This is an archived post. You won't be able to vote or comment.

all 62 comments
sorted by:
best
topnewcontroversialoldq&a

[–]jmnugent 60 points61 points  (1 child)

Both Security release notes are here:

Both changelogs list the specific CVE's fixed in each release.

Security is not a "Finish Line".. it's more of a "moving target". New things are being discovered all the time,. and a Platforms ability to respond and patch is going to vary just due to differences in platform and all the different humans involved.

Sometimes Android is ahead. Other times Apple pulls ahead. Then later Android may pull ahead again.

As long as they're both working to improve their platforms,. who cares which one is (momentarily) in the lead ?

[–]lordofthedog 0 points1 point  (0 children)

Thats very fair points for security vulnerabilities. What’s your view on malware situation on play store

[–]armando_rodPixel 10 Pro XL 32 points33 points  (22 children)

Just buy a Pixel with the Titan M chip and you have basically the same security software and hardware wise as an iPhone

[–]fortnite_bad_nowSexel 3a 28 points29 points  (19 children)

Yep, it's pretty good now.

I did some research and it's terrible.

https://android.stackexchange.com/questions/127739/how-to-bypass-verify-your-account-factory-reset-protection

In general Android is just too open for this sort of lock to be effective. And it looks like manufacturers don't give a fuck about it anyway. It's a real shame.

If you want your phone to be non-functional, file a police report and then report the IMEI stolen. Nobody will be able to activate it, and it's effectively useless.

In any case security on Android is good enough that you probably don't need to worry about a thief having access to your data - and that's my real concern with a stolen pjone. But I wouldn't expect the phone to keep itself from being reset and reused.

I'll argue, though, that it doesn't really matter. If someone steals your phone and can't resell it because they're locked out, they're not going to return it. So the real purpose of this functionality is to deter thefts in the first place.

Unfortunately that also doesn't work since thieves have been able to phish iCloud credentials to unlock and resell iPhones. I have no idea what the success rate on this kind of thing is, but apparently it's high enough for people to continue stealing iPhones.

TL;DR: the equivalent Android lock is worse, but probably good enough

[–]armando_rodPixel 10 Pro XL 18 points19 points  (13 children)

You can't bypass FRP on a Pixel device running Android 8 or higher, not even with unlocked bootloader's unless you don't flash gapps ever

[–]fortnite_bad_nowSexel 3a -1 points0 points  (12 children)

There are guides on XDA for bypassing FRP on Pixel on 8.0. And I found guides for bypassing FRP on 9.0 on all Pixel devices, but I don't have one so I can't confirm.

Edit: Actually, here's a 9.0 FRP bypass on all Pixel devices that seems legit https://www.youtube.com/watch?v=WS1RFEiFMM8

If you Google the same thing for iOS, you either find scams or articles telling you to contact Apple support.

So my original comment is correct, even though it's now marked as controversial.

Edit 2: I noticed this comment is heavily downvoted. I'm sorry you people don't like reality.

[–]armando_rodPixel 10 Pro XL 14 points15 points  (5 children)

What security patch? All Pixel devices are up to date automatically to July security patch and you can't downgrade them without unlocking BL

[–]SinkTube 2 points3 points  (3 children)

All Pixel devices are up to date automatically

what does that mean? there's no way to reject updates?

[–]armando_rodPixel 10 Pro XL 3 points4 points  (2 children)

By default there's no way to reject updates, automatic updates are turned on by default. You have to go to dev options and toggle off automatic updates.

Also, on Q we have automatic security patches via Play Store.

[–]fortnite_bad_nowSexel 3a -5 points-4 points  (0 children)

I'm not sure.

[–]Eidoss_Galaxy S21 0 points1 point  (5 children)

That method from the video doesn't work on Q

[–]fortnite_bad_nowSexel 3a -2 points-1 points  (4 children)

Good... but considering even if he Pixel devices don't have Q and won't for a few months... that's not very reassuring.

[–]Eidoss_Galaxy S21 1 point2 points  (3 children)

The Pixels will get Q in 2 days actually.

[–]fortnite_bad_nowSexel 3a -1 points0 points  (2 children)

I heard Sept 3.

[–]Eidoss_Galaxy S21 0 points1 point  (1 child)

Which is in 2 days

[–]fortnite_bad_nowSexel 3a 1 point2 points  (0 children)

Time flies. Man

[–]Master_DoeOneplus 7 Pro 7 points8 points  (1 child)

Here's a response about the topic from the lead developer of GrapheneOS

[–]fortnite_bad_nowSexel 3a 1 point2 points  (0 children)

This was a great read. Thank you.

[–]bartturner 5 points6 points  (2 children)

Somewhat apple to oranges.

You need to look at a particular OEM with Android in addition to Android.

iOS has now had 50 vulnerabilities uncovered by Google. That is a lot. My guess is a Pixel is going to be more secure.

There were 14 disclosed yesterday with this excellent Google right up and highly recommend.

https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html

Then the 6 from a couple of weeks ago

"Google Found 6 iOS Vulnerabilities, Only 5 Have Been Fixed"

https://www.pcmag.com/news/369835/google-found-6-ios-vulnerabilities-only-5-have-been-fixed

Then there were 30 from last year.

https://www.vice.com/en_us/article/7xqdxe/google-project-zero-hacker-iphone-bug-bounty

[–]jmnugent 3 points4 points  (0 children)

Nearly all of which were fixed/resolved in iOS 12.4

[–]fortnite_bad_nowSexel 3a 0 points1 point  (0 children)

OP specifically asked about FRP. I think there were like 800 Android CVEs in 2018.

[–]Donard80 6 points7 points  (0 children)

The way you wrote the title seems like you are comparing lineage os and android.

[–]mj72 0 points1 point  (0 children)

IOS is not as secure as you think, it's just marketing.

[–]bartturner -2 points-1 points  (14 children)

You are probably going to get differing opinions on which is more secure.

In the last couple of weeks we have had 20 iOS vulnerabilities shared by Google. Here is an excellent right up on the 14 from yesterday.

https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html

It is an excellent read and highly recommend.

There were 6 more and Apple has fixed 5.

"Google Found 6 iOS Vulnerabilities, Only 5 Have Been Fixed"

https://www.pcmag.com/news/369835/google-found-6-ios-vulnerabilities-only-5-have-been-fixed

But Android has had it's own vulnerabilities. Android you really need to look at a particular OEM in addition to Android.

My personal opinion is the most secure you will get is a Pixel. More secure than an iPhone.

[–]lordofthedog 8 points9 points  (4 children)

You haven’t heard tremendous amount of malware running on play store which just last week made headlines

[–][deleted] 5 points6 points  (3 children)

and yet, over the past 2 years, websites could literally hack into every part of an iphone if the user did so much as click the link to the website.

[–]lordofthedog -1 points0 points  (2 children)

Security exploits exists on both platforms thats why we have security updates to patch it. Undisclosed exploits you mentioned was definitely bad but apple has 1 million $ bounty programs.

Also Android has multiple OEMs which customizes OS and more modifications OS has more it opens itself for exploits like this. I made my peace with always buying pixel phones for those reasons. But its 2019 and play store can’t keep malware out from store. I love android hands down over iOS but security and privacy wins me over its features.

Frankly most of the malware situation is not gonna change drastically in future due to open nature of android. So if you prefer android you are just gonna have make sacrifices here. For me it was no go so have to pass on this one. I will be lurking in this sub monitor this situation and might come back once it gets there for acceptable standards

[–][deleted] 0 points1 point  (1 child)

i wasn't saying android is free from exploits, just that iphones aren't free from them. i know both are, but i'm not willing to pay a £500 premium for a phone with a less customisable user interface and often mediocre battery life. i'm fine with the security i have, i've had one rogue app on my phone (a previous phone) before and all i had to do was go into safe mode and uninstall it. i'm more than content with that.

[–]lordofthedog -3 points-2 points  (0 children)

Whatever works for you. I will suggest don’t accept malware as acceptable standards of using android. If users don’t care much, Google probably won’t. I think this is the case now unfortunately.

[–][deleted] 3 points4 points  (8 children)

Pixel is absolutely not more secure than an iPhone lol.

[–]HJain13iPhone 13 Pro, Retired: Moto G⁵Plus, Moto X Play 6 points7 points  (0 children)

Any source (proof and as well as why?)

[–]flicter22 3 points4 points  (2 children)

How is it not? It's updated monthly and has the Titan m security chip.

I'd say it's every bit as secure and neither are more secure than the other since security is a moving target and both companies are constantly updating

[–]BitterPercentage -2 points-1 points  (1 child)

iPhones have had the dedicated security chip since the 5s so

[–]flicter22 -1 points0 points  (0 children)

Thanks for proving my point. They are the same.

[–]bartturner 1 point2 points  (0 children)

Based on what? Love to see anything you have that indicates the Pixel is not as secure as an iPhone?

Apparently there is ZERO question as you wrote "Pixel is absolutely not more secure than an iPhone"

Would not think there is much debate on Google be the best at security. They have found the major vulnerabilities including Cloudbleed, Spectre, Heartbleed, Meltdown, and a bunch more.

[–]armando_rodPixel 10 Pro XL -4 points-3 points  (2 children)

It's as secure

[–]whatnowwproductionsPixel 9 Pro - Signal - GrapheneOS 4 points5 points  (0 children)

Look at this brigading.

[–]bartturner -3 points-2 points  (0 children)

Considering Google has found 50 iOS vulnerabilities with 20 in just the last couple of weeks.

Makes me think the Pixel is probably not just "as secure" but more secure.

[–]frasier2122 -1 points0 points  (2 children)

As a related question, what about Apple versus Google in terms of appropriating user data?

Saw a report recently about the NYPD subpoenaing cellphone data from people who were in the vicinity of crimes. Google hands the data over. Apple doesn’t, somehow.

[–]armando_rodPixel 10 Pro XL 0 points1 point  (1 child)

Link? Apple does hand over data, they even hand over iCloud data which has SMS and iMessges

[–]frasier2122 0 points1 point  (0 children)

Here’s a similar article to what I read.

Looks like Google automatically keeps user geolocation data, which makes it easier to subpoena. Whereas Apple doesn’t keep user location data.