From: mariasophia@comprehension.com   
      
   Jeff Layman wrote:   
   >> Still, it's a great datapoint where the next question I'd ask of you and   
   >> anyone who has any apps with read permission to their contacts, is are you   
   >> surprised at the number which you found out that "could" read contacts?   
   >   
   > I'm never surprised by anything in Android which compromises privacy.   
   > It's interesting to compare the approach to giving information about an   
   > app in the Google Play Store and F-Droid. The latter clearly has a   
   > section entitled "Permissions" which show what the app will be able to   
   > access (and perhaps modify). Not so the Play Store, which has a vague   
   > section called "Data Safety".   
      
      
   Hi Jeff,   
      
   I agree with anyone who makes a logically sentient statement, where I agree   
   that the Google Play Store is inferior to F-Droid in listing pernicious   
   permissions, and, let's be clear, Aurora's replacement to the Google Play   
   Store client at least lists which apps incorporate GSF which is helpful.   
      
   There's a reason I uninstalled the Google Play Store app years ago. :)   
      
   And I have no problem installing apps from the Google Play Store repo   
   without a Google Account on the phone, so it works better w/o it.   
      
   To your very point, on F-Droidÿs website or within the client, each appÿs   
   page lists the permissions it requests.   
      
   For example, the open-source   
   Contacts app explicitly states it requires permission to ´read your   
   contacts.    
      
   Interestingly, your comment made me dig a bit, which is refreshsing after   
   having responded to the trolls attempting to derail this discussion because   
   they can't add any value, it turns out that F-Droid hosts an app called   
   Permissions Summary which scans your installed apps and lists which ones   
   have access to sensitive permissions, including Contacts (read/write).   
   However, it only shows user-installed apps with ´dangerous¡ permissions   
   (like contacts, camera, microphone, location, etc.) that require explicit   
   runtime approval.   
      
      
   I just downloaded it but it will take a while to test it for the team.   
       
    Name: com.vayunmathur.contacts_6.apk   
    Size: 24131675 bytes (23 MiB)   
    SHA256: A348428B9C0E8526C021C49366B44563C6851FCEE8480C9046B516F466EE75C6   
      
   Drat. It crashes every time. Can you (or someone also helpful) test it   
   for the team? It seems like a decent app to get the "real" permissions.   
      
   In addition, you have Muntashirakon App Manager, which everyone on this   
   newsgroup is well aware of as the best of the best of FOSS Android apps.   
      
   For any installed app, AM shows:   
    Requested permissions   
    Granted vs. denied   
    Whether the permission is runtime, dangerous, signature, or special   
    Whether it was auto-granted by the system   
   So we can instantly see if an app has:   
    android.permission.READ_CONTACTS   
    android.permission.WRITE_CONTACTS   
    android.permission.GET_ACCOUNTS (related to contacts   
   But of course, that's on an app-by-app basis, so it's good, but manual.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)