This year we’ve seen the rivalries between tech giants like Apple, Google, and even Facebook and Amazon, expand beyond the traditional meat and potatoes realm of hardware and software. Google and Apple in particular are investing heavily in securing their mobile OS’s, while at the same time safeguarding the privacy of user data. Let’s take a look at the changes in Android 10 and iOS 13 to see if we can crown a privacy champion.
They Drew First Blood
Google was the first out of the door with its major mobile OS update, Android 10. Apple followed with iOS 13 only a couple of weeks later. Overall this a win for consumers because Google and Apple are now competing to not only provide a great user experience, but also the best privacy experience.
The changes in iOS 13 don’t really come as a surprise because they are a natural evolution. Apple has spent the last few years really touting how well they uphold user privacy that the “other guys”, Google, didn’t seem to care about. Apple harps on this because Google makes a large part of its revenue through its advertising business. That's why when Google put privacy in their crosshairs, it was a big deal.
According to Google’s CEO Sundar Pichai, “Privacy should not be a luxury good.” We can see their efforts shaping up in Android 10, where privacy takes center stage. Still, Apple has been providing great privacy controls and continues to make sure that users stay in the driver's seat. Let's call this one a tie since it's great to see that you don’t have to choose one or the other to in control of your personal information.
And the winner is: It’s a Draw!
Location, Location, Location
The biggest and most obvious (also potentially annoying) change you will notice when you update to iOS 13 or Android 10 are the granular notifications when apps access your location data.
On Android 10, Google has changed the way that users grant location permission to an app. It is no longer always on or never. Now you have three options: allow all the time, allow only while using the app, and deny. By only allowing location sharing while using the app, that data can’t be collected in the background and potentially sold to advertisers. The changes don't stop there. Let's say you grant an application access to your location at all times. Android will now notify you periodically that an application is constantly pinging your location in the background. This change makes sure you’re always aware and can take action.
On iOS, for some time we’ve had the ability to toggle location services between always, while using the app, and never. With iOS 13, Apple took it a step further and introduced an option to only allow the app to use your location once. The next time you launch the app, it will prompt you to allow it to access your location again. This is great for apps that only need location access briefly to set something up, but never need to access location again. Apple will now notify you with a map along with the number of times an app has collected your location in the background.
While both mobile operating systems are moving in the right direction by giving users more control over location services, I think Apple has done it better here. The fact that they not only let you know when an app is collecting location in the background and will even show you a map is a nice touch. Also, the one time permission is nice to have for those apps that shouldn’t need location permission after initial setup.
And the winner is: Apple
Starting with Android 10, Google is restricting apps from reading IMEI/serial numbers, from launching to the foreground, from viewing your clipboard, and from accessing files stored on your device. All of these things are welcome changes because they prevent bad apps from identifying you or stealing information from your device. For example, by preventing an app from launching to the foreground without any user interaction, the bad app can’t overlay your banking app to capture your credentials.
The most exciting privacy feature Apple announced isn’t quite available everywhere yet. They are calling it Sign in with Apple.The biggest difference with Apple’s approach compared to others, such as signing in with Google, is that Apple will generate a random email address and forward any messages to you. This way the service (or app) provider won’t get access to your real email address, but you can receive any messages sent to you by the service provider. Having this functionality adopted by Google or any other sign in providers would be a huge win for privacy.
In other iOS 13 news, Apple now prevents apps from running in the background when they invoke VoIP services. This will keep a bad app from using the VoIP service to constantly run in the background collecting information about you. A more visible change for users will be the new bluetooth permission. This isn’t a permission to allow an app to use headphones or speakers, but actually to scan for bluetooth devices. With this new restriction, apps can’t figure out your location by scanning for bluetooth beacons without your permission.
All of these privacy changes with Android and iOS are great, but they also have to be easy to access from your device. Google created a specific section within Settings that is all about privacy. It not only covers the types of permissions and which apps have access to those permissions, but also allows users to control the privacy settings of their Google accounts. On iOS, users still need to dig into each application to control which permissions an app can access. I have to give Apple a lot of credit for the Sign in with Apple feature and I really hope this becomes the norm with Google as well. Still, both vendors have made some pretty significant strides, so we will have to call this one a tie.
And the winner is: No one, it’s a Tie
Android Enterprise vs Apple’s new “User Enrollment”
When it comes to keeping your personal data and work data separated, Google has done a great job with Android Enterprise. It gives users two completely separate profiles that do not interact with each other. It seems like Apple device management is taking a small step in that direction with the introduction of a new way to register devices called “User Enrollment.” Let's break down how each of them work.
On Android Enterprise, when a user enrolls their device, a new secure partition is created on the device for the work profile. The work profile is completely managed by your unified endpoint management (UEM) administration team and allows them to place restrictions on what apps you can have and how you can move data around. What is great about this Android device management approach is that you don’t have to worry if you use apps on personal side that your company uses as well. You can have TWO instances of the same application, one that remains untouched on your personal profile and one that is completely managed by your company in the work profile. Google adds a little briefcase icon to your work variant of the application. Also if you leave the company or lose your device, your administrators can only remove the work profile from your device. They will never be able to perform a full factory reset. I think this is the experience that everyone wants when adding their company’s management to their devices.
Apple’s new User Enrollment has some similarities to Google’s approach. First of all, Apple creates a new secured APFS volume on your device to keep work data seperated and secured from your personal data. Apple also restricts your admin from having the ability to fully wipe your device or see your personal apps. Admins will also no longer be able to unlock your device (passcode), enforce really complex passcodes, and most restrictions beyond managed open-in will no longer apply. This enrollment method does require that your administration team create a managed Apple ID in the Apple Business Manager.
User privacy is always front of mind when it comes to enrolling a personal device onto any sort of UEM. People don’t want to share personal data with their employer. While setting the right policies can ease privacy concerns, users will definitely find more peace of mind with these new controls. I will have to give this one to Google for already providing an experience that is decidedly more BYOD friendly.
And the winner is: Google
We all win in the end
Both operating systems do an admirable job protecting personal data. Clearly both Google and Apple are viewing privacy as table stakes, not only in their operating systems, but across all of their products. MobileIron UEM can help safeguard personal data and improve BYOD security. When MobileIron Threat Defense is added, it also protects users from untrusted Wi-Fi, Man-in-the-Middle attacks, device exploits, and phishing. If you would like to learn more about MobileIron’s mobile device management (MDM) solutions, please contact a MobileIron Sales representative here. And oh yah… the winner? Let’s just call it a draw for now.