Apple Damage Control
I bought my first Apple device back in 2004. It was a 4th generation iPod of the kind that were later dubbed “iPod Classic”. A MacBook Pro followed in 2010, after which I never looked back. By now, I’m deeply entrenched in Apple’s ecosystem, with several Apple computers, wearables and mobile devices in the family.
Like many, I was utterly shocked when I learned about Apple’s intention to bring on-device photo scanning to iOS 15 and macOS Monterey. This step has been condemned by many, including Edward Snowden and EFF, and I refer you to the two linked posts for the details of why on-device photo scanning is clearly a step in the wrong direction.
Why on-device though? The logic still escapes me. Apple claims that they will only be scanning the photos to be uploaded to iCloud. Then why do it preemptively on the iPhone instead of scanning the photos that have already been uploaded to iCloud? After all, we half-expect the cloud providers to have access to our data if we choose to give it to them, but not to access the files that are stored locally.
To me, there are three possible explanations here. First, perhaps Apple wants to save on the compute costs involved, offloading the image analysis task to the end users' devices. The second one is that due to some legal requirements, Apple wants to prevent illegal content from landing on their servers in the first place. And the third one is that Apple intends to implement end-to-end encryption for iCloud. That way, they will be able to scan either on-device or not at all — and so they chose on-device.
Whatever Apple’s intentions here, on-device photo scanning is still a terrible idea. So much so that the announcement made me seriously consider jumping Apple’s ship for good. I’ve spent quite a bit of time researching my options, and I’d like to share my findings here, as well as outline my plans regarding Apple products for the immediate future.
Option 1: Do Not Upgrade to iOS 15
It has been revealed that the code for on-device photo scanning exists already in iOS 14 and macOS Big Sur, but supposedly it isn’t being invoked. As such, there is hope that if one stays on the previous OS versions, the scanning will not take place (quite optimistic, I know).
In the past, deferring an upgrade to the latest version of iOS would have been problematic. On macOS, older major versions of the OS continue receiving security updates even after a new major version is released. With iOS, Apple’s approach has historically been “upgrade or fall behind on security”: If your device supports the latest major version of iOS, the only way to continue getting security updates was to upgrade.
Incidentally, Apple decided to change this policy starting with iOS 15. (I wonder if this has to do with the introduction of the photo scanning feature as a way for users to opt out, at least temporarily?) Now you can stay with iOS 14, and your device will still receive security updates. We don’t know for how long, but if macOS is any indication, it could be a couple of years. After all, Apple still provides security updates for iOS 12, which is the last major iOS version for a number of older devices.
Not forcing an upgrade to iOS 15 is definitely a welcome step. Without it, I figure I’d have two to three months to prepare for leaving the Apple ecosystem; now I potentially have a year or more. Still, this will not work as a long-term solution unless Apple ditches its on-device scanning plans.
Option 2: Downgrade to a Feature Phone
I’ve long been a proponent of digital minimalism, and the Apple privacy controversy could just be the final straw for me to ditch smartphones altogether. With that, I could either go for an old phone like Nokia 6500, or buy a modern KaiOS-based feature phone like Nokia 2720 Flip.
The problem with old phones is that they are, well, old. Nokia 6500 supports 3G bands, but with 2G being shut down across the world and 3G following soon, how much time does that leave me? Besides, the amount of storage on those old phones is laughable (Nokia 6500 has 1 GB), and the options for extending that with SD cards are often very limited. That means that I will have to carefully choose which of my music albums to copy over for listening.
A modern feature phone looks like a better proposition. KaiOS devices even have Google Maps and WhatsApp installed. Don’t get me wrong - I would rather not use WhatsApp, but if given a choice between plain insecure SMS and WhatsApp, I would go for the latter any day. It looks like now you can even make WhatsApp voice calls on KaiOS. Additionally, Google Assistant lets you use the dictation to enter texts, which should be better than typing on a numeric keyboard (almost anything would be better, to be honest).
What holds me back is that I actually tried switching to a dummy Samsung phone a few years ago, and I ended up returning to my iPhone. The camera was horrible, there were no music streaming apps, and there was no app for two-factor authentication. Typing messages was a chore. For a while, I was carrying my iPhone alongside the old phone, but then it occurred to me… what’s the point?
I might have better luck with KaiOS but I’m not sure if I’m ready to ditch the smartphone just yet.
Option 3: Android with a Custom ROM
Android with a custom ROM looks like the most viable long-term alternative if I’m going to stay with smartphones. Why custom ROM? Most Android phones are bloated with both Google and OEM apps and have plenty of tracking going on. By contrast, a custom ROM lets you run a system completely free of Google code (a “de-googled” phone) and choose yourself which apps you want to keep around.
De-googling Android is actually quite tricky. A lot of Android apps need Google Play Services to run properly. If you don’t want to install that, your options are microG, which fakes Google Play Services (not always perfectly), or running Google Play Services as a regular sandboxed app with GrapheneOS. Both approaches have their pros and cons.
Some well-known custom ROMs include LineageOS, GrapheneOS and CalyxOS. LineageOS is by far the most popular and can be installed on many Android devices. However, LineageOS doesn’t support features like verified boot, which make its security inferior in a lot of people’s eyes.
GrapheneOS is hardened Android with advanced security features, and it received support from none other than Edward Snowden. However, the GrapheneOS community seems to have a toxicity problem, and, as far as I am concerned, that may not bode well for the product in the future.
CalyxOS is a project of Calyx Institute, a non-profit with a mission to “educate the public about privacy in digital communications and to develop tools that anyone can use”. Nicholas Merrill, the founder of Calyx Institute, has a track record of actually standing up against the government to defend the privacy of his users. CalyxOS seems to be striking a balance between usability and security, and that would probably be my choice if I went the custom Android ROM route.
Option 4: Linux Phone
Linux phones like PinePhone are a really interesting alternative, but they are not suitable for the daily driver role just yet. I hear that the battery life is awful (as little as 12 hours on standby), and the software is in beta state with many essential features missing. In short, Linux phones may improve in the coming years, but they are just not there yet.
(A possibly naive question: Android is based on the Linux kernel and there’s already a vast app ecosystem out there. With the Android Open Source Project, why do we need “pure” Linux on phones at all?)
Conclusion: My Near-Term Plan
After weighing the above options, I’m waiting it out on iOS 14 for now. Apple already announced that they will delay the introduction of the controversial new features; my hope is that the pressure from organizations like EFF will make them abandon their plans altogether.
If that doesn’t happen, I’m probably getting myself a Pixel phone and flashing CalyxOS on it. I’ve never been particularly fond of Android, but I last used it in 2015 and I think it has substantially improved since then.
As far as macOS goes, I’m staying put on Big Sur. That will let me use my Macs for another couple of years, after which it’s probably Ubuntu for me. There will be a few features I’ll miss, but I’m sure it will be OK in the end.
And, of course, I’m not getting any new Apple devices unless Apple dumps on-device photo scanning, which it should in all honesty do.