XPost: comp.mobile.android, alt.comp.os.windows-10   
   From: mariasophia@comprehension.com   
      
   Jeff Layman wrote:   
   > On 10/02/2026 21:56, Alan wrote:   
   >> On 2026-02-10 13:51, Maria Sophia wrote:   
   >>> I have 78 or 79, including system apps that have read permission to my   
   >>> contacts, although none of them can get even a single contact from me.   
   >>   
   >> How in the hell does that sentence make sense?   
   >> Can someone help me out here?   
   >   
   >  From what I remember has been previously written, there are no contact   
   > names stored anywhere on Maria Sophia's phone. I guess it means that   
   > when a message is received (eg email or SMS), and the Contacts app   
   > offers to store the senders name as a contact, that offer is refused   
   > every time.   
   >   
   > The contacts could instead be stored in a text file with email addresses   
   > and phone numbers next to them.   
   >   
   > BICBW   
      
   Hi Jeff Layman,   
      
   Long time no see. Good to hear from you again on the Android newsgroup!   
      
   Can you please check how many apps (including system apps!) can read your   
   contacts database for this group-wide survey. Just make sure you include   
   system apps because most people don't realize they abound on Android.   
      
   The act of storing other people's information on a smartphone is not a   
   private act as it's a shared responsibility steeped in courtesy & respect.   
      
   People who THINK about privacy know which tools are privacy aware, whereas   
   people who just do what the marketing organizations tell them to do, can't.   
      
   I use a privacy-respecting contacts app because it keeps my friends' and   
   family's information out of the 70+ apps on my phone that have permission   
   to read the system contacts sqlite database via Contacts ContentProvider.   
       
      
   Most people would claim they only have a half dozen or so, but nobody who   
   claims that small a number ever has any idea whatsoever how to even check.   
      
   They just guess.   
   They think the GUI is going to tell them the truth.   
    Settings > Security and privacy > Privacy > Permission manager > Contacts   
      
   It won't.   
   It can't.   
      
   For a whole bunch of reasons that I will spare you as this is long already.   
      
   On my Android 13 Samsung A32-5G, that calls this tightly wrapped intent.   
    [com.google.android.permissioncontroller/com.android.permission   
   ontroller.permission.ui.ManagePermissionsActivity]   
   Which is an internal non-public activity inside Android's Permission   
   Controller that displays the list of apps with access to Contacts   
    {android.permission.READ_CONTACTS: granted=true}   
      
   ManagePermissionsActivity only shows the effective permission state for the   
   current user while adb dumpsys package shows all internal permission states   
    C:\> adb shell dumpsys package > dump.txt (two-hundred thousand lines!)   
      
   While dumpsys outputs the truth, the GUI is not designed to tell the truth.   
   That's why in this thread I used adb dumpsys to get at the truth.   
      
   And the fact my phone has over 70 apps with read permission on the contacts   
   is meaningless on my phone because I'm rather intelligent about my setup.   
      
   It's impossible for any app on the planet to get to my contacts even if   
   they have full read permission, because my sqlite database is empty.   
      
   On purpose.   
   Although I could populate it with false data using apps designed for that.   
    Fake Contacts, MIT License, by Bill Dietrich   
       
     "The idea is to feed fake data to any apps or companies who are copying   
      our private data to use or sell it. This is called data-poisoning."   
      
   But I've kept my contacts database empty for years, and I can use a phone   
   as well or better than anyone else on the planet in terms of communication.   
      
   That's what respect for people & courtesy looks like in the digital world.   
      
   I know of you so I know you don't think always the way you're told to think   
   (e.g., when we discussed the "fused provider" years ago as one example).   
      
   So I'm hoping you understand that it's a mark of respect to preserve the   
   sanctity of privacy as contacts are NOT our data to share to 3rd parties.   
      
   Contacts are other people's private information. Treat them as such.   
   Contacts are not ours to share on the Internet without express permission.   
      
   The fundamental way most people store contacts privately is they use apps   
   which are specifically sandboxed so that no other apps can get the data.   
      
   Hence a privacy-respecting contacts app stores its data in its own sandbox.   
   a. Other apps cannot access that sandbox.   
   b. Therefore, our contacts remain private.   
      
   These FOSS apps are designed by intelligent people who care very much about   
   privacy, so they're not like the standard Google apps which do not.   
      
   A FOSS privacy-aware contacts app is "DOpen Contacts" for example.   
    *DOpen Contacts* (Dialer + Open Contacts)   
       
     debug APK available   
    "Even though we are not having any problem sharing our mobile number   
     with all third parties, people in our phone book might have.   
     We should not be sharing their contact information online.   
     This app saves contacts in its own database separate from android   
     contacts. This way no other app would be able to access contacts.   
     Can be used in place of your default phone(dialer) app.   
     It can import contacts from vCard files.   
     So we can export Android contacts and import into this app.   
     Maintains call log as well.   
     Also shows the person's name upon receiving call"   
      
   It's used by people who are courteous to others because it stores the   
   contacts in its own database that the other 50 or so apps can't get to.   
   --   
   The obvious answer is often the one marketing provides for you which   
   means that it's rarely (if ever) the most private way to do the task.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)