I use an iPhone, but that's really more because of personal preference than any particular security posture. I'm not a particularly attractive target for commercial spyware: I'm a guy who likes to post things on the internet, rather than someone with genuine value. I don't interact with and am not in the business of handling exploits. There's not really any reason why you'd want to pick through the details of my private life or silence me. It would be pretty dumb to target me with an exploit, especially considering that I would be more likely than most to find it and burn it. If you have that kind of money to waste, I can think of a lot better ways to spend it than getting my chat messages.

From your question I am guessing that this is a disappointing answer, since you probably wanted me to point to a specific phone and an explanation of why I think it is better. But any honest security professional is incapable of giving you a simple answer. I have a beat-up iPhone 13 mini because I like small phones and Apple is unlikely to make a new one soon. I have Lockdown Mode off because it would make my life more annoying than it needs to be. My threat model does not include sophisticated attackers that would be thwarted by security mitigations present in a new device or paranoid software. Should it be in yours? Well, I can try to help you answer that question. But for these attacks the problem is that 99.99% of people will never be targeted by them. But it's not very easy to tell if you're part of the 0.01% (these are made up numbers, btw). There are a lot of things you can do that can make you more or less attractive–for example, if you're a journalist, or a political activist, you might be more concerned. But what if your cousin you're close to is actually a VP at Google? More difficult to say. If you connect all the dots you can build all sorts of models where you should turn this on, regardless of who you are. But the fact is that security is not free and they almost always come with some sort of tradeoff against usability or cost. You could be mowed down on the street by an assassin tomorrow but that is generally a bad reason to never leave your house or walk everywhere in a kevlar vest.

My general advice for people, taking into account practicality and ease of implementation, is to go with a fairly modern phone of their pick that gets regular security updates, so they're not the subject of much lower-cost attacks that reuse patched vulnerabilities. I know a lot of the people who work on security at Apple and they're smart people who really care about making things that are good. Whether the walled garden accounts for that, or even if I think they always make the right choices…well, I have Opinions on that but that's for another day. They certainly make mistakes, but they also do good work. If you look at Android you'll see similar, with it pulling ahead in some areas and being behind in others. I've done a lot of research on Apple's security story and worked on Android's but I can only really rank them on specific facets rather than as a whole. Really I would say, pick up an iPhone or Pixel, be careful about things that are far more likely to hurt you (like, say, phishing), and otherwise just keep a pulse on this area if it interests you. Otherwise I think you have more than enough in your life to worry about.

Considering security updates, do you think iOS has advantage in speed? Apple’s usually to roll out security updates to all supported iPhones —often for five or six years— nearly instantly, including critical zero-day fixes, which can be deployed overnight. In comparison, while Pixel devices get immediate updates(but it's only available in a handful of countries), Android devices from other manufacturers depend on their update schedules, which can be slow and inconsistent and often ends after about three or four years. Even with top players like Samsung, there are week delays, especially for non-flagship or older models. In your view, does the pace and longevity of Apple’s security updates tip the balance in their favor, or am I just being biased?

Yes, absolutely (though Apple does not actually ship anything overnight). In fact when I worked on Android one of the frustrations I ran into was the slow pace to roll out security improvements. While Pixel phones get fixes quickly enough the majority of the world is not actually on Pixel devices, so if you want to ship changes you need to get OEMs on board, and then also have users on devices that are still being supported. A lot of the people we covered would simply not get any improvements until they literally bought a new device, in areas of the world with some of the longest lifecycles for those devices.

I switched from Android to iOS because Google forced updates to my phone somehow, even though I had internet access disabled. I only used it as a phone: no email, web browsing, etc. My phone (Blu R2) was a few years old, and after the update, all kinds of stuff was broken. For example, zooming a picture would cause the messaging app to crash. So once that update was installed, I had to enable updates continuously to try to get back to a working phone. But instead, things just kept getting worse. I gave up and bought an iPhone XR on eBay for half retail price.

Most HN folks think diversity is a good thing, and I'm not saying it isn't, but it does have its disadvantages. In my case, I could probably buy new Android phones at least 3x more often than iPhones based on cost, but a lot of people (me) don't want to be fiddling with new phones every year or 2. It was apparent to me that Android updates are not tested thoroughly on older phones. I understand that would be hard because there is a huge variety of hardware, but it's a significant downside of Android IMO.

the suggestion is whatever you do use it should involve a presumption of compromise as the default posture

I don't think this is a useful model to have, because it's too simple and not actionable. Who is compromising you? What is their cost to doing so? What level of compromise can they achieve? If you just go "you are always hacked" what is your suggestion? That I never touch a computer ever again?

That you treat the computer as compromised.

You need to calculate something? Great, do that.

You need to encrypt files, and keep them on your device which is connected to the internet, and want to trust that you are the only person that can access them? Think twice. Can be considered trivial for many attackers to have full access to your device, and assume ring 0 access. They could realistically record all keypresses and your screen, no need to decrypt anything.

Need to hide things from state actors? Never touch a computer again and go live in a cave somewhere until they find you.

> Need to hide things from state actors? Never touch a computer again and go live in a cave somewhere until they find you.

I always found this kind of thinking to be a bit unhelpful. Because what is an alternative? Paper? Hope you don't live in jurisdiction of the country because search warrant is not a difficult thing to get and even an illegal search is not that hard (even outside of the country).

As with everything - people in IT and IT security vastly underestimate the security of IT infrastructure while overestimating the security of non-IT infrastructure. IMO the use of computers makes you much more vulnerable to broad "we monitor the members public for signs of terrorism" kind of spying, rather than specific targeted state actor attacks - as was shown recently with the whole pager fiasco - there are many others non IT vulnerabilities around.

It might have not been that clear, but the "until they find you" in my original comment is worded that way because it's a question of time rather than probability - they're gonna get you. You can try to make it harder (going in a cave, not touching computers) but, realistically, you're getting caught - if not through IT, through things like the pager attack.

Most people are not worried about state actors having an interest in them, my comment was aiming to clarify that as well.