Depends on your threat model. Are you hiding something from random strangers on your network? Your ISP? Apple? The US government? Another government?

Not an expert but Apple is better that google, not by a lot because they show they care about privacy and stuff but that’s not true. If I had to choose between and undegoogle-able phone and iPhone, I’d pick Apple. Always.

I’d pick GrapheneOS over anything, better than both in privacy and by a lot.

Hey you! Yes, you that think I’m wrong. Feel free to comment this but keep it civil or I’m not responding ;)

I don’t have any experience with iCloud Private Relay, but I’d be surprised if enabling it will make you un-fingerprintable (in which case what are you really trying to accomplish by using it?). Also, who are you trying to stay private from? Do you personally believe that Apple and/or Cloudflare aren’t selling or trading your data? Would you be okay with them being the only ones that control your data if they’re not selling it? It’s a nuanced topic, and likely you’re the only one that can answer your position on that. It’s cliché, but defining a threat model can help a lot with deciding how many conveniences you are okay with giving up. I would likely argue that an Android phone with LineageOS can be made more private than an iPhone, but at the cost of security. Does your threat model need to sacrifice privacy for security?

Regarding iPhone vs Android, I’ve only ever used Android, but my friends with iPhones and Macs never seem to have access to the open-source software that I use and recommend, so I feel like that’s a big part to consider also. You’ll get roped into a proprietary ecosystem where it seems like every little app is trying to charge you money and won’t show you what it’s doing behind the scenes. If you already have an iPhone I’d understand if you need to weigh the economic feasibility of buying an entire new phone just for privacy as well.

Personally, I don’t really trust anything unless I’m given infallible reason to trust it, e.g. cryptographic proofs, audits, zero-trust models etc.; in this world it seems inevitable that someone will take advantage of your trust either today or tomorrow. If someone is truly on your side, they will do everything they can to take the need to trust them out of the equation, and failing that they should make it as clear as they can what trust is still mandatory and why. If you want to trust someone that doesn’t meet these standards, you do so basically at your own risk, and you’ll have to start doing some mental calculus on what they could get from you, what they might want it for, and how eager you think they would be to start misusing it (e.g., if you pay for a service, the servicer may feel less compelled to subsidize their income by selling your data).

There’s no easy answer to your questions. It depends on what threats you’re trying to defend against. If your primary concern is adversarial law enforcement with Cellebrite et al., a current iPhone, especially with Lockdown Mode enabled, is certainly the next best thing to Graphene that we have.

Personally, I have access to Private Relay, but never use it. That’s not because I don’t trust it, but because I only ever use VPNs to spoof my GeoIP. And you can’t do that with Private Relay.