Any chinese phone is a privacy nightmare out of the box and is definitely worse than an iPhone, though this can be mitigated by a large margin with a firewall and debloating of all preinstalled crap.
If you don’t want to worry about that, choose a model that supports some privacy-respecting custom ROMs.
Yes. Xiaomi phones, at least outside the EU and China, are spyware machines. They’re full of unwanted bloatware apps which are impossible to install or disable without root access. Sometimes you will have luck with adb, but that’s still a lot (and there are ads in the system depending on the phone). Along with that, Google play services are still included, meaning that Xiaomi, Google and whoever else xiaomi partners with will have some level of access to your data (with both xiaomi and google theoretically being able to collect everything). Simply from this perspective alone, an iphone is more private as only one company (apple) has unrestricted access to your device.
HOWEVER, many Xiaomi phones support lineageOS. You need to make a Xiaomi account and wait a week or two to unlock the bootloader, but once that’s done you can flash a fully degoogled custom rom and be fairly sure there’s no spying on the OS or application level (provided you use the right apps). There’s still the lithuanian backdoor, but I’m not sure if there’s any proof regarding its existence.
In terms of security, I believe that xiaomi phones are inherently less secure if you were to install a custom ROM, as you will need to leave the bootloader unlocked. Whether that is worth it for you is a different question, but I’ve been using a degoogled Xiaomi phone with an unlocked bootloader for a couple of years with no issue.
If you’re buying new, consider a pixel. Out of the box, they’re about as private and secure as iphones on the OS level (though I wouldn’t trust the goog). However, they support grapheneOS which is probably the most secure OS to exist on a smartphone, and flashing this would give you the best of both worlds. It’s incredibly easy on pixels as well compared to Xiaomi phones (though it is still fairly simple on Xiaomi). I’d stick to pixel 6 and later in 2023 to ensure a steady stream of support.
I would approach this is the reverse order that you have (instead of starting with a brand you want and trying to figure out whether it is privacy invasive or not, start your search by deciding which custom ROMs you might want to use (GrapheneOS, DivestOS, or CalyxOS for example) and then work backwards, see which devices they support (Hint: Pixel phones and maybe a few others) then choose a device from that list).
If you want a simple answer. Buy a Google Pixel phone, 6th gen or newer ideally, if they are available in your region.
Custom roms are something I would look at; what’s a good resource for info? Is there an Android-specific website that deals with jailbreaks, privacy/security etc?
Not sure about an Android specific resource, but here is a good primer, from a reputable source:
There is also XDA forums, this is where a lot of the custom ROM development happens and community is but for the most part that community is indifferent to or downright disdainful of privacy concerns. Still, it is a great resource for custom ROMS, and you can look to see what ROMs are available for the devices you are interested in.
I think you should also consider a used phone, if there is a good used market in thailand. I am not sure what your budget is but in my country I picked up a used iphone SE (2nd gen) for ~130 USD.
this. I am changing my views on used electronics these days. The urge to buy used electronics (too much supply and almost good as new, consoomerism ftw?) and liberating them is too real ( changing the software to make it as stock and private as possible)
You can check FB marketplace there, it may be active or you probably have an country specific app similar to ebay/yahoo auctions.
XDA is pretty much the GOAT here, you can watch a youtube video to get a context of everthing running and then follow a written guide to the teeth. Kindly download the builds from official sources only.
Samsung is in NO way better. No more private, A LOT more bloated, more “ecosystemed” and more expensive (just like an iPhone bruh) than an equivalent Xiaomi device, and this is the exact reason why Xero is seeking to switch to Android.