The problem, now, is rolling it out due to fragmentation.
But the change in iOS13 is the regularly occurring pop up alert to prompt users to pick a lower permission for apps they don’t use often that are also tracking location.
As others have mentioned, iOS has had the fine grain permission for a while. What’s new is the regular prompt.
Some apps do use coarse permission (which maps roughly to wifi/cell tower location).
Early adapters, who are more likely to engage with the bigger questions raised by tech, are likely to use new devices with the latest revision of what Google thinks you should share with the advertising world - lately, this has been giving users slightly more control. Meanwhile, older and cheaper devices (a much larger segment) mostly run older OSes that more more data-sponge-friendly.
So the picky and wealthier customers have reason to tell others "Google is getting better" while everyone else keeps feeding the beast.
The inference you haven't made yet is what the proportions of the users in the "early adopter" and "general user" categories are in countries that are NOT the United States or Europe.
Hint: most of Google's Android users aren't in the US or Europe at all. Instead they're in countries where there are much more pressing social, political, or economic issues for governments to address that easily sideline privacy concerns with minimal lobbying funds.
On the flip side of this, Apple can focus on privacy and security as a brand largely because their customer base consists almost entirely of the affluent and business class of society worldwide. Everyone who would otherwise be exploitable is priced out.
Take the end to end encryption in iMessage. It doesn't mean anything: like all such schemes Apple can push a new key to your friends phones, or a software update that selectively disables it, at any time they want. There may already be back doors there nobody knows about. The user could never detect this nor do anything about it even if they did. But Apple use it to claim they care about privacy.
On advertising, Apple only decided advertising was bad and privacy invasive after their own iAd initiative flopped completely. When Jobs thought Apple could compete directly with Google on advertising he was all about how beautiful and usable Apple ads would be.
Apple's all about privacy except they want you to upload everything to their cloud. They're all about privacy except they have root on all your devices. Note: this is unlike Android, where the root keys for the devices are owned by OEMs who sandbox and review/audit Google's software, and the OEMs in turn don't have access to the Google cloud data. Some Android devices don't even use Google services at all.
For Apple privacy is a marketing angle. It can be seen in the way the latest iOS/Android versions don't differ from each other in any significant respects.
Google would need to make it a requirement for bundling their services. Since the major distributers are utterly dependent on Google/Android, they'd do it.
Making it a legal requirement would be challenging, but making it a de facto requirement for all major phone vendors is easy.
Even when going with official Google phones: my Nexus 5 is way out of date OS-wise.
Is it? Slower than on more recent ones I agree. But processors architecture and components has not changed a lot.
If Microsoft manages 10 years on wildly more diverse hardware with their OS, I don't see why it is not possible on official Google phones.
An added benefit of that is a removal of the manufacturer's bloat ware and the ability to compile things yourself, allowing you to modify everything.
If there's no good unofficial/open source software for the device, don't buy it or you're going to be miserable in 0-2 years.
That might actually be the majority of active Android devices if you look at the marketshare statistics.
I think it's actually somewhat embarrassing that the tech industry hasn't been able to provide a low cost, reasonably secure smartphone platform that can be used for more than a year or two. The only people who can remain secure are the ones who can afford either new Android phones or slightly less new iPhones.
Security is like a luxury item, and the worst part is that most people don't even realize it.
Android: not fixing fragmentation after all this time. Essentially, people with less money get less security.
Apple: not making true budget phones with the same lengthy support windows, though this might change as they emphasize services.
Microsoft: leaving the smartphone market entirely. I used to use Windows Phone and it was clearly better than Android. Android was slow and getting updates was a pipe dream. Windows Phone was like a less locked-down iPhone, and around Windows Phone 8.1 the app marketplace wasn’t half bad.
Had Microsoft put out quality flagship phones consistently on a yearly basis on all four major US carriers, they’d still be making smartphones. But people who wanted windows phones were stuck waiting for Microsoft to reorganize Nokia while they mostly crapped out budget phones and had one or two outdated flagship exclusive to a particular carrier.
Windows Phone 10 arrived too late, it wasn’t as good of an update as 8.1, and it arrived after a long drought of phones.
The "flaw" is that apps you explicitly gave permission to use the camera, can use it! All they've done in P is notice that they can tighten the permission even further so the app has to be in the foreground to use that permission.
The lack of this wasn't a vulnerability though. Mobile operating systems have been implementing finer grained permissions and security through their entire lifespans. For sure that trend will continue. If we spin every improvement to privacy controls as "fixing a vulnerability" it's just a form of crying wolf that will lead people to ignore security updates even more than they already do.
Users will disallow tracking if prompted. The average user won't go out of their way to spoof location data, though.