With iOS we have to trust/hope that Apple is doing the right thing. With Android we can audit the code. Yes, the early permissions model left a lot to be desired, and was subsequently revised. But we could always look at the OS source to see where things might be leaking. Unless, of course, these things are happening in the Google Framework level, at which point, we have to trust/hope that Google is doing the right thing.
Unfortunately more and more functionality has been moved into the closed-source Google Framework over the past few years. Some of this is a result of Android's terrible update situation: the only way for Google to get new software to many Android users is through software they can update, unlike the OS which OEMs control. But the fact that Google hasn't open sourced the Google Framework tells a lot about how "open source" Android really is. I wish we had a decent open source phone OS out there, since I don't trust Apple to produce good software (and increasingly, hardware) and I don't trust Google... well, I just don't trust Google. Our current duopoly is a pretty awful situation for consumers.
Well, you can’t audit the proprietary hardware drivers most android manufacturers use or the many proprietary apps from google etc that sit on top of android or the changes that the carriers make.
I remember when I was an Android developer dealing with several issues relating to the fact that one carrier put a proxy in the networking stack.
