I currently have an Iphone, it doesn’t fit with my threat model anymore though, so I’ve been thinking of buying an android phone and de-googling it. The issue for me is, all of my friends and family use Imessage. So am I compromising my privacy more by switching? Or is it still better to switch to android?
SMS is unencrypted, so iMessage is better. However, Signal is better than both.
If you are compromising your privacy depends on your priority. If you want to ensure your messages are protected, then SMS is a step in the wrong direction. However, if you want privacy from Apple/Google, then this will help.
Overall, I would recommend switching to a deGoogled phone and switch as man contacts to Signal as you can.
Do not touch SMS. Ever.
It’s compleatly unencrypted, leaks all, both metadata and data. It’s not even encrypted client-server so with the right tooling is trivial to compromise it. You gain nothing from using it.
Better meta knowing your metadata than using SMS.
IMessage, as it’s e2e for your Apple friends. SMS is totally unencrypted.
Good, you get e2e for your convos unlike e2e.
What I don’t like about iPhones is that everything is run through iCloud.
You said that your family members all use iPhone. SMS is not encrypted, and can be intercepted easily. It is open to many attacks (Sim swapping, IMSI catcher).
You should have your family members install an app like Whatsapp or Signal. Both of these apps are end to end encrypted. Signal probably has better privacy due to being open source, and Whatsapp is owned by Facebook, so Facebook can access your metadata, but not your messages or calls.
iMessage is E2EE, if you have an iPhone and message another person using an iPhone it is E2EE.
If you have a Mac you can actually use iMessage on your Android Phone with Apps like AirMessage or BlueBubbles. Both apps are open-source.
Do you know if it’s possible to turn my old iphone as a server for these apps?
Yeah, but keep in mind that iCloud backups of iMessages are not E2EE so disabling them is recommended.
In fact some US 3-letter agency (can’t recall which one right now) pressured Apple to not implement E2EE backups for iMessages arguing that it was a great source of info for them.
Let me be a bit blunt here. You are unlikely to get many (if any) of your friends or family to switch messengers to Signal. As awesome as that would be, it is an enormously heavy lift to get non-privacy/security oriented people to move off something if you do not have a better user experience to offer them.
From their perspective, iMessage just works. Why would they switch? From a privacy stand point iMessage is E2EE with the large caveat that if they have iCloud back up enabled then a copy of the key is stored with and accessible to Apple (and anyone with power to compel Apple to turn over data).
SMS is basically an electronic postcard that many technological middlemen will have full access to. Your cell provider, the other persons cell provider, and many ‘back end’ companies that handle the routing between networks for those cell providers. And that is before we discuss outside malicious parties who may have penetrated any of those parties.
So of course getting everyone on an OS-agnostic, E2EE messenger like Signal would be ideal. But if your choice is iMessage vs SMS, iMessage wins by a long shot even if Apple will have access to some or maybe all of those conversations (as described by @ewEfA2jy ). One known party potentially having some of the data is better then many unknown parties definitely having all the data.
With that said, switching phones to an OS you prefer has great value. And there are ways around (over?) the walled iMessage garden like @Encore5805 mentioned. Also I could be completely wrong about your family not being open to switching messengers…but unfortunately probably not.