. But it's true of Apple customers, and in return for giving up control, they get a well-integrated user experience that's relatively bug-free, just works, and requires no extra thought on their part. You could look at dealing with hardware incompatibilities, avoiding crapware, integrating systems, and so on as services that Apple provides to its customers, and as a result they can charge a premium on their devices and make handsome profits.
This model falls down for public policy, like privacy, because people have different priorities that lead to different tradeoffs. I will happily give Google my location if it helps me avoid traffic jams, something many HN readers object to. I will post semi-identifiable comments on Hacker News, because I've derived fairly significant benefit from comments here. I don't generally post pictures of my family on Facebook. I certainly don't document my every waking moment with Instagram. Many other people make different tradeoffs, and that's their right.
It's debatable which bucket health care falls into - I suspect most people are in the "just make it work" camp until they dig into the details of exactly what experience and cost "just make it work" entails. I'll point out that the Apple experience for health care is completely possible with Kaiser Permanente and other managed HMOs, if you are willing to give up your choice of providers. Stay within their network and everything "just works", but then you have to stay within their network.