But OP's comment isn't specific. It's quite general.
A specific summary would at least include details about how AOSP is open source and auditable, so if you de-Google a google phone (which is something that is actually possible, unlike Apple phones) you can be more confident that it isn't spying on you. Other relevant details are that Apple phones are entirely closed. No one can be confident of anything that this black box does. Everyone's lowered their guard because Apple says "no no we're on your side". This move shows Apple actually is not on your side.
Little details like that, damned as they may be, are what make this an upsetting topic.
Their point is general because the discourse has been run through analogies instead of facts. They don’t have specific arguments to respond to. Any time you get to the facts, they’re weak. iOS may be closed source, but there are avenues for introspection: jailbreak, security researcher device program, disassemblers, proxies, etc. You’d be hard pressed to design a scanning system which implements behaviors such as “scan your whole phone” without detection, versus alternative server side implementations where the purpose and processing is totally opaque.
>You’d be hard pressed to design a scanning system which implements behaviors such as “scan your whole phone” without detection
On this point I greatly disagree. Apple has control of the entire stack and shares nothing about it. If you jailbreak an iPhone you still don't know what happens when you send bits of data into any block of an SoC or modem. There are computers inside Apple devices that have no avenue for being audited.
Apple having total control of their devices is deeply ingrained in their technical identity. It only works if you trust Apple. Apple has shown that trusting them is a bad idea. That's why this is news.
The point you have to show is why trusting them has been demonstrated as a bad idea, but instead you take that as given.
The rest of your argument is very ambiguous. Shares nothing about their stack? The entire controversy began with an extremely transparent announcement about future, planned behavior.
Jailbreaking gives you visibility into the application processor, and the secure element must be trusted on any modern smartphone. If you compare to devices without one, you are comparing apples to oranges. There are plenty of closed source or hard to audit components of every system. Do you trust your baseband?
Like I said, the argument has been run through analogies and the facts are quite contingent.
Pragmatically, though, AOSP isn't relevant to the conversation. OP was comparing the popular smartphone ecosystems that most people are using, and that basically means the Apple phones and the phones which are running with Google's services.
Very few people are actually running AOSP -- they're running Android builds from Samsung or Google which add a lot of binary blobs into the system.
Telling people "you could have a more secure phone if you strip out most of the systems that the apps you use your phone for rely on" isn't very helpful.
A specific summary would at least include details about how AOSP is open source and auditable, so if you de-Google a google phone (which is something that is actually possible, unlike Apple phones) you can be more confident that it isn't spying on you. Other relevant details are that Apple phones are entirely closed. No one can be confident of anything that this black box does. Everyone's lowered their guard because Apple says "no no we're on your side". This move shows Apple actually is not on your side.
Little details like that, damned as they may be, are what make this an upsetting topic.