From: mariasophia@comprehension.com   
      
   Maria Sophia wrote:   
   > I have 78 or 79, including system apps that have read permission to my   
   > contacts, although none of them can get even a single contact from me.   
   >   
   > How many do you have?   
      
   Most people have no idea how many apps can read their contacts.   
    adb shell dumpsys package > dump.txt   
    grep -Ff pkgs.txt dump.txt | grep "READ_CONTACTS: granted=true" > read.txt   
      
   Caring about other people¢s privacy means recognizing that our choices   
   about data don't just affect us because our choices about data can expose   
   everyone near and dear to us whose information we hold on our phones.   
      
   Generally the Settings "privacy" UI is a polite fiction compared to what   
   dumpsys actually reports (where dumpsys is hundreds of thousands of lines).   
      
   Some apps get READ_CONTACTS because they are:   
    the default SMS app   
    the default Dialer   
    the default Contacts provider   
    the default Assistant   
    the default Phone app   
      
   Settings might not show these as "granted" because they're not   
   user-controlled. But as a starting point, the Settings GUI isn't all that   
   bad either in my comparison tests just now compared to dumpsys.   
      
   Also, settings doesn't provide the granularity of   
    GRANTED_BY_DEFAULT   
    SYSTEM_FIXED   
    GRANTED_BY_ROLE   
    REVOKED_COMPAT   
    USER_SET   
    REVIEW_REQUIRED   
      
   Also, settings only shows the current effective state.   
   And settings only shows the current user's permissions.   
   But Settings wasn't too shabby either (I had expected it to be worse).   
      
   My main point is that most people have no idea that the courteous thing to   
   do is to care to think about protecting other people's contact information.   
      
   I do that by using apps that don't store the contacts in the Android   
   contacts database, but if people have other caring methods, I'm all ears.   
      
   The problem is that there could be scores of apps that can read contacts.   
   Any one of which has access to the entire contacts database at any time.   
      
   While dumpsys is the best way to find which apps have read permission to   
   our contacts sqlite database, my Android 13 Galaxy has   
    Settings > Security and privacy > Privacy > Permission manager > Contacts   
      
   Guess what it shows?   
   Yup. I's a brazen lie.   
      
   It shows "15 of 60 apps" have permission. Heh heh heh... but that's a lie.   
   It shows "Allowed" and "Not allowed" (but not "Allowed only while in use").   
   When I click the 3dots & then "Show system" apps, it shows 78 pkgs though.   
      
   That's pretty close (and some of those are duplicates too).   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)