> The thing that gets most on my nerves is the ridiculous "protecting users security and privacy".

There's a distinction between "secure for users by default" and "secure from users"

Apple (and Apple fans) really like to muddy the two.

You can build a perfectly secure ecosystem by default... that still has an escape hatch (covered with warnings) that the user retains the right to use.

Apple chose in its mobile ecosystem, and continues to choose, not to do this.

Ergo, what they're really in favor of is "security from users"

PS: To head off the 'users are the most insecure part of a system' apologism, (a) we're talking about personal devices, not managed ones & (b) with great power comes great responsibility.

This complaint is valid for Google's Android as well for building a remote attestation system apps can use to see if the user has modified the operating system.

In Google's case, at least they have the technical fig leaf of being able to blame third parties.

I.e. Google only implements Play Integrity (nee SafetyNet) attestation. Third parties decide what to use it for. Google has no control over those third parties.

That said, in practice it's 90% about controlling and limiting open source / third-party Android forks.

"Bring Your Own Device" has honestly been pretty pathological in this regard. I like only having my phone on me, I very much dislike the various levels of invasive that corporate compliance software is designed around (Google do...not a bad job here in just having the domains separated, but I'd be much happier if it all had to live in it's own VM with only the access I grant it back to the main device).