Apple cares more about privacy than, e.g., Google, for sure, but it is extremely complicated to use an iOS device without an Apple ID, and Apple employs "know your customer" logic that caused me to give up after a few hours trying to create an Apple ID not connected with my real name and credit card.
Not sure what you tried and from which location, but Apple doesn’t need the real name or a valid payment method for creating an account to be used for purchases. Such an account can be used to get all the free apps and content on its stores.
On the other side, does stock Android allow one to use a phone without creating a Play Store account and associating it for other services from Google? I’m just curious how that works. I’d presume that Google doesn’t need a payment method or one’s real name either.
I rejected buying an iPhone because I could not find reliable information saying how to use one without an account. By contrast it's easy on Android. Follow the "skip" path. Of course then you can't get access to the play store for apps, but there are other sources for apps.
You don’t need an Apple ID, you can “set up later” aka “the skip path”.
If you do need an Apple ID, say, for free apps, you can make one without real name or ID and yes, you can get set up for free downloads from the app store without a credit card.
The UI is no longer the same, but the approach still works from when I wrote about this in 2011:
From my perspective, your threat model is strange.
I'm most concerned with (1) the device and the OS preventing me from accidentally installing malware in the App Store, (2) preventing drive-by malware from the web browser, (3) secure against physical tampering. High assurance authentication (Touch ID, Face ID, etc) is nice, although the account+device registration+provisioning does prevent me from being anonymous to my phone manufacturer+provider, but I have no expectation of that on a smart phone anyway. If I needed anonymity, I would prefer a prepaid burner be a feature phone with no apps at all.
I don't use iCloud because I don't think it fits within my current threat model. That which is synced to Apple servers (beyond my account/authentication info) is banal stuff. If I needed a more secure communication system, I would use an app specifically designed for it and not owned by an Apple/Facebook, although I'm not sure any lawful company can resist something like a National Security Letter. The best policy is simply not to hand over the content, so it's not subject to the Third Party Doctrine (as flawed as it is).
If a nation-state is attacking me, the best option I have is not to have a listening and tracking device on me all the time and probably to use offline-only devices.
I downloaded a copy of my data from Apple and they store the computer serial number, hostname and ip.
I recently found this (I haven't check the source):
> iOS forces users to “activate” devices (including non-cellular) which sets up a remote UUID-linked (also collecting registration IP) database for a given device with Apple for APNS/iMessage/FaceTime/Siri, and then Apple ID, iCloud etc. Apple ought be open to users about “activation” and allow users to avoid it.
If you work for Google, the most effective thing you can do to fight evil IMHO is to stop working for Google.
Stop helping Google create ever more refined digital portfolios on every internet user. Google does not intend for their digital portfolios to fall into the hands of the US Government, but if the US Government ever becomes significantly undemocratic, Google cannot stop that from happening -- and Google's management knows that or would know it if they would spend 5 consecutive minutes being genuinely curious about it.
Stop helping Google turn the web into an ever more refined machine for extracting money from web users while continuing to make the web less well-suited for important purposes it was originally well-suited for: namely the publication of textual and simple graphical information not motivated by profit. (The money flows from users of the web to organizations that use Google to advertise, then to Google.)
