XPost: alt.comp.os.windows-11, alt.comp.os.windows-10   
   From: mariasophia@comprehension.com   
      
   Frank Slootweg wrote:   
   >> Do I know what every single one of them is doing with it?   
   >> Nope.   
   >>   
   >> Q: How many do you have?   
   >> A: ?   
   >   
   >   16 of which only 4 actively used the Contact permission in the last   
   > week) and 1 of those 4 probably does not the permission.   
      
   Hi Frank,   
      
   Since I'm being nice, I'll just say that you're almost certainly wrong.   
      
   :)   
      
   But even if you're not wrong, the point is most people might not be as   
   aware as you are in terms of the number of apps with contact permission.   
      
   C:\> where grep   
   Reported:   
   C:\app\telecom\whatsapp\WhatsApp-Key-DB-Extractor-master\bin\grep.exe   
      
   Dump the package list (this is 205,996 lines)   
   adb shell dumpsys package > dump.txt   
      
   Extract all package names: (this is 1090 lines)   
   grep -o "Package \[[^]]*\] " dump.txt > pkgs.txt   
      
   Clean up package names:   
   gvim pkgs.txt   
      Remove the stuff before the package name   
      :%s/^Package \[//   
      Remove the stuff after the package name   
      :%s/\].*//   
      Now I have a file of 1090 package names.   
      
   READ_CONTACTS is one of the most sensitive permissions on the device.   
   It exposes:   
   a. names   
   b. phone numbers   
   c. emails   
   d. physical addresses   
   e. notes   
   f. organization info   
   g. relationship tags   
   h. custom fields   
   i. and sometimes even photos   
   And it exposes all of that for every person we know, not just us.   
      
   The fact remains that Android's permission model is layered and messy.   
   Apps can get contact access because:   
   a. they're system apps   
   b. they're carrier apps   
   c. they're messaging apps   
   d. they're backup/sync apps   
   e. they're calendar apps   
   f. they're dialer/phone apps   
   g. they're OEM-bundled utilities   
   h. they're role-based apps (e.g., default SMS app)   
   i. they're granted by default on first boot   
   j. they're granted by the user without realizing it   
      
   Extract all 79 READ_CONTACTS granted lines   
   grep -Ff pkgs.txt dump.txt | grep "READ_CONTACTS: granted=true" > read.txt   
      
   The only missing piece is:   
   Which package names correspond to those 79 permission lines?   
   Drat. That's not easy. There's no relationship other than the   
   Package name is some random number of lines above the permission.   
      
   Sigh. Here are just some of the 79 apps with read permission.   
   gvim dump.txt   
     :A%s/READ_CONTACTS: granted=true   
      
   Search for the read permission is true   
   /READ_CONTACTS: granted=true   
   Go up one line (k)   
   Mark b (mb)   
   Search upward for Package name   
   ?Package [   
   Go down one line (j)   
   and delete to b (d'b)   
   Go up one line and mark a (k)(ma)   
      
     Package [com.samsung.android.app.galaxyfinder] (a71cb6d):   
     android.permission.READ_CONTACTS: granted=true, flags=[   
   GRANTED_BY_DEFAULT]   
      
     Package [com.pw.wifishortcut] (f1607f0):   
     android.permission.READ_CONTACTS: granted=true, flags=[   
   GRANTED_BY_DEFAULT|USER_SENSITIVE_WHEN_GRANTED|USER_SENSITIVE_WHEN_DENIED]   
      
     Package [com.samsung.android.calendar] (7f5fd1f):   
     android.permission.READ_CONTACTS: granted=true, flags=[   
   GRANTED_BY_DEFAULT|USER_SENSITIVE_WHEN_GRANTED|USER_SENSITIVE_WHEN_DENIED]   
      
     Package [com.sec.android.app.bluetoothagent] (e3cd03a):   
     android.permission.READ_CONTACTS: granted=true, flags=[   
   GRANTED_BY_DEFAULT]   
      
     Package [com.srowen.bs.android] (61fd1af):   
     android.permission.READ_CONTACTS: granted=true, flags=[   
   REVOKED_COMPAT|REVIEW_REQUIRED|USER_SENSITIVE_WHEN_GRANTED|USER_   
   ENSITIVE_WHEN_DENIED]   
      
     Package [com.teslacoilsw.launcher] (691f490):   
     android.permission.READ_CONTACTS: granted=true, flags=[   
   REVOKED_COMPAT|REVIEW_REQUIRED]   
      
     Package [ru.perm.trubnikov.gps2sms] (12e629):   
     android.permission.READ_CONTACTS: granted=true, flags=[   
   USER_SET|USER_SENSITIVE_WHEN_GRANTED|USER_SENSITIVE_WHEN_DENIED]   
     android.permission.READ_CONTACTS: granted=true, flags=[   
   REVOKED_COMPAT|REVIEW_REQUIRED]   
      
     Package [com.samsung.android.messaging] (5617264):   
     android.permission.READ_CONTACTS: granted=true, flags=[   
   GRANTED_BY_DEFAULT|USER_SENSITIVE_WHEN_GRANTED|USER_SENSITIVE_WHEN_DENIED]   
     android.permission.READ_CONTACTS: granted=true, flags=[   
   GRANTED_BY_DEFAULT]   
      
     Package [com.google.android.as] (7253597):   
     android.permission.READ_CONTACTS: granted=true, flags=[   
   USER_SENSITIVE_WHEN_GRANTED|GRANTED_BY_ROLE]   
      
     Package [com.google.android.gm] (268efa2):   
     android.permission.READ_CONTACTS: granted=true, flags=[   
   GRANTED_BY_DEFAULT]   
     android.permission.READ_CONTACTS: granted=true, flags=[   
   GRANTED_BY_DEFAULT]   
      
     ... snip ...   
      
   The point of this exercise is that there are plenty of apps which have   
   permission to read your contacts, and, if you're not aware of all of them   
   and what they're doing with your contacts, then we can't say, for sure,   
   that we're protecting the privacy of our family & closest friends.   
      
   Remember, in "my" case, the contacts database is empty.   
   So even with read permission, they get to read nothing.   
      
   But are most people as aware of privacy as I am and, even if they are,   
   are they as considerate to their fellow friends & family as I am   
   by thinking ahead about this problem instead of ignoring it?   
   --   
   The people who deprecate privacy are always those who don't understand it.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)