From: nuh-uh@nope.com
On 2026-02-10 16:22, Maria Sophia wrote:
> Jeff Layman wrote:
>> On 10/02/2026 21:56, Alan wrote:
>>> On 2026-02-10 13:51, Maria Sophia wrote:
>>>> I have 78 or 79, including system apps that have read permission to my
>>>> contacts, although none of them can get even a single contact from me.
>>>
>>> How in the hell does that sentence make sense?
>>>
>>> Can someone help me out here?
>>
>> From what I remember has been previously written, there are no
>> contact names stored anywhere on Maria Sophia's phone. I guess it
>> means that when a message is received (eg email or SMS), and the
>> Contacts app offers to store the senders name as a contact, that offer
>> is refused every time.
>>
>> The contacts could instead be stored in a text file with email
>> addresses and phone numbers next to them.
>>
>> BICBW
>
> Hi Jeff Layman,
>
> Long time no see. Good to hear from you again on the Android newsgroup!
>
> Can you please check how many apps (including system apps!) can read your
> contacts database for this group-wide survey. Just make sure you include
> system apps because most people don't realize they abound on Android.
>
> The act of storing other people's information on a smartphone is not a
> private act as it's a shared responsibility steeped in courtesy & respect.
It's a private act if you buy your smartphone from a company that
doesn't want to monetize your personal information.
>
> People who THINK about privacy know which tools are privacy aware, whereas
> people who just do what the marketing organizations tell them to do, can't.
>
> I use a privacy-respecting contacts app because it keeps my friends' and
> family's information out of the 70+ apps on my phone that have permission
> to read the system contacts sqlite database via Contacts
> ContentProvider. contacts2.db>
Don't you still have to trust that your "privacy-respecting contacts
app" actually respects your privacy.
>
> Most people would claim they only have a half dozen or so, but nobody who
> claims that small a number ever has any idea whatsoever how to even check.
>
> They just guess.
> They think the GUI is going to tell them the truth. It won't. It can't.
>
> It's not designed to tell them the truth.
> That's why in this thread I used adb dumpsys to get at the truth.
Show us that you get a different answer from the GUI tools...
>
> And the fact my phone has over 70 apps with read permission on the contacts
> is meaningless on my phone because I'm rather intelligent about my setup.
Or you could have just denied them permission in the first place...
>
> It's impossible for any app on the planet to get to my contacts even if
> they have full read permission, because my sqlite database is empty.
Wow!
>
> On purpose.
> Although I could populate it with false data using apps designed for that.
> Fake Contacts, MIT License, by Bill Dietrich
>
> "The idea is to feed fake data to any apps or companies who are
> copying our private data to use or sell it. This is called data-
> poisoning."
>
> But I've kept my contacts database empty for years, and I can use a phone
> as well or better than anyone else on the planet in terms of communication.
>
> That's what respect for people & courtesy looks like in the digital world.
>
> I know of you so I know you don't think always the way you're told to think
> (e.g., when we discussed the "fused provider" years ago as one example).
>
> So I'm hoping you understand that it's a mark of respect to preserve the
> sanctity of privacy as contacts are NOT our data to share to 3rd parties.
>
> Contacts are other people's private information. Treat them as such.
> Contacts are not ours to share on the Internet without express permission.
>
> The fundamental way most people store contacts privately is they use apps
> which are specifically sandboxed so that no other apps can get the data.
>
> Hence a privacy-respecting contacts app stores its data in its own sandbox.
> a. Other apps cannot access that sandbox.
> b. Therefore, our contacts remain private.
>
> These FOSS apps are designed by intelligent people who care very much about
> privacy, so they're not like the standard Google apps which do not.
>
> A FOSS privacy-aware contacts app is "DOpen Contacts" for example.
> *DOpen Contacts* (Dialer + Open Contacts)
>
> debug APK available
> "Even though we are not having any problem sharing our mobile number
> with all third parties, people in our phone book might have. We
> should not be sharing their contact information online.
> This app saves contacts in its own database separate from android
> contacts. This way no other app would be able to access contacts.
> Can be used in place of your default phone(dialer) app. It can import
> contacts from vCard files. So we can export Android contacts and import
> into this app.
> Maintains call log as well. Also shows the person's name upon
> receiving call"
>
> It's used by people who are courteous to others because it stores the
> contacts in its own database that the other 50 or so apps can't get to.
And you just trust that they're not lying to you...
BTW, is this you:
I read a couple of posts, and it sounds exactly like you, Arlen!
"I was asked why I consider it rude for people to upload their contacts
without asking permission so I figured I'd copy my response here so that
we can all benefit from the privacy discussion.
Since I put together systems for a living, and since I used to have an
engineering-level TSSI special access designation, I'm likely more tuned
to privacy holes than most people, as I've seen "how they work out there".
Most people, I'd wager, would be shocked at how much is hoovered about us.
This is a technical summary of what actually happens with contacts on
Android and why the privacy risks are not about the SQLite file itself
but about the data flows around it."
"Does hiding your home AP broadcast beacon prevent UPLOAD of your
SSID/BSSID/GPS to Google?"
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
