XPost: comp.mobile.android, alt.comp.os.windows-11   
   From: this@ddress.is.invalid   
      
   Maria Sophia  wrote:   
   > Frank Slootweg wrote:   
   > >> The privacy decency point is I know exactly where my contacts are stored.   
   > >> Now let's ask you to answer the same question of fact that I just did.   
   > >>   
   > >> Q: Where are all *your* Android mobile-device contacts actually stored?   
   > >> A: ?   
   > >   
   > >   Carlos already answered it and very well and succinctly, so I'll just   
   > > repeat it:   
   > >   
   > >    
   > > In our phones, with a copy in our private area of google servers. Under   
   > > our control.   
   > >    
   >   
   > Hi Frank,   
      
     Preamble: I noticed that you conveniently ignored/snipped the e-mail   
   analogy. Wonder why that is?   
      
   > Thanks for hazarding a guess as to what the answer to the question is.   
   > I am well aware it's scary to answer factual questions on Usenet.   
      
     Not scary at all.   
      
   > Unfortunately, the explanation you gave leaves out an important part since   
   > even if contacts are stored locally and synced to Google, that's only one   
   > tiny part of the picture. Any app with contact access can upload that data   
   > to its own servers, and many do. WhatsApp, Facebook Messenger, Telegram,   
   > Signal (for contact discovery), LinkedIn and many others all do this.   
      
     For WhatsApp that's false. It has been debunked many times and what   
   WhatsApp *actually* does is documented in its legal documents. But it's   
   *so* much nicer to keep repeating the FUD, scare-mongering, urban   
   legends, etc., isn't it!? :-(   
      
     I assume that Telegram, Signal, etc. use similar privacy-protecting   
   measures. Why would they be dumber than WhatsApp?   
      
     Don't know about Facebook and the like, wouldn't touch them with a   
   30-feet pole.   
      
   > And it's not just messaging apps. Contact managers, SMS apps, RCS clients,   
   > dialer replacements, email apps, sharing apps and even spam-blocking or   
   > caller-ID apps routinely upload contact information. They use it for   
   > matching, spam detection, 'smart' suggestions, syncing or building their   
   > own databases. Once you grant access to any app on Android, there's no   
   > technical way to verify where that data goes or how long it's kept."   
      
     I use only very few of those and the ones which I do use, do not   
   *have* a 'mothership' to upload to. Sorry.   
      
   > That's why saying 'my contacts are only on my phone and Google' isn't   
   > accurate in practice. But since you were brave enough to answer the   
   > question (which I knew ahead of time how you would answer it), allow me to   
   > be brave enough to point out on my own system how many apps that may be.   
      
   [Lots and lots deleted.]   
      
   > I have 80 packages with READ_CONTACTS: granted=true.   
   >   
   > Do I know what every single one of them is doing with it?   
   > Nope.   
   >   
   > Q: How many do you have?   
   > A: ?   
      
     16 of which only 4 actively used the Contact permission in the last   
   week) and 1 of those 4 probably does not the permission.   
      
     The ones which have the Contacts permission, but do not use it, are   
   mostly unused (by me) apps. So if I were paranoid, I could remove the   
   permission. As I set all permissions to 'while using the app' (unless I   
   want/need features which require the permission to be always on, there's   
   little incentive to close a hole which is already closed.   
      
     Oh, and the 3 which have and need the Contacts permission are   
   WhatsApp, Messages and Contacts. Wow! I must run and warn my contacts   
   that all their private information is "on the cloud"! I'm sure they will   
   be devastated and severely annoyed by my carelessness and sloppiness!   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)