From Newsgroup: comp.mobile.android

Carlos E.R. <robin_listas@es.invalid> wrote:

On 2026-02-05 22:32, Maria Sophia wrote:

Carlos E.R. wrote:

On 2026-02-05 19:47, Maria Sophia wrote:

Privacy is a million things where most people only know four or five
of those million things, and just one of those million things that
most people don't know is to keep their contacts sqlite database
completely empty on Android.

We do know. We choose to disregard.

But then you must ask for permission from each contact for you to store their private information on the cloud, which is a lot of work, is it not?

No, I don't have to. Not in Europe.

Not only that, but the contact information isn't stored "on the cloud"
in the first place. But "on the cloud" sounds so conveniently scary, so
why say where it's actually stored, when you can lie about it being "on
the cloud"?

BTW, "*on* the cloud" isn't that bad anyway, but I digress ...

As to the original 'Subject:': What happened to Wi-Fi?
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-06 11:55, Frank Slootweg wrote:

Carlos E.R. <robin_listas@es.invalid> wrote:

On 2026-02-05 22:32, Maria Sophia wrote:

Carlos E.R. wrote:

On 2026-02-05 19:47, Maria Sophia wrote:

Privacy is a million things where most people only know four or five >>>>> of those million things, and just one of those million things that
most people don't know is to keep their contacts sqlite database
completely empty on Android.

We do know. We choose to disregard.

But then you must ask for permission from each contact for you to store
their private information on the cloud, which is a lot of work, is it not? >>

No, I don't have to. Not in Europe.

If we had to, lawyers would have jumped lot long ago at the yugular of
Google. And the regulatory bodies of several European countries. Right
now, France is suing some huge USA corporations for I don't remember
what exactly, related to privacy concerns.

And in the USA Google is also being sued for something big, too.

Not only that, but the contact information isn't stored "on the cloud"
in the first place. But "on the cloud" sounds so conveniently scary, so
why say where it's actually stored, when you can lie about it being "on
the cloud"?

Google would have to state in their conditions that they are going to
make use of the contact list for something akin to publishing it.

BTW, "*on* the cloud" isn't that bad anyway, but I digress ...

As to the original 'Subject:': What happened to Wi-Fi?

--
Cheers, Carlos.
ESEfc-Efc+, EUEfc-Efc|;
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Carlos E.R. <robin_listas@es.invalid> wrote:

On 2026-02-05 22:32, Maria Sophia wrote:

Carlos E.R. wrote:

On 2026-02-05 19:47, Maria Sophia wrote:

Privacy is a million things where most people only know four or five
of those million things, and just one of those million things that
most people don't know is to keep their contacts sqlite database
completely empty on Android.

We do know. We choose to disregard.

But then you must ask for permission from each contact for you to store
their private information on the cloud, which is a lot of work, is it not?

No, I don't have to. Not in Europe.

Not anywhere.

--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Carlos E.R. wrote:

On 2026-02-06 11:55, Frank Slootweg wrote:

Carlos E.R. <robin_listas@es.invalid> wrote:

On 2026-02-05 22:32, Maria Sophia wrote:

Carlos E.R. wrote:

On 2026-02-05 19:47, Maria Sophia wrote:

Privacy is a million things where most people only know four or five >>>>>> of those million things, and just one of those million things that >>>>>> most people don't know is to keep their contacts sqlite database
completely empty on Android.

We do know. We choose to disregard.

But then you must ask for permission from each contact for you to store >>>> their private information on the cloud, which is a lot of work, is it not? >>>

No, I don't have to. Not in Europe.

If we had to, lawyers would have jumped lot long ago at the yugular of Google. And the regulatory bodies of several European countries. Right
now, France is suing some huge USA corporations for I don't remember
what exactly, related to privacy concerns.

And in the USA Google is also being sued for something big, too.

Not only that, but the contact information isn't stored "on the cloud"
in the first place. But "on the cloud" sounds so conveniently scary, so
why say where it's actually stored, when you can lie about it being "on
the cloud"?

Google would have to state in their conditions that they are going to
make use of the contact list for something akin to publishing it.

BTW, "*on* the cloud" isn't that bad anyway, but I digress ...

As to the original 'Subject:': What happened to Wi-Fi?

Hi Carlos (and Frank),

I read EVERYTHING you both write, always, so I appreciate what you said.

Carlos & Frank bring up excellent points that just having contacts in the sqlite location on Android (or in iOS) isn't a privacy hole by itself.

Since I put together systems for a living, and since I used to have an engineering-level TSSI special access designation, I'm likely more tuned to privacy holes than most people, as I've seen "how they work out there".

Most people, I'd wager, would be shocked at how much is hoovered about us.
With that in mind, I will address Carlos' & Frank's stated concerns above.

This is a technical summary of what actually happens with contacts on
Android and why the privacy risks are not about the SQLite file itself
but about the data flows around it.

1. What is Android's local-storage model for contacts anyway?
A. Android stores contacts in a local SQLite database accessed through
the ContactsContract provider.
B. The file is on the device, not on a remote server, so in that narrow
sense it is not "on the cloud" as Frank had astutely mentioned.
C. The real issue is not the file location but which processes can read
it and where they send the data. That locale could be "on the cloud".

2. What about the pernicious sync adapters from the hoovering outfits?
A. Google, Samsung and other account providers register sync adapters
that copy the local contacts to their servers.
B. This includes backup, deduplication, and "smart" features that
require server side processing.
C. Once synced, the data is stored, replicated, and retained under the
provider's policies. Do you trust them? I don't. Not inherently.

3. What about third-party app access to your contacts list?
A. Any app granted READ_CONTACTS can query the entire address book.
B. Many apps upload the data to their own servers for contact
discovery, spam detection, or analytics.
C. This creates shadow profiles of people who never installed the app
and never consented to any processing. IMHO, that's rude.

4. I think it was Carlos who brought up the EU rules on privacy...
A. Under GDPR the people in our address book are data subjects and we
and the service providers are controllers or joint controllers.
B. Storing a friend's number so we can call them is usually covered by
legitimate interest.
C. Uploading their data to multiple foreign companies for profiling is
a different matter and often outside reasonable expectations.
D. Purpose limitation and data minimization apply even if the user
interface makes the upload look routine.

5. Well then, what are the actual concrete technical risks?
A. Social graph reconstruction for one, in that a full address
book reveals who knows whom and which clusters exist.
B. Metadata enrichment for another, in that phone numbers and emails
can be cross referenced with breach corpora & data broker datasets.
C. Hashing does not really protect phone numbers because the space
is small and predictable so brute forcing is considered trivial.
D. Breach amplification is another domino effect where one compromised
app leaks data about everyone in the user's address book.
E. Centralized storage increases the impact of legal compulsion,
insider access, and mass breaches.

6. However, I openly admit an empty SQLite db is an extreme position.
A. It is true that an empty db cannot be synced or exfiltrated.
B. It is also true that most people want caller ID, messaging, and
search, so they accept some risk.
C. More practical controls include denying READ_CONTACTS to most apps,
disabling cloud sync, or using separate profiles for sensitive work.

7. What about using a private contacts app instead of the system database?
A. Apps like DOpen Contacts store entries in their own private
database, not in the system SQLite contacts provider.
B. This means no third-party app with READ_CONTACTS can see or copy
those entries because the private database is sandboxed.
C. Despite being private, the app still provides full functionality
for calling and texting because Android allows a dialer app to
initiate calls and send SMS without exposing its internal contact
store.
D. The app also maintains its own call log so caller names appear
without ever populating the system contacts database.
E. This gives two advantages at once:
1. Privacy, because nothing is placed into the global SQLite store
that other apps or sync adapters can read.
2. Functionality, because we still get caller ID, call history,
search, and messaging without leaking other people's numbers.
F. The only time the system contacts database must be touched is when
exporting the old contacts to VCF for import into the private app.
G. After import, the system contacts can be deleted and the SQLite
database can remain empty forever if desired.
H. Or, we can poison it with random garbage using FOSS tools
which are designed to randomize the SQLite contacts database
<https://f-droid.org/en/packages/me.billdietrich.fake_contacts/>
I. This systematic approach avoids the extreme position of having
no contacts at all while still preventing the usual data flows
that leak other people's phone numbers to corporations sans consent.

8. Summary points that, I hope, take into account a reasonable assessment:
A. As Frank pointed out, the SQLite file is not the privacy problem
in and of itself. It is just a local store that sits on the device.
B. The real privacy problem is the chain of sync adapters, third-party
apps, backups and cross-border transfers that copy the data
elsewhere without the knowledge or consent of the people listed in
our address book. In my rule book, that's incredibly rude to do.
C. Any app with READ_CONTACTS can copy the entire address book which
leaks other people's phone numbers to corporations. Privacy is not
only about protecting ourselves, it is also about not exposing
other people's data without permission. And nobody asks permission.
D. Even if Google Contacts sync is disabled, Google Play Services or
OEM layers may re enable it after updates. Call logs are stored
separately so the social graph can still be inferred.
E. Using a private contacts app like DOpen Contacts avoids these data
flows because it keeps entries in a sandboxed database that no
other app can read. It still provides calling, texting, caller ID,
search and call history without ever populating the system contacts
provider. I'm looking at operating systems with a system approach.
F. The only time the system contacts database must be touched is when
exporting old entries to VCF for import into the private app. After
that the system database can be deleted or even poisoned with fake
entries if desired. To me, that's a far better privacy model than
the model that google marketing gave us out of the box for Android.
G. VCF remains the only universal future proof format for contacts. A
contacts app that cannot export or import VCF is not under our
control. A backup method that requires the Internet is even worse.
H. In short the privacy risk is not the SQLite file but the ecosystem
around it. When we grant contact access or enable sync we are not
only deciding for ourselves, we are also volunteering other
people's data into someone else's infrastructure and threat model.

That is rude in my opinion and it is one of the million privacy
issues most people do not know about because they only know five.
--
The interesting part about privacy is that most people know about a half
dozen of the million things you need to know to do to maintain privacy.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Chris wrote:

But then you must ask for permission from each contact for you to store
their private information on the cloud, which is a lot of work, is it not? >>

No, I don't have to. Not in Europe.

Not anywhere.

Hi Chris,

This year I'm being super nice and not snarky, where my goal is to add
immense value given my medical situation, so I want this to be inclusive.

I read everything you write, so I understand that you feel it's not rude to
not ask for permission from your contacts, and, honestly, I understand that because most people are like sheep who do whatever Google marketing says.

Since I worked in the Silicon Valley for decades putting together complex systems for a living and since I used to have an engineering-level TSSI special-access designation, I am likely more tuned to privacy issues than
most people, as I have seen what they do in those Fort Meade windowless
brick buildings (as they used the software like nobody else ever did!).

There are two ways to do almost anything on a computer, IMHO.
1. The way the mothership wants you to do things
2. The way that makes the most sense to you

While those two ways of doing things might be exactly the same to most
people, that's why I claim there are a million things to do for privacy
where most people only know about a half dozen of those million things.
a. On iOS, I don't do things the way Apple tells me to do them.
b. On Windows, I don't do things the way Microsoft tells me to do them.
c. On Android, I don't do things the way Google tells me to do them.

The only things I do the way I'm told to do them is when my wife tells me!

To the point of backing up contacts, the method I've proposed seems to be
the most privacy aware which doesn't use the net or a mothership account.
Export > VCard

To the point of protecting the privacy of everyone who is in our contacts,
I'm proposing the use of the DOpenContacts (Contacts + Dialer) Foss ware.
<https://f-droid.org/en/packages/opencontacts.open.com.opencontacts/>
<https://gitlab.com/sultanahamer/OpenContacts> debug APK available

Again, since I put systems together for a living, here's a system for us.

This suggested privacy-aware flow avoids the system contacts SQLite
database entirely & still gives full calling and texting functionality.

1. Install DOpen Contacts (Contacts + Dialer) from F-Droid or GitLab.
A. This app maintains its own private contacts database.
B. No other app can read that private database because it is sandboxed.
C. The app includes its own dialer so it can place calls and send SMS
without exposing its internal contact list to the system provider.

2. Set DOpen Contacts as the default dialer.
A. Android 13 has no concept of a default contacts app.
B. Android 13 does have a default dialer and a default spam app.
C. Go to Settings > Apps > Default apps > Phone app.
D. Select DOpen Contacts as the default Phone app.
E. This allows the app to handle calls and SMS while keeping its
contacts private.

3. Export your existing system contacts to VCF.
A. Use any contacts manager that can read the system SQLite database.
B. Export to a VCF file stored on internal storage or SD card.
C. This is the only time the system contacts provider must be touched.

4. Import the VCF file into DOpen Contacts.
A. Open the app and import the VCF file.
B. Verify that all entries appear correctly in the private database.
C. At this point the app has a complete contact list that no other app
can read.

5. Optional: delete or poison the system contacts database.
A. Delete all entries in the system contacts provider if desired.
B. Or use a FOSS tool like Fake Contacts to fill it with random data.
C. This prevents third-party apps from inferring your social graph.

6. Optional: disable Google or OEM sync layers.
A. Disable Google Contacts sync in Settings > Accounts.
B. Be aware that Google Play Services or OEM layers may re enable it
after updates.
C. Check periodically to ensure sync remains disabled.

7. Back up your private contacts safely.
A. DOpen Contacts can export its private database to VCF.
B. Copy the VCF to non phone storage such as a home PC.
C. Encrypt the backup with Veracrypt if desired.
D. Repeat this backup whenever contacts change.

In summary, two FOSS tools help us build a system of contact privacy.
We can consider poisoning the system contacts database for extra privacy
A. Even after deleting system contacts some apps still expect the
provider to contain entries. Leaving it empty can reveal that we
are privacy conscious which is not always desirable.
B. A FOSS tool called Fake Contacts can populate the system contacts
provider with random entries that masquerade as real contacts.
C. These fake entries are stored in the same SQLite database that
third-party apps read when they request READ_CONTACTS.
D. The idea is to feed fake data to any app or company that copies our
contacts for analytics, spam detection or resale. This is called
data poisoning.
E. Data poisoning prevents third-party apps from reconstructing our
real social graph because the fake entries overwhelm the real ones
or replace them entirely.
F. Fake Contacts is available from multiple trusted FOSS sources:
<https://f-droid.org/packages/me.billdietrich.fake_contacts/>
<https://github.com/BillDietrich/fake_contacts>
<https://apt.izzysoft.de/fdroid/index/apk/me.billdietrich.fake_contacts>
G. Poisoning is optional but it adds a layer of plausible deniability
because any app that scrapes the contacts provider will receive it.

When combined with DOpen Contacts this gives us a tiered system model:
1. Real contacts stored privately in a sandboxed database.
2. Fake contacts stored in the global provider to mislead data
harvesters.

As I said many times, privacy is a million things, where most people onlyh
know something like a half dozen of those million things. This approach protects our privacy and also protects the privacy of everyone in our real address book because their numbers never enter the system provider at all.

Overall, this suggested two-tiered flow gives two benefits at once:
A. Privacy, because nothing is stored in the global SQLite contacts
provider that third-party apps or sync adapters can read.
B. Functionality, because DOpen Contacts still provides caller ID, call
history, search and messaging without leaking other people's numbers.

In short this method avoids the extreme position of having absolutely no contacts at all while still preventing the usual data flows that expose
other people's phone numbers to corporations without their consent.
--
As always, anyone can run the low-privacy highly-marketing solutions,
but it takes technical knowledge to run the high-privacy techniques.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-06 19:22, Maria Sophia wrote:

Carlos E.R. wrote:

On 2026-02-06 11:55, Frank Slootweg wrote:

Carlos E.R. <robin_listas@es.invalid> wrote:

On 2026-02-05 22:32, Maria Sophia wrote:

Carlos E.R. wrote:

On 2026-02-05 19:47, Maria Sophia wrote:

Privacy is a million things where most people only know four or five >>>>>>> of those million things, and just one of those million things that >>>>>>> most people don't know is to keep their contacts sqlite database >>>>>>> completely empty on Android.

We do know. We choose to disregard.

But then you must ask for permission from each contact for you to
store
their private information on the cloud, which is a lot of work, is
it not?

No, I don't have to. Not in Europe.

If we had to, lawyers would have jumped lot long ago at the yugular of
Google. And the regulatory bodies of several European countries. Right
now, France is suing some huge USA corporations for I don't remember
what exactly, related to privacy concerns.

And in the USA Google is also being sued for something big, too.

-a-a Not only that, but the contact information isn't stored "on the
cloud"
in the first place. But "on the cloud" sounds so conveniently scary, so
why say where it's actually stored, when you can lie about it being "on
the cloud"?

Google would have to state in their conditions that they are going to
make use of the contact list for something akin to publishing it.

-a-a BTW, "*on* the cloud" isn't that bad anyway, but I digress ...

-a-a As to the original 'Subject:': What happened to Wi-Fi?

Hi Carlos (and Frank),

I read EVERYTHING you both write, always, so I appreciate what you said.

Carlos & Frank bring up excellent points that just having contacts in the sqlite location on Android (or in iOS) isn't a privacy hole by itself.

Since I put together systems for a living, and since I used to have an engineering-level TSSI special access designation, I'm likely more tuned to privacy holes than most people, as I've seen "how they work out there".

Most people, I'd wager, would be shocked at how much is hoovered about us. With that in mind, I will address Carlos' & Frank's stated concerns above.

This is a technical summary of what actually happens with contacts on
Android and why the privacy risks are not about the SQLite file itself
but about the data flows around it.

1. What is Android's local-storage model for contacts anyway?
-a A. Android stores contacts in a local SQLite database accessed through
-a-a-a-a the ContactsContract provider.
-a B. The file is on the device, not on a remote server, so in that narrow
-a-a-a-a sense it is not "on the cloud" as Frank had astutely mentioned.
-a C. The real issue is not the file location but which processes can read
-a-a-a-a it and where they send the data. That locale could be "on the cloud".

2. What about the pernicious sync adapters from the hoovering outfits?
-a A. Google, Samsung and other account providers register sync adapters
-a-a-a-a that copy the local contacts to their servers.
-a B. This includes backup, deduplication, and "smart" features that
-a-a-a-a require server side processing.
-a C. Once synced, the data is stored, replicated, and retained under the
-a-a-a-a provider's policies. Do you trust them? I don't. Not inherently.

3. What about third-party app access to your contacts list?
-a A. Any app granted READ_CONTACTS can query the entire address book.
-a B. Many apps upload the data to their own servers for contact
-a-a-a-a discovery, spam detection, or analytics.
-a C. This creates shadow profiles of people who never installed the app
-a-a-a-a and never consented to any processing. IMHO, that's rude.

4. I think it was Carlos who brought up the EU rules on privacy...
-a A. Under GDPR the people in our address book are data subjects and we
-a-a-a-a and the service providers are controllers or joint controllers.
-a B. Storing a friend's number so we can call them is usually covered by
-a-a-a-a legitimate interest.
-a C. Uploading their data to multiple foreign companies for profiling is
-a-a-a-a a different matter and often outside reasonable expectations.

Not done.

-a D. Purpose limitation and data minimization apply even if the user
-a-a-a-a interface makes the upload look routine.

I assume the contract and the rules are not broken. If they are, I trust
the authorities to impose a hefty fine.

...
--
Cheers, Carlos.
ESEfc-Efc+, EUEfc-Efc|;
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Carlos E.R. <robin_listas@es.invalid> wrote:

On 2026-02-06 19:22, Maria Sophia wrote:

Since I put together systems for a living, and since I used to have an
engineering-level TSSI special access designation,

As per usual this person can't stop self-aggrandising themselves as a
pretence for authority. And as per usual gets it wrong. There's no such
thing as TSSI. He probably means TS/SCI https://en.wikipedia.org/wiki/List_of_U.S._security_clearance_terms

I'm likely more tuned to

privacy holes than most people, as I've seen "how they work out there".

Working with restricted data is NOT the same as handling people's phone
numbers in a phone book.


--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Chris wrote:

Since I put together systems for a living, and since I used to have an
engineering-level TSSI special access designation,

As per usual this person can't stop self-aggrandising themselves as a pretence for authority. And as per usual gets it wrong. There's no such
thing as TSSI. He probably means TS/SCI https://en.wikipedia.org/wiki/List_of_U.S._security_clearance_terms

Chris,
I know EXACTLY what it is. And just like nobody who is a caver ever calls
it 'spelunking', nor do bikers call it 'driving', nobody calls it TS/SCI.

If you run a search, you'll see I've formally called it that for years.
But, when speaking casually, we use the flow of initials (e.g., TSSI).

Just like bimmer drivers and beemer riders don't call their vehicle a BeeEmDoubleYou in casual speech because people are just supposed to know.

If this were a formal discussion, we'd use BMW instead.
And maybe even add the "registered trademark" symbol, i.e., BMW(R)
to indicate the mark is officially registered with a trademark office.

Just like chemistry is a million things, of which most people only know a
half dozen, privacy is a million things of which most people know six.

Take the case of octane ratings, for example, in organic chemistry, where I
was taught in the 1960's what it meant so ever since I could drive, I would nonchalantly innocently and inquisitively ask the person filling up next to
me "What's the difference between regular and premium?".

In decades of asking that question, I've only gotten the correct answer
about a half dozen times, which fits with my hypothesis that people only
know about six of the million things that they need to know about anything.

Privacy is a million things.
Not six.

The point is I've been trained as an apprentice in privacy by one of the
most secretive orgs on the planet in windowless brick buildings, and my
main observation is that they look at a LOT more than we think they do.

Take the well-known Cessna snooping, for example, where to protect against
it you have to know they're doing it first, where that's why you learn to protect against what they 'can' do, instead of what you 'think' they do.

My header-based privacy is to protect from what they "can" do, although,
truth be told, I told them who I was when Rod Speed threatened my life.

I'm likely more tuned to

privacy holes than most people, as I've seen "how they work out there".

Working with restricted data is NOT the same as handling people's phone numbers in a phone book.

Privacy is a million things, of which people only know about a half dozen.

You don't protect against what you "think" they'll do.
You protect against what you know they 'can' do.

If you knew how much hoovering they did, oh, way back in the 80's,
you'd likely be shocked with what they can do today on the Internet.
--
Often those who most deprecate privacy are those who least understand it.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On Sat, 7 Feb 2026 15:41:14 -0500, Maria Sophia
<mariasophia@comprehension.com> wrote:

Chris wrote:

Since I put together systems for a living, and since I used to have an >>>> engineering-level TSSI special access designation,

As per usual this person can't stop self-aggrandising themselves as a
pretence for authority. And as per usual gets it wrong. There's no such
thing as TSSI. He probably means TS/SCI
https://en.wikipedia.org/wiki/List_of_U.S._security_clearance_terms

Chris,
I know EXACTLY what it is. And just like nobody who is a caver ever calls
it 'spelunking', nor do bikers call it 'driving', nobody calls it TS/SCI.

For another data point, I've never heard it called TSSI. I've always
heard it called TS/SCI. When I saw TSSI, I assumed it was a typo.

<snip>

--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-07 21:41, Maria Sophia wrote:

Take the case of octane ratings, for example, in organic chemistry, where I was taught in the 1960's what it meant so ever since I could drive, I would nonchalantly innocently and inquisitively ask the person filling up next to me "What's the difference between regular and premium?".

In decades of asking that question, I've only gotten the correct answer
about a half dozen times, which fits with my hypothesis that people only
know about six of the million things that they need to know about anything.

You do not need to know what is the difference between regular and
premium. But I do know it. My father was a chemist and worked in an oil refinery. One of his initial jobs was to measure the octane number of
gasoline mixtures. I think they used a small gasoline motor adapted for variable compression and or variable advance. I don't remember exactly
and he is no longer in this world to ask him.

...

Privacy is a million things, of which people only know about a half dozen.

You don't protect against what you "think" they'll do.
You protect against what you know they 'can' do.

If you knew how much hoovering they did, oh, way back in the 80's, you'd likely be shocked with what they can do today on the Internet.

That they might do things with the contact list, would be breach of
contract for starters, and illegal, at least here. I don't have to
assume they do and not use the provided contact app and tools. What we
do is legal and normal usage.

Now, if I wanted secrecy, I wouldn't. I would assume the worst.
--
Cheers,
Carlos E.R.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Carlos E. R. wrote:

On 2026-02-07 21:41, Maria Sophia wrote:

Take the case of octane ratings, for example, in organic chemistry, where I >> was taught in the 1960's what it meant so ever since I could drive, I would >> nonchalantly innocently and inquisitively ask the person filling up next to >> me "What's the difference between regular and premium?".

In decades of asking that question, I've only gotten the correct answer
about a half dozen times, which fits with my hypothesis that people only
know about six of the million things that they need to know about anything.

You do not need to know what is the difference between regular and
premium. But I do know it. My father was a chemist and worked in an oil refinery. One of his initial jobs was to measure the octane number of gasoline mixtures. I think they used a small gasoline motor adapted for variable compression and or variable advance. I don't remember exactly
and he is no longer in this world to ask him.

Hi Carlos,

I never disagree with anyone who says sentient things, where both the
common octane ratings are measured using the same standardized test engine
that you remember from when you were a kid since they haven't changed.

In most of Europe they use the Motor Octane Number (MON) while in the USA
we use the AKI system (which is the average of the Research Octane Number
(RON) and Motor methods (R+M)/2).

They're both measured with a motor but under very different conditions.

RON is determined at lower speed, lower temperature, and fixed ignition
timing, which represents mild light-load driving. MON is measured at higher speed, higher temperature and with variable ignition timing which simulates heavy-load, high-stress operation. Because MON is the harsher test, it's usually (always?) lower than RON for the same fuel.

For example, when we see "87 octane" here in the USA, that's roughly
equivalent to about 91-92 RON on your pumps

My point in bringing this up isn't that people need to know the chemistry,
but that many drivers pay extra for "premium" simply because they assume a higher number must be better simply because marketing has decided to charge more for it. Marketing also "markets" it as "better", although, much like
Apple marketing is brilliant lies, they never actually say so outright.

It's the same pattern you see with detergents since all that matters in the
USA is whether the gas is "top tier" or now, where, for example, Costco is
top tier but always gthe lowest price of the nearest five gas stations
(they use an algorithm to determine the price a few times a day).

I was trained in marketing since my undergrad science degree is a bachelor
of arts so I had to take classes in other fields, so I took marketing and philosophy. They fit with science since anything marketed as a premium
version people think is "better" simply based on the name even though, in
some ways it's worse gas. People often buy the more expensive option "once
a month" to "clean out the engine", which is absurd, but trust me when I
say I've heard people claim that's what they have been doing for years.

The chemistry behind octane ratings is real, but the benefit only applies
to engines that require it. For everyone else, the extra cost is just money wasted on a number that looks better on the pump.

My point in bringing this up isn't that people need to know the chemistry,
but that many drivers pay extra for "premium" simply because they don't own critical thought processes so they believe everything marketing tells them.

Don't even get me started on how Apple marketing is brilliant at brazen
lies that are just under the radar to be illegal in all they market.

Back to the topic, a key observation is that we can port contacts easily if
we "upload" them to "the cloud", but that's exactly what "they" want us to
do. Once it's on "the cloud", we have lost control of our contacts.

And, since our contacts are our friends and neighbors, it's like placing everyone's data on a deck of cards and letting those cards blow in the wind around town for anyone else to pick up and use if they feel like it.

Privacy is a million things, of which people only know about a half dozen. >>
You don't protect against what you "think" they'll do.
You protect against what you know they 'can' do.

If you knew how much hoovering they did, oh, way back in the 80's, you'd
likely be shocked with what they can do today on the Internet.

That they might do things with the contact list, would be breach of
contract for starters, and illegal, at least here. I don't have to
assume they do and not use the provided contact app and tools. What we
do is legal and normal usage.

Now, if I wanted secrecy, I wouldn't. I would assume the worst.

I'm not so concerned about "breach of contract" than about malefactors
getting a hold of it, but I'm not saying I know of any cases where
malefactors have harmed our friends and neighbors.

What I'm saying is simply that uploading ANYHTHING to the cloud is absurd
when you have no need to upload anything to the cloud when backing things
up from your Android phone to the Windows PC.

For example, I've backed up my exact home screen to a file, and my ~600 user-added applications to a folder (including split APKs) and my SMS/MMS
to a folder and my contacts to a file and my calendar to a file, etc.

Have I missed anything?

What I can't back up without being root is the /data/data because my
Android is above Android 11 & Samsungs in the USA aren't rootable (AFAIK).

But much of my data is kept on the external sd card which can be popped
into another phone and all that data (e.g., map data) will still work.

The good news is that it turns out to be rather easy to back up everything (including contacts) to the PC with privacy (without using the cloud).

But I do comment, wistfully, that out of a million people, only six of them know how to do it, which is a sad statement about people (if it's true).
--
Privacy is knowing how to do the simplest of things, all day, every day.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-09 18:51, Maria Sophia wrote:

Carlos E. R. wrote:

On 2026-02-07 21:41, Maria Sophia wrote:

Take the case of octane ratings, for example, in organic chemistry,
where I
was taught in the 1960's what it meant so ever since I could drive, I
would
nonchalantly innocently and inquisitively ask the person filling up
next to
me "What's the difference between regular and premium?".

In decades of asking that question, I've only gotten the correct answer
about a half dozen times, which fits with my hypothesis that people only >>> know about six of the million things that they need to know about
anything.

You do not need to know what is the difference between regular and
premium. But I do know it. My father was a chemist and worked in an
oil refinery. One of his initial jobs was to measure the octane number
of gasoline mixtures. I think they used a small gasoline motor adapted
for variable compression and or variable advance. I don't remember
exactly and he is no longer in this world to ask him.

Hi Carlos,

I never disagree with anyone who says sentient things, where both the
common octane ratings are measured using the same standardized test engine that you remember from when you were a kid since they haven't changed.

In most of Europe they use the Motor Octane Number (MON) while in the USA
we use the AKI system (which is the average of the Research Octane Number (RON) and Motor methods (R+M)/2).

They're both measured with a motor but under very different conditions.

RON is determined at lower speed, lower temperature, and fixed ignition timing, which represents mild light-load driving. MON is measured at higher speed, higher temperature and with variable ignition timing which simulates heavy-load, high-stress operation. Because MON is the harsher test, it's usually (always?) lower than RON for the same fuel.

For example, when we see "87 octane" here in the USA, that's roughly equivalent to about 91-92 RON on your pumps
My point in bringing this up isn't that people need to know the chemistry, but that many drivers pay extra for "premium" simply because they assume a higher number must be better simply because marketing has decided to charge more for it. Marketing also "markets" it as "better", although, much like Apple marketing is brilliant lies, they never actually say so outright.

We just have to trust the sales guy from the car company. "Just use
regular as long as they make it."

There was a decision to ditch regular, but it is always postponed.


...

Back to the topic, a key observation is that we can port contacts easily if we "upload" them to "the cloud", but that's exactly what "they" want us to do.-a Once it's on "the cloud", we have lost control of our contacts.

And, since our contacts are our friends and neighbors, it's like placing everyone's data on a deck of cards and letting those cards blow in the wind around town for anyone else to pick up and use if they feel like it.

Sorry, I do not agree. They are still my contacts, and they are not
shared with google.

Privacy is a million things, of which people only know about a half
dozen.

You don't protect against what you "think" they'll do.
You protect against what you know they 'can' do.

If you knew how much hoovering they did, oh, way back in the 80's,
you'd likely be shocked with what they can do today on the Internet.

That they might do things with the contact list, would be breach of
contract for starters, and illegal, at least here. I don't have to
assume they do and not use the provided contact app and tools. What we
do is legal and normal usage.

Now, if I wanted secrecy, I wouldn't. I would assume the worst.

I'm not so concerned about "breach of contract" than about malefactors getting a hold of it, but I'm not saying I know of any cases where malefactors have harmed our friends and neighbors.

What I'm saying is simply that uploading ANYHTHING to the cloud is absurd when you have no need to upload anything to the cloud when backing things
up from your Android phone to the Windows PC.

I do not agree. It is far more convenient, easier, safe enough, and
private enough.

For example, I've backed up my exact home screen to a file, and my ~600 user-added applications to a folder (including split APKs) and my SMS/MMS
to a folder and my contacts to a file and my calendar to a file, etc.

Have I missed anything?

What I can't back up without being root is the /data/data because my
Android is above Android 11 & Samsungs in the USA aren't rootable (AFAIK).

But much of my data is kept on the external sd card which can be popped
into another phone and all that data (e.g., map data) will still work.

The good news is that it turns out to be rather easy to back up everything (including contacts) to the PC with privacy (without using the cloud).

But I do comment, wistfully, that out of a million people, only six of them know how to do it, which is a sad statement about people (if it's true).

--
Cheers,
Carlos E.R.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Carlos E. R. wrote:

Marketing also "markets" it as "better", although, much like
Apple marketing is brilliant lies, they never actually say so outright.

We just have to trust the sales guy from the car company. "Just use
regular as long as they make it."

There was a decision to ditch regular, but it is always postponed.

Hi Carlos,

Just like with leaded gas, they can't just ditch the higher-octane-rated
fuels without actually changing the engines, although truth be told, knock sensors retard timing nowadays when engines feel detonation pinging.

If a new vehicle gas-cap door doesn't have a sticker saying that the higher octane rated gasoline isn't needed then there's zero advantage to using it.

I's actually worse gas for cars that don't need it, which isn't going to be able to be measured by us, but I still think it's kind of funny that out of
a million people, only about 6 know that the more expensive fuel is worse.

Marketing "teaches" people everything they "think" they know about science.

Back to the topic, a key observation is that we can port contacts easily if >> we "upload" them to "the cloud", but that's exactly what "they" want us to >> do.' Once it's on "the cloud", we have lost control of our contacts.

And, since our contacts are our friends and neighbors, it's like placing
everyone's data on a deck of cards and letting those cards blow in the wind >> around town for anyone else to pick up and use if they feel like it.

Sorry, I do not agree. They are still my contacts, and they are not
shared with google.

Well, do you use the Google GMail app on Android to get your email?
(Note: Gmail on iOS, is, surprise!, more private than GMail on Android.)

Bear in mind, out of a million people, only six actually test what GMail
does and I've tested it (and reported to the Android newsgroup years ago).

The *first* time you log into the Google GMail app on an Android phone,
Google *creates* the mothership account (if it's not already created), and,
in my tests, Google *AUTOMATICALLY UPLOADS* your contacts since you have no chance of unchecking the default setting until *after* that happens!

It has been years since I've tested that behavior in gory detail though,
but that's why I use FairEmail instead of Google's GMail on Android.

And there's (way) more than just Google's GMail which uploads contacts.
Do you have WhatsApp? Telegram? Signal? Facebook? Instagram? TikTok?
Snapchat? Microsoft Outlook? Yahhoo Mail? Truecaller? Hiya? Drupe?

Do you use any OEM cloud backup program (e.g., Samsung Cloud)?

Most people don't realize this but Gboard can read the contacts sqlite database, and that's "just a keyboard" (or so they think it is).

As I said many times, privacy is a million things, but most people only
know about half a dozen of those things which we are discussing here.

I'm not so concerned about "breach of contract" than about malefactors
getting a hold of it, but I'm not saying I know of any cases where
malefactors have harmed our friends and neighbors.

What I'm saying is simply that uploading ANYHTHING to the cloud is absurd
when you have no need to upload anything to the cloud when backing things
up from your Android phone to the Windows PC.

I do not agree. It is far more convenient, easier, safe enough, and
private enough.

The problem with "private enough" is that many entities have said the same thing, and, well, think about history and all the "surprise attacks" in it.

There's a long history of cloud-stored personal data being breached, and contacts/phone numbers are often part of what leaks. A few well-known
examples from just the last few years:

1. Facebook (2021)
A dataset containing ~533 million users' phone numbers, names, and
other profile details was scraped and published online. Many people
had their phone numbers exposed even if they never posted them
publicly, because Facebook uploaded and matched contacts from users'
phones.

2. LinkedIn (2021)
A scrape of ~700 million profiles was circulated online. While
LinkedIn called it "public data," the dataset included emails and
phone numbers that came from contact syncing.

3. WhatsApp / Meta (2022)
A database claiming to contain ~500 million WhatsApp user phone
numbers appeared for sale. WhatsApp relies heavily on uploading the
user's entire contacts list to Meta's servers for matching.

4. Microsoft (2023)
A misconfigured cloud endpoint exposed ~38 TB of internal data,
including employee information. Not contacts specifically, but a
reminder that even major cloud providers misconfigure storage.

5. Twilio (2022)
A breach allowed attackers to access customer phone numbers and
authentication data. Twilio powers many messaging apps, so phone
numbers stored in cloud systems were indirectly exposed.

6. Clubhouse (2021)
The app uploaded users' entire phone contact lists to its servers.
When their backend was scraped, millions of phone numbers were
exposed.

7. Google (multiple incidents)
While not a single catastrophic breach, Google has had repeated
incidents involving misconfigured cloud buckets, exposed datasets,
and unintended data sharing. And as noted earlier, the Gmail app
historically uploaded contacts automatically on first run.

These aren't hypotheticals. They're real-world examples showing that
once your contacts leave your device and enter "the cloud," they're
subject to breaches, scraping, misconfiguration, and resale.

That's why some of us prefer to keep the Android contacts SQLite database
empty and avoid cloud sync entirely. But I do agree it takes more effort.
--
There is no such thing as a "surprise attack" to a well-informed person.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Carlos E. R. <robin_listas@es.invalid> wrote:

On 2026-02-09 18:51, Maria Sophia wrote:

[...]

Back to the topic, a key observation is that we can port contacts easily if we "upload" them to "the cloud", but that's exactly what "they" want us to do.a Once it's on "the cloud", we have lost control of our contacts.

And, since our contacts are our friends and neighbors, it's like placing everyone's data on a deck of cards and letting those cards blow in the wind around town for anyone else to pick up and use if they feel like it.

Sorry, I do not agree. They are still my contacts, and they are not
shared with google.

As I said before, use of the term "the cloud" is just unsubstantiated
FUD, scare mongering, etc.. The "deck of cards blowing in the wind"
analogy is as laughable as dishonest (assuming it's not cluelessness).

As long as he keeps misrepresenting what's really happening, there's
just no point rehashing this (non-)issue till the cows come home.

What I'm saying is simply that uploading ANYHTHING to the cloud is absurd when you have no need to upload anything to the cloud when backing things up from your Android phone to the Windows PC.

I do not agree. It is far more convenient, easier, safe enough, and
private enough.

The real issue is of course not just backup of one's contacts, but
something quite different, but why call things by what they actually
are/do, when you can misrepresent them with FUD?

[...]
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Frank Slootweg wrote:

As long as he keeps misrepresenting what's really happening, there's
just no point rehashing this (non-)issue till the cows come home.

Hi Frank,

I get it that you can't resist throwing personal insults in every post even though I wasn't speaking with you and Carlos and I were talking science.

If you can't attack the facts, you attack the person speaking the facts. That's what you just did, Frank.

Please stop it with the personal attacks.

All I would ask of you, Frank, is please stop it with the untoward personal insults, especially as you couldn't attack the facts so you attacked the analogy (which was never meant to be taken literally as all the facts).

I repeat that I've asked you many times to stop it with the personal
insults, and I hope that we don't have to keep having this conversation.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Maria Sophia <mariasophia@comprehension.com> wrote:

Frank Slootweg wrote:

As long as he keeps misrepresenting what's really happening, there's
just no point rehashing this (non-)issue till the cows come home.

Hi Frank,

I get it that you can't resist throwing personal insults in every post even though I wasn't speaking with you and Carlos and I were talking science.

If you can't attack the facts, you attack the person speaking the facts.

Sigh! As a famous poster once said "Proving you wrong is not an
attack.".

There *were* no "personal insults". As said, you're misrepresenting
what is really happening. And it's *impossible. to "attack the facts",
because what you keep emitting, are misrepresenations, not facts.

Bottom line: Can't do the time, ...

So your next task is to (try to) describe what's *really* happening
with one's Contacts and Google systems. Carlos has already given a
number of clues.

[More of the same deleted.]
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Frank Slootweg wrote:

There *were* no "personal insults". As said, you're misrepresenting
what is really happening. And it's *impossible. to "attack the facts", because what you keep emitting, are misrepresenations, not facts.

Exactly which factual "misrepresentation" are you claiming you object to?

For example, I listed facts on DOpen Contacts and the older Simple Mobile Contacts are known to stay out of the default sqlite database and, which
are both known to export/import vcard and which both work with dialers and which work well with SMS/MMS apps. That's adding technical value.

Are you claiming you can add value in that part of the conversation?
If so, we all welcome you adding value to the actual conversation topic.

Q: Where in this contacts-privacy topic can/will you add technical value?
A: ?
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-09 19:50, Maria Sophia wrote:

Carlos E. R. wrote:

Marketing also "markets" it as "better", although, much like
Apple marketing is brilliant lies, they never actually say so outright.

We just have to trust the sales guy from the car company. "Just use
regular as long as they make it."

There was a decision to ditch regular, but it is always postponed.

Hi Carlos,

Just like with leaded gas, they can't just ditch the higher-octane-rated fuels without actually changing the engines, although truth be told, knock sensors retard timing nowadays when engines feel detonation pinging.

No, ditch the lower rated.

If a new vehicle gas-cap door doesn't have a sticker saying that the higher octane rated gasoline isn't needed then there's zero advantage to using it.

The maker recommends the higher, but the car adapts and the vendor
recommends the lower.

I did my own testing, based on mileage, and decided to stay on the lower.

I's actually worse gas for cars that don't need it, which isn't going to be able to be measured by us, but I still think it's kind of funny that out of
a million people, only about 6 know that the more expensive fuel is worse.

Marketing "teaches" people everything they "think" they know about science.

Back to the topic, a key observation is that we can port
contacts easily if we "upload" them to "the cloud", but that's
exactly what "they" want us to do.' Once it's on "the cloud", we
have lost control of our contacts.

And, since our contacts are our friends and neighbors, it's like
placing everyone's data on a deck of cards and letting those
cards blow in the wind around town for anyone else to pick up
and use if they feel like it.

Sorry, I do not agree. They are still my contacts, and they are not
shared with google.

Well, do you use the Google GMail app on Android to get your email?
(Note: Gmail on iOS, is, surprise!, more private than GMail on Android.)

Bear in mind, out of a million people, only six actually test what GMail
does and I've tested it (and reported to the Android newsgroup years ago).

The *first* time you log into the Google GMail app on an Android phone, Google *creates* the mothership account (if it's not already created), and, in my tests, Google *AUTOMATICALLY UPLOADS* your contacts since you have no chance of unchecking the default setting until *after* that happens!

Uploads to my account space. This is fine and I want it. Does not share it.

It has been years since I've tested that behavior in gory detail though,
but that's why I use FairEmail instead of Google's GMail on Android.

And there's (way) more than just Google's GMail which uploads contacts.
Do you have WhatsApp? Telegram? Signal? Facebook? Instagram? TikTok? Snapchat? Microsoft Outlook? Yahhoo Mail? Truecaller? Hiya? Drupe?

Do you use any OEM cloud backup program (e.g., Samsung Cloud)?

Most people don't realize this but Gboard can read the contacts sqlite database, and that's "just a keyboard" (or so they think it is).

As I said many times, privacy is a million things, but most people only
know about half a dozen of those things which we are discussing here.

You confuse privacy with secrecy. And you tell people having different
ideas they are rude. No, we are not!

I'm not so concerned about "breach of contract" than about malefactors
getting a hold of it, but I'm not saying I know of any cases where
malefactors have harmed our friends and neighbors.

What I'm saying is simply that uploading ANYHTHING to the cloud is
absurd when you have no need to upload anything to the cloud when backing >>> things up from your Android phone to the Windows PC.

I do not agree. It is far more convenient, easier, safe enough, and
private enough.

The problem with "private enough" is that many entities have said the same thing, and, well, think about history and all the "surprise attacks" in it.

There's a long history of cloud-stored personal data being breached, and contacts/phone numbers are often part of what leaks. A few well-known examples from just the last few years:

Then there will be fines. I did not share data nor breach confidence.
--
Cheers,
Carlos E.R.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Carlos E. R. wrote:

Just like with leaded gas, they can't just ditch the higher-octane-rated
fuels without actually changing the engines, although truth be told, knock >> sensors retard timing nowadays when engines feel detonation pinging.

No, ditch the lower rated.

Hi Carlos,

Well, what would the advantage of mandating worse & more-expensive gas be?

The octane rating is a measure of how resistant a fuel is to auto-igniting (knocking) under compression in an engine where Premium gasoline typically
has slightly lower energy per gallon than Regular (because the blend and ethanol used to raise octane lower the energy density at the same time).

Drivers would pay more for less
There's no advantage whatsoever (for cars that run fine on Regular).
No extra power, no better mileage, nothing.

Just higher costs for worse gas.

If a new vehicle gas-cap door doesn't have a sticker saying that the higher >> octane rated gasoline isn't needed then there's zero advantage to using it.

The maker recommends the higher, but the car adapts and the vendor recommends the lower.

I did my own testing, based on mileage, and decided to stay on the lower.

Check the BMW forums from about five or ten years ago where I ran extensive tests for a couple of years and there's no measurable benefit to Premium.

However, I would caution people who are scared to not run the test since
under high speed high load high heat conditions, the piezoelectric knock sensors might not be able to retard the timing enough to prevent knocking.

But nobody on the planet who knows anything about chemistry would ever
claim that you get better anything from premium gasoline for a vehicle that
is running correctly and which is designed for the regular gas blends.

It's not possible to get better anything with the wrong gas in the engine.

The *first* time you log into the Google GMail app on an Android phone,
Google *creates* the mothership account (if it's not already created), and, >> in my tests, Google *AUTOMATICALLY UPLOADS* your contacts since you have no >> chance of unchecking the default setting until *after* that happens!

Uploads to my account space. This is fine and I want it. Does not share it.

How do you know that Google will never be hacked?

Most people don't realize this but Gboard can read the contacts sqlite
database, and that's "just a keyboard" (or so they think it is).

As I said many times, privacy is a million things, but most people only
know about half a dozen of those things which we are discussing here.

You confuse privacy with secrecy. And you tell people having different
ideas they are rude. No, we are not!

I'm making a normative argument about courtesy, consent, and respect

Uploading someone else's personal information without their knowledge or consent is discourteous, regardless of the uploader's intentions or personality.

It's not about secrecy.
It's about respecting other people's control over their own data.

The behavior is discourteous
I could use the word "uncaring" though if that sounds better to everyone?

Just let me know which word you like best for the argument, which is about basic human decency for protecting other people's private information.

The problem with "private enough" is that many entities have said the same >> thing, and, well, think about history and all the "surprise attacks" in it. >>
There's a long history of cloud-stored personal data being breached, and
contacts/phone numbers are often part of what leaks. A few well-known
examples from just the last few years:

Then there will be fines. I did not share data nor breach confidence.

How do you know no company whom you interacted with won't be attacked?
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Maria Sophia <mariasophia@comprehension.com> wrote:

Frank Slootweg wrote:

There *were* no "personal insults". As said, you're misrepresenting
what is really happening. And it's *impossible. to "attack the facts", because what you keep emitting, are misrepresenations, not facts.

Exactly which factual "misrepresentation" are you claiming you object to?

That one's Contacts are stored "on the cloud"/"in the cloud" (i.e. meaningless FUD/scare-mongering), while
ignoring - or 'conveniently', dishonestly, silently, snipping - my/our arguments to the contrary.

I.e. like you've done again in this response of yours, ignoring and
silently snipping:

[Rewind/repeat:]

So your next task is to (try to) describe what's *really* happening
with one's Contacts and Google systems. Carlos has already given a
number of clues.

[End rewind/repeat.]

[Non relevant side-stepping/diversion deleted.]
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Frank Slootweg wrote:

Maria Sophia <mariasophia@comprehension.com> wrote:

Frank Slootweg wrote:

There *were* no "personal insults". As said, you're misrepresenting
what is really happening. And it's *impossible. to "attack the facts",
because what you keep emitting, are misrepresenations, not facts.

Exactly which factual "misrepresentation" are you claiming you object to?

That one's Contacts are stored "on the cloud"/"in the cloud" (i.e. meaningless FUD/scare-mongering), while
ignoring - or 'conveniently', dishonestly, silently, snipping - my/our arguments to the contrary.

I.e. like you've done again in this response of yours, ignoring and silently snipping:

[Rewind/repeat:]

So your next task is to (try to) describe what's *really* happening
with one's Contacts and Google systems. Carlos has already given a
number of clues.

[End rewind/repeat.]

[Non relevant side-stepping/diversion deleted.]

Hi Frank,

Brushing aside your personal insults including your ad hominem whataboutism veiled riddles used to avoid responsibility for your insults, I'm asking
you what facts I posted that you (not Carlos, Frank, you!) disagree with.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-09 23:34, Maria Sophia wrote:

Carlos E. R. wrote:

Just like with leaded gas, they can't just ditch the higher-octane-rated >>> fuels without actually changing the engines, although truth be told,
knock
sensors retard timing nowadays when engines feel detonation pinging.

No, ditch the lower rated.

Hi Carlos,

Well, what would the advantage of mandating worse & more-expensive gas be?

I don't remember. Having a single hose, for instance, saves money.

The octane rating is a measure of how resistant a fuel is to auto-igniting (knocking) under compression in an engine where Premium gasoline typically has slightly lower energy per gallon than Regular (because the blend and ethanol used to raise octane lower the energy density at the same time).

Drivers would pay more for less
There's no advantage whatsoever (for cars that run fine on Regular).
No extra power, no better mileage, nothing.

Just higher costs for worse gas.

If a new vehicle gas-cap door doesn't have a sticker saying that the
higher
octane rated gasoline isn't needed then there's zero advantage to
using it.

The maker recommends the higher, but the car adapts and the vendor
recommends the lower.

I did my own testing, based on mileage, and decided to stay on the lower.

Check the BMW forums from about five or ten years ago where I ran extensive tests for a couple of years and there's no measurable benefit to Premium.

However, I would caution people who are scared to not run the test since under high speed high load high heat conditions, the piezoelectric knock sensors might not be able to retard the timing enough to prevent knocking.

But nobody on the planet who knows anything about chemistry would ever
claim that you get better anything from premium gasoline for a vehicle that is running correctly and which is designed for the regular gas blends.

It's not possible to get better anything with the wrong gas in the engine.

The *first* time you log into the Google GMail app on an Android phone,
Google *creates* the mothership account (if it's not already
created), and,
in my tests, Google *AUTOMATICALLY UPLOADS* your contacts since you
have no
chance of unchecking the default setting until *after* that happens!

Uploads to my account space. This is fine and I want it. Does not
share it.

How do you know that Google will never be hacked?

Does not count.

Most people don't realize this but Gboard can read the contacts sqlite
database, and that's "just a keyboard" (or so they think it is).

As I said many times, privacy is a million things, but most people only
know about half a dozen of those things which we are discussing here.

You confuse privacy with secrecy. And you tell people having different
ideas they are rude. No, we are not!

I'm making a normative argument about courtesy, consent, and respect

Uploading someone else's personal information without their knowledge or consent is discourteous, regardless of the uploader's intentions or personality.
It's not about secrecy.
It's about respecting other people's control over their own data.

The behavior is discourteous
I could use the word "uncaring" though if that sounds better to everyone?

I disagree. I'm not sharing data, I'm just storing it in my cloud. And
keeping it private.

Just let me know which word you like best for the argument, which is about basic human decency for protecting other people's private information.

No, because I do not accept your point of it being rude. I am protecting
other people's private information.

The problem with "private enough" is that many entities have said the
same
thing, and, well, think about history and all the "surprise attacks"
in it.

There's a long history of cloud-stored personal data being breached, and >>> contacts/phone numbers are often part of what leaks. A few well-known
examples from just the last few years:

Then there will be fines. I did not share data nor breach confidence.

How do you know no company whom you interacted with won't be attacked?

Doesn't count.

How do you know that a bad person with not pick my house lock, enter,
and steal my hard disks? Or a pickpocket steal my phone while open and running?
--
Cheers,
Carlos E.R.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Maria Sophia <mariasophia@comprehension.com> wrote:

Frank Slootweg wrote:

Maria Sophia <mariasophia@comprehension.com> wrote:

Frank Slootweg wrote:

There *were* no "personal insults". As said, you're misrepresenting
what is really happening. And it's *impossible. to "attack the facts", >>> because what you keep emitting, are misrepresenations, not facts.

Exactly which factual "misrepresentation" are you claiming you object to?

That one's Contacts are stored "on the cloud"/"in the cloud" (i.e. meaningless FUD/scare-mongering), while
ignoring - or 'conveniently', dishonestly, silently, snipping - my/our arguments to the contrary.

I.e. like you've done again in this response of yours, ignoring and silently snipping:

[Rewind/repeat:]

So your next task is to (try to) describe what's *really* happening
with one's Contacts and Google systems. Carlos has already given a
number of clues.

[End rewind/repeat.]

[Non relevant side-stepping/diversion deleted.]

Hi Frank,

Brushing aside your personal insults including your ad hominem whataboutism veiled riddles used to avoid responsibility for your insults, I'm asking
you what facts I posted that you (not Carlos, Frank, you!) disagree with.

Sigh! What about my *first* paragraph, quoted above, of my previous
response? But let me repeat it for you:

That one's Contacts are stored "on the cloud"/"in the cloud" (i.e. meaningless FUD/scare-mongering), while
ignoring - or 'conveniently', dishonestly, silently, snipping - my/our arguments to the contrary.

Of course yours are *not* "facts", but that's what you posted and I/we 'disagree with'.

And please stop your whingeing about alleged "personal insults"! As I
said, there weren't any. If you think otherwise, then *quote* them. Good
luck with that.

And as you still failed to come up witth thhe goods, here it's again,
for the *third* time:

[Rewind/repeat:]

So your next task is to (try to) describe what's *really* happening
with one's Contacts and Google systems. Carlos has already given a
number of clues.

[End rewind/repeat.]

--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Frank Slootweg wrote:

That one's Contacts are stored "on the cloud"/"in the cloud" (i.e.
meaningless FUD/scare-mongering), while
ignoring - or 'conveniently', dishonestly, silently, snipping - my/our
arguments to the contrary.

Of course yours are *not* "facts", but that's what you posted and I/we 'disagree with'.

Hi Frank,

Speak for yourself please.

There is one "fact" that you need to comprehend at the technical level.
If you comprehend that fact, then you should state that fact here & now.

Since I wouldn't ask you to state a fact that I wouldn't state myself,
I'll answer the question below and then ask you the *same* question.

Q: Where are all my Android mobile-device contacts actually stored?
A: They were stored in /data/data inside the "Conversation settings"
field in the last-known-good-version of PulseSMS but I've moved them
to the internal storage of DOpen Contacts & into a Windows vCard file.
My Android Contacts.db is empty and therefore nothing is "on the cloud".

You can dispute what "on the cloud" means until the end of time, but what
it means is not on your personal devices anymore so that you lost control.

Speaking for myself, uploading someone else's personal information without their knowledge or consent is inherently discourteous regardless of the uploader's intentions. You may or may not be as caring as I am on that.

The privacy decency point is I know exactly where my contacts are stored.
Now let's ask you to answer the same question of fact that I just did.

Q: Where are all *your* Android mobile-device contacts actually stored?
A: ?
--
I'm making a normative argument about courtesy, consent and basic respect.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-10 14:03, Maria Sophia wrote:

Frank Slootweg wrote:

-a That one's Contacts are stored "on the cloud"/"in the cloud" (i.e.
meaningless FUD/scare-mongering), while
ignoring - or 'conveniently', dishonestly, silently, snipping - my/our >>>> arguments to the contrary.

-a Of course yours are *not* "facts", but that's what you posted and I/we
'disagree with'.

Hi Frank,

Speak for yourself please.

There is one "fact" that you need to comprehend at the technical level.
If you comprehend that fact, then you should state that fact here & now.

Since I wouldn't ask you to state a fact that I wouldn't state myself,
I'll answer the question below and then ask you the *same* question.

Q: Where are all my Android mobile-device contacts actually stored?
A: They were stored in /data/data inside the "Conversation settings"
field in the last-known-good-version of PulseSMS but I've moved them
-a to the internal storage of DOpen Contacts & into a Windows vCard file.
-a My Android Contacts.db is empty and therefore nothing is "on the cloud".

You can dispute what "on the cloud" means until the end of time, but what
it means is not on your personal devices anymore so that you lost control.

Speaking for myself, uploading someone else's personal information without their knowledge or consent is inherently discourteous regardless of the uploader's intentions. You may or may not be as caring as I am on that.

The privacy decency point is I know exactly where my contacts are stored.
Now let's ask you to answer the same question of fact that I just did.

Q: Where are all *your* Android mobile-device contacts actually stored?
A: ?

In our phones, with a copy in our private area of google servers. Under
our control.
--
Cheers,
Carlos E.R.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Carlos E. R. wrote:

Well, what would the advantage of mandating worse & more-expensive gas be?

I don't remember. Having a single hose, for instance, saves money.

Hi Carlos,

As you can see from my photo, there is only one hose even when they have multiple grades of gasoline at the pump (where Costco has only 2 grades).
<https://i.postimg.cc/L4VxGBW7/gascans.jpg>

As you know, I live in the boonies above Silicon Valley where they don't
want us to live, so we have 40-acre zoning to keep the houses far apart.

Being far from the nearest gasoline station, and loving the best gas I can
get for the least price, I built my own gas station at home, which I've discussed at length with OSHA, CARB, the CHP, the Fire Marshall & zoning
folks so as to be safe in transport, storage & refueling at home.

With respect to hoses, California law requires that all *retail* gas
stations use CARB-certified Phase II vapor recovery systems when
transferring gasoline from the station's storage tank into a vehicle.
These systems must be tested and certified by the California Air Resources Board (CARB) to meet strict engineering and emissions standards.

This is why retail California gas-hose nozzles will likely have...
a. A rubber boot or bellows
b. A vapor-return pathway
c. Automatic shutoff mechanisms tuned to vapor pressure

While these are not required for my home gasoline refueling station, I do
have an electrical automatic shutoff gas pump which meets all standards.

But to your point, they're not expensive (although I get most of my stuff nowadays free from Amazon Vine anyway) and you still need only one nozzle
for as many grades of (non-leaded) gasoline that the gas pump can serve.

Uploads to my account space. This is fine and I want it. Does not
share it.

How do you know that Google will never be hacked?

Does not count.

Hmmm... I listed in a prior post something like a dozen outfits that grab
(or can grab) your contacts. How do you know they'll all never be hacked?

Rest assured I am nothing like the next million people you know, in that I think extremely deeply about what I'm doing when I use a mobile device with Windows, in that I back up my devices completely privately in all respects.

People who think "I'm not sharing it, I'm just storing it in my cloud,"
don't ever seem to be able to comprehend that cloud storage is inherently shared with a third party, and therefore carries risks we cannot control.

Hence, I'm trying to articulate something that is obvious to me but which
is apparently subtle to the next million people but it's still important.

Choosing to keep contacts only on our devices (e.g., with Dopen Contacts + local vCard storage on Android) is not paranoia, but a very respectful and intelligent form of protecting other people's data from 3rd-party access.

The behavior is discourteous
I could use the word "uncaring" though if that sounds better to everyone?

I disagree. I'm not sharing data, I'm just storing it in my cloud. And keeping it private.

If you really think handing the personal data of everyone around you to
just about anywhere that asks for it is not being discourteous, then we
really can't discuss this further as to me, that's a basic starting point.

Just let me know which word you like best for the argument, which is about >> basic human decency for protecting other people's private information.

No, because I do not accept your point of it being rude. I am protecting other people's private information.

Third-party involvement changes the ethics of handling other people's data.
You can't protect it once you give it to a 3rd party. Nobody can.

Which is people are likely doing if it's stored in the Android contacts db.

How do you know no company whom you interacted with won't be attacked?

Doesn't count.

How do you know that a bad person with not pick my house lock, enter,
and steal my hard disks? Or a pickpocket steal my phone while open and running?

It's about respect.
And consent.

When I store my contacts locally on Android (e.g., in the DOcontacts app or
in a Vcard file on Windows), I'm being respectful. Those phone numbers and email addresses belong to other people, not me. If I upload them to a cloud service, I'm giving a third party access to other people's personal data without their consent. I can't guarantee that company won't be hacked,
sold, subpoenaed, or change its policies. Keeping contacts on my devices
avoids involving anyone else in issues with third-party privacy flaws.

Of which I already showed you in another post, there are quite a few.
How do you know there will never again be another flaw exploited?

It's about respect & consent for other people's private information.
--
Uploading someone else's personal information without their knowledge or consent is inherently discourteous regardless of the uploader's intentions.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Carlos E. R. wrote:

Q: Where are all *your* Android mobile-device contacts actually stored?
A: ?

In our phones, with a copy in our private area of google servers. Under
our control.

Hi Carlos,

Thanks for hazarding a guess as I am aware it's risky to talk fact here.

Let's see what Frank's answer is, as the answer you gave is not correct.
Since I respect you, I already explained why in a post to you moments ago.

Let's wait for Frank's answer to the very simple factual question below:


Q: Where are all *your* Android mobile-device contacts actually stored?
A: ?
--
It's about respect & consent for other people's private information.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Maria Sophia <mariasophia@comprehension.com> wrote:

Frank Slootweg wrote:

That one's Contacts are stored "on the cloud"/"in the cloud" (i.e.
meaningless FUD/scare-mongering), while
ignoring - or 'conveniently', dishonestly, silently, snipping - my/our >>> arguments to the contrary.

Of course yours are *not* "facts", but that's what you posted and I/we 'disagree with'.

Hi Frank,

Speak for yourself please.

There is one "fact" that you need to comprehend at the technical level.
If you comprehend that fact, then you should state that fact here & now.

Since I wouldn't ask you to state a fact that I wouldn't state myself,
I'll answer the question below and then ask you the *same* question.

Q: Where are all my Android mobile-device contacts actually stored?

That wasn't the/my question. So I'll just repeat it, for the *fourth*
time:

[Rewind/repeat:]

So your next task is to (try to) describe what's *really* happening
with one's Contacts and Google systems. Carlos has already given a
number of clues.

[End rewind/repeat.]

See the "one's" bit!? We are not interested in what you do with your Contacts. but what's common on Android phones.

[...]

You can dispute what "on the cloud" means until the end of time, but what
it means is not on your personal devices anymore so that you lost control.

1) They're not "on the cloud", 2) they are still (also) on one's
"personal device(s)" and 3) one has *not* lost control in any way,
that's *your* FUD/scare-mongering.

As been indicated before, *no way* that Google would risk a fine of
upto 6% of their global annual turnover by taking away one's control
over one's contacts.

Speaking for myself, uploading someone else's personal information without their knowledge or consent is inherently discourteous regardless of the uploader's intentions. You may or may not be as caring as I am on that.

As Carlos already mentioned, one's contacts are also stored in other
more or less controlled places, without any need for the contact's
knowledge or consent. If someone gives you their contact details, you
can use those details for their intended purpose, as long as you don't 'publish' them in any way. And that care *is* obviously exercised in
this case.

Quite some time ago, we had the same (non-)discussion about e-mail.
Guess what? You're 'violating' your contacts' privacy by putting their
(names and) e-mail addresses "on the cloud"!

The privacy decency point is I know exactly where my contacts are stored.
Now let's ask you to answer the same question of fact that I just did.

Q: Where are all *your* Android mobile-device contacts actually stored?
A: ?

Carlos already answered it and very well and succinctly, so I'll just
repeat it:

<Carlos>
In our phones, with a copy in our private area of google servers. Under
our control.
</Carlos>

QED.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Frank Slootweg wrote:

The privacy decency point is I know exactly where my contacts are stored.
Now let's ask you to answer the same question of fact that I just did.

Q: Where are all *your* Android mobile-device contacts actually stored?
A: ?

Carlos already answered it and very well and succinctly, so I'll just repeat it:

<Carlos>
In our phones, with a copy in our private area of google servers. Under
our control.
</Carlos>

Hi Frank,

Thanks for hazarding a guess as to what the answer to the question is.
I am well aware it's scary to answer factual questions on Usenet.

Unfortunately, the explanation you gave leaves out an important part since even if contacts are stored locally and synced to Google, that's only one
tiny part of the picture. Any app with contact access can upload that data
to its own servers, and many do. WhatsApp, Facebook Messenger, Telegram, Signal (for contact discovery), LinkedIn and many others all do this.

And it's not just messaging apps. Contact managers, SMS apps, RCS clients, dialer replacements, email apps, sharing apps and even spam-blocking or caller-ID apps routinely upload contact information. They use it for
matching, spam detection, 'smart' suggestions, syncing or building their
own databases. Once you grant access to any app on Android, there's no technical way to verify where that data goes or how long it's kept."

That's why saying 'my contacts are only on my phone and Google' isn't
accurate in practice. But since you were brave enough to answer the
question (which I knew ahead of time how you would answer it), allow me to
be brave enough to point out on my own system how many apps that may be.

adb shell pm list permissions -g -d | grep CONTACTS

group:android.permission-group.CONTACTS
permission:android.permission.WRITE_CONTACTS
permission:android.permission.READ_CONTACTS
This prints every package entry where READ_CONTACTS appears in the granted permissions list where the second command below gives cleaner output.

This dumps too much information:

adb shell dumpsys package | findstr /R /C:"Package \[" /C:"grantedPermissions" /C:"READ_CONTACTS"

Where on Windows we're looking for apps with permission granted.
android.permission.READ_CONTACTS: granted=true

We care about lines containing Package [ & granted=true & READ_CONTACTS

adb shell dumpsys package | findstr /R "Package \[" > pkgs.txt & adb shell dumpsys package | findstr "READ_CONTACTS" | findstr "granted=true" > granted.txt & for /f "tokens=2 delims=[]" %A in ('findstr /G:granted.txt pkgs.txt') do @echo %A

But that is so horrible that I had to drop down into PowerShell syntax.

type extract_contacts.bat

@echo off
:: extract_contacts.bat
powershell -ExecutionPolicy Bypass -File extract_contacts.ps1
pause

This should work but I just can't get the syntax right.
C:\ type extract_contacts.ps1
# extract_contacts.ps1
# version 1p0 20260210
# a. Runs adb shell dumpsys package
# b. finds each package block
# c. checks whether that block contains READ_CONTACTS and granted=true
# d. prints only the package names that actually have contact access
# Run using a batch script that calls this powershell script
# @echo off
# :: extract_contacts.bat
# powershell -ExecutionPolicy Bypass -File extract_contacts.ps1
# pause
# version 1p1 20260210
# Had to completely rewrite it as powershell hates white space
# version 1p2 20260210
# Fixed regex patterns so they're each only a single line
# version 1p3 20260210
# Fixed regex so it matches... <space><space>Package [
# version 1p4 20260210
# Added... $blocks = $blocks[1..($blocks.Count - 1)]
# To remove headerless garbage block that contains permission lines
# This takes into account the split pattern, the indentation issue,
# the junk first block, the name extraction and the grant filter out of
# C:\> adb shell dumpsys package
# version 1p5 20260210
# Needed to trim in the for loop

$packages = adb shell dumpsys package

# Regex patterns stored safely in variables
$splitPattern = ' Package \['
$grantPattern = 'android\.permission\.READ_CONTACTS: granted=true'
# $namePattern = '^(.*?)\]'
# $namePattern = '^(?!android\.permission)(.*?)\]'
$namePattern = '^([^\]]+)\]'

# Split into blocks per package
$blocks = $packages -split $splitPattern
$blocks = $blocks[1..($blocks.Count - 1)]

foreach ($block in $blocks) {
$block = $block.TrimStart()
if ($block -match $grantPattern) {
if ($block -match $namePattern) {
$pkg = $matches[1].Trim()
Write-Output $pkg
}
}
}
# end of extract_contacts.ps1


This is what is working, so far, from Windows to Android:
1. adb shell dumpsys package runs correctly.
$packages contains the full dump.
2. The split produces multiple blocks.
$blocks is an array with many entries.
3. The junk first block is removed correctly.
$blocks = $blocks[1..(...)] works.
4. The READ_CONTACTS filter works correctly.
$grantPattern matches exactly the lines you see.
5. The loop runs and prints matches.
The script is executing the intend
But this isn't working so I'm gonna try something else.

6. The package-name regex never matches the package header.
Not even once. $matches[1] is never the package name.

7. The split pattern does not match the real indentation.
The dump uses non-ASCII whitespace (tabs, NBSP, Unicode spaces).
PowerShell treats these differently than ASCII spaces.

8. Because the split is wrong, each block is missing the package header line.
The block starts after the package name.
Therefore the name regex never sees the package name.

9. The name regex falls back to the next line containing a closing bracket.
The first such line is always:
android.permission.READ_CONTACTS: granted=true, flags=...

10. Trimming does not fix the issue.
TrimStart does not remove leading newlines inside multi-line strings.
The package name still never appears at the start of the block.

So I'm gonna drop back to a purely manual method since my goal
was to provide everyone with a script that told them what they
don't know until they look what has the read permissions.

I wrote this just now from 'muscle memory' (aka finger memory)...
1. adb shell dumpsys package > dump.txt
2. gvim dump.txt
3. Set it to a case-sensitive search & not to wrapscan
:set noignorecase
:set nowrapscan
4. (mark the top line)
ma
5. (search for READ_CONTACTS: granted=true)
/READ_CONTACTS: granted=true
6. Scroll up looking for Package [something.here] (somehex):
?Package [
7. Jump one line above and delete to the a mark
kd'a
8. Jump one line below and mark a again
jma
9. Write the file and rinse/repeat
10. Output the final results below

I have 80 packages with READ_CONTACTS: granted=true.

Do I know what every single one of them is doing with it?
Nope.

Q: How many do you have?
A: ?
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Maria Sophia <mariasophia@comprehension.com> wrote:

Frank Slootweg wrote:

The privacy decency point is I know exactly where my contacts are stored. >> Now let's ask you to answer the same question of fact that I just did.

Q: Where are all *your* Android mobile-device contacts actually stored?
A: ?

Carlos already answered it and very well and succinctly, so I'll just repeat it:

<Carlos>
In our phones, with a copy in our private area of google servers. Under
our control.
</Carlos>

Hi Frank,

Preamble: I noticed that you conveniently ignored/snipped the e-mail
analogy. Wonder why that is?

Thanks for hazarding a guess as to what the answer to the question is.
I am well aware it's scary to answer factual questions on Usenet.

Not scary at all.

Unfortunately, the explanation you gave leaves out an important part since even if contacts are stored locally and synced to Google, that's only one tiny part of the picture. Any app with contact access can upload that data to its own servers, and many do. WhatsApp, Facebook Messenger, Telegram, Signal (for contact discovery), LinkedIn and many others all do this.

For WhatsApp that's false. It has been debunked many times and what
WhatsApp *actually* does is documented in its legal documents. But it's
*so* much nicer to keep repeating the FUD, scare-mongering, urban
legends, etc., isn't it!? :-(

I assume that Telegram, Signal, etc. use similar privacy-protecting
measures. Why would they be dumber than WhatsApp?

Don't know about Facebook and the like, wouldn't touch them with a
30-feet pole.

And it's not just messaging apps. Contact managers, SMS apps, RCS clients, dialer replacements, email apps, sharing apps and even spam-blocking or caller-ID apps routinely upload contact information. They use it for matching, spam detection, 'smart' suggestions, syncing or building their
own databases. Once you grant access to any app on Android, there's no technical way to verify where that data goes or how long it's kept."

I use only very few of those and the ones which I do use, do not
*have* a 'mothership' to upload to. Sorry.

That's why saying 'my contacts are only on my phone and Google' isn't accurate in practice. But since you were brave enough to answer the
question (which I knew ahead of time how you would answer it), allow me to be brave enough to point out on my own system how many apps that may be.

[Lots and lots deleted.]

I have 80 packages with READ_CONTACTS: granted=true.

Do I know what every single one of them is doing with it?
Nope.

Q: How many do you have?
A: ?

16 of which only 4 actively used the Contact permission in the last
week) and 1 of those 4 probably does not the permission.

The ones which have the Contacts permission, but do not use it, are
mostly unused (by me) apps. So if I were paranoid, I could remove the permission. As I set all permissions to 'while using the app' (unless I want/need features which require the permission to be always on, there's
little incentive to close a hole which is already closed.

Oh, and the 3 which have and need the Contacts permission are
WhatsApp, Messages and Contacts. Wow! I must run and warn my contacts
that all their private information is "on the cloud"! I'm sure they will
be devastated and severely annoyed by my carelessness and sloppiness!
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-10 19:49, Maria Sophia wrote:

Frank Slootweg wrote:

The privacy decency point is I know exactly where my contacts are
stored.
Now let's ask you to answer the same question of fact that I just did.

Q: Where are all *your* Android mobile-device contacts actually stored?
A: ?

-a Carlos already answered it and very well and succinctly, so I'll just
repeat it:

<Carlos>
In our phones, with a copy in our private area of google servers. Under
our control.
</Carlos>

Hi Frank,

Thanks for hazarding a guess as to what the answer to the question is.
I am well aware it's scary to answer factual questions on Usenet.

Unfortunately, the explanation you gave leaves out an important part
since even if contacts are stored locally and synced to Google, that's
only one tiny part of the picture. Any app with contact access can
upload that data to its own servers, and many do. WhatsApp, Facebook Messenger, Telegram, Signal (for contact discovery), LinkedIn and many others all do this.

Not to my knowledge.


...
--
Cheers,
Carlos E.R.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Frank Slootweg wrote:

Do I know what every single one of them is doing with it?
Nope.

Q: How many do you have?
A: ?

16 of which only 4 actively used the Contact permission in the last
week) and 1 of those 4 probably does not the permission.

Hi Frank,

Since I'm being nice, I'll just say that you're almost certainly wrong.

:)

But even if you're not wrong, the point is most people might not be as
aware as you are in terms of the number of apps with contact permission.

where grep

Reported:
C:\app\telecom\whatsapp\WhatsApp-Key-DB-Extractor-master\bin\grep.exe

Dump the package list (this is 205,996 lines)
adb shell dumpsys package > dump.txt

Extract all package names: (this is 1090 lines)
grep -o "Package \[[^]]*\] " dump.txt > pkgs.txt

Clean up package names:
gvim pkgs.txt
Remove the stuff before the package name
:%s/^Package \[//
Remove the stuff after the package name
:%s/\].*//
Now I have a file of 1090 package names.

READ_CONTACTS is one of the most sensitive permissions on the device.
It exposes:
a. names
b. phone numbers
c. emails
d. physical addresses
e. notes
f. organization info
g. relationship tags
h. custom fields
i. and sometimes even photos
And it exposes all of that for every person we know, not just us.

The fact remains that Android's permission model is layered and messy.
Apps can get contact access because:
a. they're system apps
b. they're carrier apps
c. they're messaging apps
d. they're backup/sync apps
e. they're calendar apps
f. they're dialer/phone apps
g. they're OEM-bundled utilities
h. they're role-based apps (e.g., default SMS app)
i. they're granted by default on first boot
j. they're granted by the user without realizing it

Extract all 79 READ_CONTACTS granted lines
grep -Ff pkgs.txt dump.txt | grep "READ_CONTACTS: granted=true" > read.txt

The only missing piece is:
Which package names correspond to those 79 permission lines?
Drat. That's not easy. There's no relationship other than the
Package name is some random number of lines above the permission.

Sigh. Here are just some of the 79 apps with read permission.
gvim dump.txt
:A%s/READ_CONTACTS: granted=true

Search for the read permission is true
/READ_CONTACTS: granted=true
Go up one line (k)
Mark b (mb)
Search upward for Package name
?Package [
Go down one line (j)
and delete to b (d'b)
Go up one line and mark a (k)(ma)

Package [com.samsung.android.app.galaxyfinder] (a71cb6d):
android.permission.READ_CONTACTS: granted=true, flags=[
GRANTED_BY_DEFAULT]

Package [com.pw.wifishortcut] (f1607f0):
android.permission.READ_CONTACTS: granted=true, flags=[ GRANTED_BY_DEFAULT|USER_SENSITIVE_WHEN_GRANTED|USER_SENSITIVE_WHEN_DENIED]

Package [com.samsung.android.calendar] (7f5fd1f):
android.permission.READ_CONTACTS: granted=true, flags=[ GRANTED_BY_DEFAULT|USER_SENSITIVE_WHEN_GRANTED|USER_SENSITIVE_WHEN_DENIED]

Package [com.sec.android.app.bluetoothagent] (e3cd03a):
android.permission.READ_CONTACTS: granted=true, flags=[
GRANTED_BY_DEFAULT]

Package [com.srowen.bs.android] (61fd1af):
android.permission.READ_CONTACTS: granted=true, flags=[ REVOKED_COMPAT|REVIEW_REQUIRED|USER_SENSITIVE_WHEN_GRANTED|USER_SENSITIVE_WHEN_DENIED]

Package [com.teslacoilsw.launcher] (691f490):
android.permission.READ_CONTACTS: granted=true, flags=[ REVOKED_COMPAT|REVIEW_REQUIRED]

Package [ru.perm.trubnikov.gps2sms] (12e629):
android.permission.READ_CONTACTS: granted=true, flags=[ USER_SET|USER_SENSITIVE_WHEN_GRANTED|USER_SENSITIVE_WHEN_DENIED]
android.permission.READ_CONTACTS: granted=true, flags=[ REVOKED_COMPAT|REVIEW_REQUIRED]

Package [com.samsung.android.messaging] (5617264):
android.permission.READ_CONTACTS: granted=true, flags=[ GRANTED_BY_DEFAULT|USER_SENSITIVE_WHEN_GRANTED|USER_SENSITIVE_WHEN_DENIED]
android.permission.READ_CONTACTS: granted=true, flags=[
GRANTED_BY_DEFAULT]

Package [com.google.android.as] (7253597):
android.permission.READ_CONTACTS: granted=true, flags=[ USER_SENSITIVE_WHEN_GRANTED|GRANTED_BY_ROLE]

Package [com.google.android.gm] (268efa2):
android.permission.READ_CONTACTS: granted=true, flags=[
GRANTED_BY_DEFAULT]
android.permission.READ_CONTACTS: granted=true, flags=[
GRANTED_BY_DEFAULT]

... snip ...

The point of this exercise is that there are plenty of apps which have permission to read your contacts, and, if you're not aware of all of them
and what they're doing with your contacts, then we can't say, for sure,
that we're protecting the privacy of our family & closest friends.

Remember, in "my" case, the contacts database is empty.
So even with read permission, they get to read nothing.

But are most people as aware of privacy as I am and, even if they are,
are they as considerate to their fellow friends & family as I am
by thinking ahead about this problem instead of ignoring it?
--
The people who deprecate privacy are always those who don't understand it.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android


Carlos E. R. wrote:

Unfortunately, the explanation you gave leaves out an important part
since even if contacts are stored locally and synced to Google, that's
only one tiny part of the picture. Any app with contact access can
upload that data to its own servers, and many do. WhatsApp, Facebook
Messenger, Telegram, Signal (for contact discovery), LinkedIn and many
others all do this.

Not to my knowledge.

Hi Carlos,

Thanks for hazarding a guess as I know how brutal Usenet can be on that.

I'll wager that if you run this Android debug command from your PC
adb shell dumpsys package > dump.txt
And if you search for the packages that "can" read your contacts
"READ_CONTACTS: granted=true"
You'll realize there are a lot of apps which have read permission.

In my case, there were 79 read permissions that were true, but there are duplicates and I have over 600 user-installed apps (1090 in toto).

So you won't have as many as I have, but it's gonna be a lot more than just google which ... let's be clear... is my main point about privacy.

Any app with READ_CONTACTS can upload your entire address book to its own servers. Yet most people have no idea how many apps on their phone have
that read permission.

Even I didn't know, until I ran that test myself for Frank's benefit.

Since I'm a caring and courteous person to my friends, family and
neighbors, the number doesn't matter for me because I have an empty
contacts database, so they don't get anything even if they try.


But my main privacy edification point for others who think Google is the
only one out there with read access to our contacts, it's not.

There are lots of apps (in most cases) which can read your contacts.

And syncing our contacts to Google is only one small piece of the privacy picture anyway. The real issue is that many apps on a typical Android phone have READ_CONTACTS permission, and any one of them can upload our entire address book to their own servers.

Most people never check this, and they don't realize how many apps have
access. Even I never checked it until today (because my contacts db is
empty so it didn't matter).

My recommendation is to check it yourself to see which apps on your Android phone have read access to your contacts database. It's not just GMail.
--
As always, anyone can run the low-privacy highly-marketing solutions,
but it takes technical knowledge to run the high-privacy techniques.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Jeff Layman wrote:

On 10/02/2026 21:56, Alan wrote:

On 2026-02-10 13:51, Maria Sophia wrote:

I have 78 or 79, including system apps that have read permission to my
contacts, although none of them can get even a single contact from me.

How in the hell does that sentence make sense?
Can someone help me out here?

From what I remember has been previously written, there are no contact names stored anywhere on Maria Sophia's phone. I guess it means that
when a message is received (eg email or SMS), and the Contacts app
offers to store the senders name as a contact, that offer is refused
every time.

The contacts could instead be stored in a text file with email addresses
and phone numbers next to them.

BICBW

Hi Jeff Layman,

Long time no see. Good to hear from you again on the Android newsgroup!

Can you please check how many apps (including system apps!) can read your contacts database for this group-wide survey. Just make sure you include
system apps because most people don't realize they abound on Android.

The act of storing other people's information on a smartphone is not a
private act as it's a shared responsibility steeped in courtesy & respect.

People who THINK about privacy know which tools are privacy aware, whereas people who just do what the marketing organizations tell them to do, can't.

I use a privacy-respecting contacts app because it keeps my friends' and family's information out of the 70+ apps on my phone that have permission
to read the system contacts sqlite database via Contacts ContentProvider.
</data/data/com.android.providers.contacts/databases/contacts2.db>

Most people would claim they only have a half dozen or so, but nobody who claims that small a number ever has any idea whatsoever how to even check.

They just guess.
They think the GUI is going to tell them the truth.
Settings > Security and privacy > Privacy > Permission manager > Contacts

It won't.
It can't.

For a whole bunch of reasons that I will spare you as this is long already.

On my Android 13 Samsung A32-5G, that calls this tightly wrapped intent.
[com.google.android.permissioncontroller/com.android.permissioncontroller.permission.ui.ManagePermissionsActivity]
Which is an internal non-public activity inside Android's Permission
Controller that displays the list of apps with access to Contacts
{android.permission.READ_CONTACTS: granted=true}

ManagePermissionsActivity only shows the effective permission state for the current user while adb dumpsys package shows all internal permission states

adb shell dumpsys package > dump.txt (two-hundred thousand lines!)

While dumpsys outputs the truth, the GUI is not designed to tell the truth. That's why in this thread I used adb dumpsys to get at the truth.

And the fact my phone has over 70 apps with read permission on the contacts
is meaningless on my phone because I'm rather intelligent about my setup.

It's impossible for any app on the planet to get to my contacts even if
they have full read permission, because my sqlite database is empty.

On purpose.
Although I could populate it with false data using apps designed for that.
Fake Contacts, MIT License, by Bill Dietrich
<https://f-droid.org/en/packages/me.billdietrich.fake_contacts/>
"The idea is to feed fake data to any apps or companies who are copying
our private data to use or sell it. This is called data-poisoning."

But I've kept my contacts database empty for years, and I can use a phone
as well or better than anyone else on the planet in terms of communication.

That's what respect for people & courtesy looks like in the digital world.

I know of you so I know you don't think always the way you're told to think (e.g., when we discussed the "fused provider" years ago as one example).

So I'm hoping you understand that it's a mark of respect to preserve the sanctity of privacy as contacts are NOT our data to share to 3rd parties.

Contacts are other people's private information. Treat them as such.
Contacts are not ours to share on the Internet without express permission.

The fundamental way most people store contacts privately is they use apps
which are specifically sandboxed so that no other apps can get the data.

Hence a privacy-respecting contacts app stores its data in its own sandbox.
a. Other apps cannot access that sandbox.
b. Therefore, our contacts remain private.

These FOSS apps are designed by intelligent people who care very much about privacy, so they're not like the standard Google apps which do not.

A FOSS privacy-aware contacts app is "DOpen Contacts" for example.
*DOpen Contacts* (Dialer + Open Contacts)
<https://f-droid.org/en/packages/opencontacts.open.com.opencontacts/>
<https://gitlab.com/sultanahamer/OpenContacts> debug APK available
"Even though we are not having any problem sharing our mobile number
with all third parties, people in our phone book might have.
We should not be sharing their contact information online.
This app saves contacts in its own database separate from android
contacts. This way no other app would be able to access contacts.
Can be used in place of your default phone(dialer) app.
It can import contacts from vCard files.
So we can export Android contacts and import into this app.
Maintains call log as well.
Also shows the person's name upon receiving call"

It's used by people who are courteous to others because it stores the
contacts in its own database that the other 50 or so apps can't get to.
--
The obvious answer is often the one marketing provides for you which
means that it's rarely (if ever) the most private way to do the task.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Maria Sophia wrote:

But to your point, they're not expensive (although I get most of my stuff nowadays free from Amazon Vine anyway) and you still need only one nozzle
for as many grades of (non-leaded) gasoline that the gas pump can serve.

Note that your Amazon browsing history tells you what you've been offered.
<https://www.amazon.com/gp/history>

Here is an example of free product you can choose from Vine to review:
<https://www.amazon.com/Koarigo-Receiver-Minivans-Capacity-Tiltable/dp/B0FDQ7MNB1/>

Here is another example, that I selected, but it hasn't been shipped yet.
<https://www.amazon.com/AZKORION-Oversized-Camping-Portable-Supports/dp/B0GD1ZVD5M/>

Amazon populates a section for us called "just for you" based on our habits
<https://www.amazon.com/Camping-Waterproof-Hammock-Shelter-Without/dp/B0FGXFL53G/>

Someone once asked what the "rules" were for the Amazon Vine reviews, where Amazon "invites" only the best reviewers to test out free product to the
tune of up to a few hundred thousand dollars (potential) per year.
<https://www.amazon.com/vine/about>

Here is the verbatim description that only Amazon Vine reviewers get in
their messages field (since the Amazon Vine link is a separate page).
<https://www.amazon.com/vine/help#reviewqualityscore>

Welcome to Amazon Vine Help

How Does It Work
What is Amazon Vine?
Amazon Vine is a program that enables a select group of Amazon customers to post opinions about newly released items to help their fellow customers
make educated buying decisions. Customers are invited to become Amazon Vine Voices based on the trust they have earned in the Amazon community for
writing accurate and insightful reviews. Amazon Vine provides members with free copies of products that have been submitted to the program by participating brands. Since Voices will receive access to products that are not yet available on the market, their opinions may be among the first
posted on a productrCOs detail page. Amazon does not influence the opinions
of Amazon Vine members, nor do we modify or edit their reviews.
How do I access my Amazon Vine account?
Your account can be accessed on https://www.amazon.com/vine or by
copy-pasting the URL directly into your browser.
Am I a member?
Access is granted to the Vine program based on your standing in the Amazon reviewer community. If you missed your invitation e-mail and want to
determine if you have access to the vine program, visit https://www.amazon.com/vine. Once you have completed the Participation Agreement and Tax Questionnaire, you will be a Vine Member and receive a
Vine Member badge. If you have multiple accounts, the one with the highest reviewer ranking is most likely to have been invited.
Can I invite my friends to the program?
At this time, participation in Amazon Vine is limited to select customers
who have been invited to join the program.
Will Amazon share my contact information with participating brands? Amazon.comrCOs Privacy Notice applies to your participation in the program
and describes our practices regarding collection and use of personal information. Amazon does not share your identity or contact details to any product suppliers who participate in the program without your permission.
Who will be sending me the Amazon Vine products?
Amazon Vine product will be delivered straight from Amazon.com.
May I share products I receive from Amazon Vine with my friends and family?
Per the Amazon Vine Terms and Conditions, you may not sell or give
possession of the products to any other person or entity for six months following your order.
How does the review policy work?
We understand that testing items and crafting insightful reviews takes
time. You should request items as you can review thoroughly and post
informed opinions about. Vine reviews are subject to the Community
Guidelines and we monitor the reviews posted by Vine Voices in order to
ensure the members of our community keep submitting insightful and unbiased reviews and do not use the program in a way that negatively impacts
customer trust.
How do I return, exchange, or modify my Vine requests?
These actions are not yet supported.
Are Amazon employees eligible to become Vine Voices?
No. As stated in the Vine Voice Participation Agreement Amazon employees
are not eligible.
What should I do if I see this rCLmessage about recent activityrCY alert?
This is an early warning to ensure you comply with the Vine Participation Agreement and ensure that your reviews help other customers like yourself
make informed buying decisions. If you see this alert, read to understand
the reason and then click the yellow button to regain access to Vine. If we donrCOt see any improvement 7 days, we will unfortunately permanently close your Vine account after 30 days of monitoring.
How do I avoid getting these account alerts?
Here are some ways to ensure you comply with the Vine Participation
Agreement:

To resolve continued issues with items being damaged in transit or not delivered at all, we recommend that you resolve your shipping issues before claiming more Vine items.

Cancel your order only when you genuinely cannot try the item as-is to
provide an insightful review. This helps us keep limited units that sellers allocate to Vine available for someone else to claim. Canceling unshipped
Vine orders does not put the item back into Vine for other Voices to claim.

Remember to personally write and submit independent and unbiased reviews
that reflect your true opinion (regardless of whether it is positive or negative), based in your actual experience, of Vine Products on amazon.com
and not request or review any product where you have a conflict of
interest.
What can I do if my account is permanently closed from Vine?
If you see this message rCLYour Vine account has been closed for violating
one or more of the Vine terms and conditions. You will still be able to
view your Vine reviews and Vine order history but will no longer be able to request Vine items.rCY then your account has permanently lost access to Vine. At this time, we cannot support appeals or re-activations. Please note that our Vine Customer Service team cannot reverse this decision or share more details on this matter; they can only confirm account status.
Membership Tiers
What is it?
Vine membership provides tiered access and rewards based on contributions
to Amazon Vine.
What is the difference between Silver and Gold tiers?
Silver Tier: This is the base tier that allows you to request up to 3 items per day from products valued at $100 or less. To be upgraded to the Gold
tier, you must review at least 80 Vine items and 90% of your Vine orders within the evaluation period stated in your Account page.

Gold Tier: This is the premium tier that allows you to request up to 8
items per day from products of any value. To remain in this tier, you
should review at least 80 Vine items and 90% of your Vine orders within the evaluation period stated in your Account page.
IrCOm in the Silver status, so what do I need to do at a minimum to prevent
my account from being Closed?
To maintain an active account, be sure to review at least 60% of your
orders at all times. If less than 60% of your orders are reviewed, your account will be placed under review. However, you will still have access to Vine, but the new product recommendations will be turned off and your
account will be at risk of being closed. You can recover your account once
you have reviewed greater than 60% of your recent orders for at least two weeks in a row. If we donrCOt see any improvement in review levels, we will unfortunately close your account after 30 days of monitoring.
I see Silver status in my Account page, so how many items can I request?
In the Silver tier, you can request up to 3 items per day. Once you are upgraded to Gold tier, you can request up to 8 items per day. The rCLRequest ItemrCY button will be deactivated once you have met the request limit for
the day.
Evaluation Period
What is being tracked by Amazon Vine?
Under the rCLYour Vine activityrCY section of the Account page, we use the below metrics:

rCLYou have reviewed X Vine items this periodrCY tracks the total reviews that have been submitted and approved by the Amazon Customer Reviews team within the evaluation period.

rCLYou have reviewed X% of your Vine items this periodrCY tracks the total approved reviews as a percentage of total orders placed within the
evaluation period.

Amazon Vine monitors Voice activity and has guardrails to avoid program misuse. This ensures we deliver value to customers from this program.
What is an evaluation period?
The Evaluation period is the duration over which your review contributions would be analyzed to assess your tier status.

If you joined Vine prior to October 6, 2022, your Evaluation period end
date (or your rCLRe-evaluation daterCY) has been randomly assigned six to nine months from your Evaluation period start date. After your first
re-evaluation date, all future re-evaluation dates will be set to six
months from the last re-evaluation date.
I have been submitting reviews, so why does the Evaluation period show 0% reviewed?
These metrics reset to 0 at the beginning of each evaluation period. They update within two days of review approval.
How do I make sure my reviews count towards my Evaluation period?
Submit reviews at least two weeks before your Re-evaluation date to allow
for review processing by the Amazon Customer Reviews team. If your
Evaluation period ends on April 6, 2023, then you should plan to submit
your reviews by March 23, 2023.
What should I do when I see the rCLUpdate to account statusrCY message?
This is a courtesy warning to remind you to submit reviews on the Vine
items yourCOve recently ordered in the last 3 months. Once you have reviewed 60% or more of your recent orders for at least two weeks, the message will
be removed.
Tax Information
Why do I have to complete the tax interview for Amazon Vine?
The tax authorities require all Vine Voices to provide tax information to
be compliant. The Tax Interview is used to determine and fulfill AmazonrCOs tax reporting and withholding obligations For US persons, tax reporting is required to the extent that goods $600 or more is received by an Amazon
Vine participant.

In order to fulfill the IRS requirements as efficiently as possible, answer all questions and enter all information requested during the Tax Interview. Use caution to avoid misspellings or entering incorrect Tax Identification Numbers, which can result in an invalidated tax form. If you have
questions, please consult your tax advisor.

If you do not complete the Tax Interview, you will not be eligible to participate in the Amazon Vine program.
Will I be asked for my Social Security Number?
Yes. Failure to supply a tax identification number (TIN) will require
Amazon to apply the maximum amount of withholding. Amazon collects TINs
that include Social Security Numbers (SSNs), Employer Identification
Numbers (EINs), and Individual Taxpayer Identification Numbers (ITINs). The information is collected through AmazonrCOs Tax Interview and is securely maintained. The information is used to facilitate AmazonrCOs tax reporting
and withholding obligations.

For more information on tax identification numbers, please consult your tax advisor.
I am not going to come even close to hitting the reporting threshold. Why
does Amazon require my tax information?
It is AmazonrCOs policy to collect tax information upfront in order to be prepared to meet any potential tax information reporting obligations it has with the relevant tax authorities. Your tax information is collected
through AmazonrCOs secure systems solely for the purposes of tax information reporting and will not be shared with any third parties, except as required
by law (for example, we are required to file copies of Forms 1099 with the Internal Revenue Service).
Can I return my Vine item after reviewing so I do not have to pay taxes?
No.
I am a U.S. person (a U.S. citizen or resident alien). What information do
I need to provide to Amazon?
For U.S. persons, we will ask for information such as tax Identification number (SSN, EIN), legal name, and physical address. We will use this information to identify you and to comply with tax reporting obligations applicable to U.S. persons.
I am not a U.S. person (either a U.S. citizen or a resident alien). Do I
need to provide any information to Amazon?
No. Unfortunately, you will not be able to continue to participate in
Amazon Vine. The Vine program is open only to U.S. persons.
Can you advise on how I can fill out the Tax Interview?
We have created a resource guide for the Tax Interview. Please follow link
to access: https://taxcentral.amazon.com/tax-interview/help?nodeId=201588330&locale=en_US.
For additional guidance, please consult your tax advisor.
I've provided my tax identity information. How long will it take to see if
it is valid?
In most cases, your tax information should be validated within a few
minutes of submission. In rare cases, the validation process could take up
to 60 days. this is because you have mentioned, "I have received my EIN/SSN within 60 Days". Our system will continue attempts to validate your TIN for
60 days from the date on which you completed your tax information
interview.

Once the validation process is complete, the tax information status will
show Completed/Validated on your Amazon Vine account page. Please note that while the validation process is pending, you will not be able to make
changes to your tax information.
What does the tax questionnaire status in my Vine account mean?
Not Started rCo You have not started the tax questionnaire, please click on the Start/Update Questionnaire link in your Vine Account tab to begin.

Completed/Validated rCo Your tax information has been validated and no
further information is needed at this time.

Pending Validation rCo Your tax information is currently being reviewed. Please check back in a few days for an update.

Pending Additional Information rCo This could be one or more of the
following: 1) We have not received your forms. For fastest processing, you
can consent to an electronic signature. 2) Your name and/or tax
identification number do not match IRS records, please follow below steps
to retake your Tax Interview. 3) We are missing information on your questionnaire, please follow below steps to retake your Tax Interview.
a. Access your account via: amazon.com/vine/account
b. Go to your rCLVine tax informationrCY section
c. Select rCLStart/Update QuestionnairerCY
d. Click rCLTake InterviewrCY and follow steps to completion.

Not US Person rCo Based on the information you provided in your tax questionnaire, you are not a US Person. Unfortunately, you will not be able
to continue to participate in Amazon Vine. The Vine program is open only to U.S. persons.
I received an e-mail stating that my tax identity information is invalid. I thought I provided my correct information. Can you tell me why it came back invalid?
We don't know exactly why your tax identity information came back as
invalid, but here are some things to consider:

If you are completing the tax identity information as an individual, use
the information that appears on your Social Security card. Misspelling your name, not including your middle initial or middle name, or entering an incorrect Tax Identification Number may cause tax identity information to
not match to IRS records.

If you are completing the information as a business, use the name that
appears on the top line of the address on your CP575A notice from the IRS.

Your tax name may be different from the name you use to conduct business or receive payments.
When will I receive my 1099-NEC form?
You will receive your 1099-NEC form by January 31st only if: you received
over $600 in payments OR if there were any taxes deducted / withheld from
you.

However, please note that payments to Corporations including a Limited Liability Company (LLC) that is treated as a C or an S Corporation and
other tax-exempt organizations are not reportable on Form 1099-NEC.
How are product values calculated?
The fair market value (FMV) is calculated based on a variety of factors, including information provided by the manufacturer. The current price is
only one of the components taken into account when calculating the FMV of
an item which may be different from the current price listed on Amazon.com. There are certain categories were we have a set FMV. For example,
third-party household goods such as grocery, beauty, and pet foods will be generally valued at $0. Books, including Advanced Reader Copies, will be valued at 99 cents. We cannot make adjustments to this value; please know
that if you order this item you will be responsible for paying taxes associated with the FMV shown.

Your Account page will display a running total of the FMV for products received through the program; this allows you to track the value of
products you have received each year.

If you have any concern about the FMV of a Vine item, we suggest that you
do not request this item as we cannot adjust this value and it will be reported on your tax documents.

Your Account page will display a running total of the fair market value for products received through the program; this allows you to track the value
of products you have received each year.
How do I update my information for tax reporting?
You can update yourtax information by retaking the Tax Interview. Be
advised that this will only update your information for tax purposes.
Follow below steps to retake the Tax Interview:
a. Access your account via: amazon.com/vine/account
b. Go to your rCLVine tax informationrCY section
c. Select rCLStart/Update QuestionnairerCY
d. Click rCLTake InterviewrCY and follow steps to completion.
How do I access my forms online?
You will receive a Form 1099-NEC ONLY if you received payments of $600 or
more during the calendar year. To access the digital copy of your form,
please follow these steps:
a. Access your account via: amazon.com/vine/account
b. Go to rCLVine tax informationrCY section
c. Select rCLStart/Update QuestionnairerCY
d. Click rCLFind FormsrCY at the bottom of the page
e. Download applicable forms
Are there instructions on how to use the 1099-NEC for my tax return?
If you are unsure of how to report the information provided on a Form 1099-NEC, please contact your tax, legal, or other professional advisor.
Can I return my Vine item after reviewing so I do not have to pay taxes?
No, you will not be able to return any Vine items after review.
Does the total value change if I have to cancel an order because I canrCOt review it?
Yes, if you have to cancel a Vine order because you canrCOt review it due to
a defective or damaged item, then we may deduct the value of that item from your Vine account when the cancellation occurs. If you order and cancel an item in the same year, the two transactions will zero each other out. If it
is cancelled in the following year, then the adjustment will be reflected
in that yearrCOs itemized report. If you order a Vine item in 2021 and cancel in 2022, then the adjustment or negative value will be in the 2022
aggregated total.
When will the tax value from the cancelled Vine items be reflected in the estimated tax amount?
The tax values in the Estimate Total Amount and itemized report will update within two days of a request being processed by our Vine Customer Service team. The tax value for the current year is an estimate and updated on a regular basis. The final value may differ depending on the status of your order at the end of the year.
When is a product calculated towards my total for a tax reporting year?
For relevant tax authorities' reporting, Amazon estimates the fair market value of products at the point when you took ownership. Based on the Vine Voice Participation Agreement, title of Vine items transfers to you at the time of order. If a Vine item was delivered on November 3rd, 2022 and
another on January 15th, 2023, only the November one delivered in the 2022 calendar year will be calculated toward your 2022 aggregated total.
Requesting Vine Items
How often should I check my queue?
You should check in whenever you have the capacity to order another product
to review. We want you to feel free to check in whenever you are able and
not be required to come to the site on a specific day and time.
Will items appear in my queue at a standard time each day?
There will not be a specific day or time when items are added to your
queue. As we receive inventory from manufacturers, we will target the
product using our current targeting system.
Is there a limit to the number of items I can request?
There is a daily limit to the number of Vine items Voices can request; we
want to give all our Voices a chance to get items they are interested in
and to participate in this program.
What if there are no products in my queue?
There are four reasons you could not see products in your queue. 1) There
are no products in current inventory targeted to you based on our current targeting system. 2) You do not meet our active participation criteria. 3)
One of your reviews may have been flagged as innapropriate. 4) We have identified suspicious activity.
How long do I have to review items?
We encourage you to post insightful reviews quickly and ensure that your review contains quality feedback. Doing so will increase the likelihood
that your opinions will be among the first to appear on the detail pages of new and pre-4released items.
Can other people take products before I get to them?
Yes, as in the current Vine queues, you are not guaranteed a product until
you have placed an order for it.
Could products show up in several item queues at the same time?
No. Some products will go through the targeted queue first where you may or may not have been offered them, and after a period of time, will move to Available for All.
Can you please stop sending me books (or something else that I donrCOt want)? We understand that there are some products in your queue that you do not
have interest in. We try and do our best to make sure that products are targeted to the best of our ability, but some products have no history and need to be offered up to several people that may or may not enjoy them. We encourage you to try something new every now and then - you never know, you might like it.
What types of products are eligible for Amazon Vine?
Amazon selling partners may nominate any products they wish for inclusion
in Amazon Vine. We encourage you to browse the queues for newest in
clothing, electronics, home and kitchen, pet supplies, outdoor gear, books
and any other items that catch your eye.
The item I want to review is no longer in stock. Will Amazon Vine replenish the item?
Amazon Vine is a promotional program, so participating brands allocate
limited quantity of newly released products. We encourage you to visit our website often so that you can request items that you want to review before
the inventory runs out.
Tracking Vine Orders
How long will it take for me to receive a product to review once I request
it?
You should receive your Amazon Vine item(s) within 5-7 business days of shipping it. You may track your orders by visiting the Vine Orders page.
It has been over a week and I have not received my Amazon Vine item. How
can I check status?
Please visit the Vine Orders page to view the status of your order.
Can I ship Vine items outside of the United States?
Unfortunately we cannot support international Vine shipments at this time.
We hope to provide this capability in the future and apologize to our
valued international reviewer community.
I am an Amazon Prime member. Why donrCOt I get free two-day shipping on Vine items?
All Vine items are handled separately from the rest of our Amazon products. Vine items currently ship at standard ground speeds (3-7 days).
Can I cancel a commitment to review a Vine item after receiving it?
You may cancel a Vine order if you are not able to review it. Cancellations are not offered for slight variances in products, and you should take this into account before participating in Amazon Vine Voices. Orders that have a review posted or are beyond 30 days from delivery date cannot be cancelled.
If you have to cancel a Vine order, please open a case by clicking on
Contact Us and providing the Order ID Number and reason for canceling.
Does Vine offer returns?
Amazon Vine items are not returnable or replaceable but may be cancelled. Submitting Vine Reviews
Am I required to write reviews about all the Amazon Vine products I select?
The Amazon customer community highly values your opinion and Amazon Vine exists to help the Amazon customers make better informed purchase
decisions. We do not require that you write a review but we do take this
into account when determining who the best reviewers are to keep in Amazon Vine.
How quickly do I need to post my review?
We encourage you to post reviews quickly and ensure that your review
contains quality feedback. Doing so will increase the likelihood that your opinions will be among the first to appear on the detail pages of new and pre-4released items.
Where do I post my review?
Please click on the Vine Reviews page on the Amazon Vine website to post
your review. Please follow Amazon's General Review Writing Guidelines as outlined on that page in crafting your review
What should my review include?
Vine reviews should be focused on the product and follow the Community Guidelines. Feedback about your shipment experience, or packaging should
not be included in Amazon Vine reviews.
How may I edit my reviews?
You may edit any reviews submitted to the Vine program by visiting the Vine Reviews page and clicking rCySee reviewrCO and then rCyEditrCO for any Vine product
that you have reviewed.
Will Amazon edit my review?
No. All Amazon Vine reviews will be posted on the productrCOs Amazon.com detail pages unedited, regardless of whether it is a favorable review or
not.
Why are my recent orders not showing in Awaiting Reviews?
Only delivered items appear in the Awaiting Reviews list. We do not expect
you to review items you have not yet received. After placing your order,
there will be processing time for your item to be delivered and for the
system to update.
Where will my review appear on the product detail page?
Amazon Vine reviews appear on the product detail page, in the same location
as other Amazon customer reviews. Amazon Vine reviews are distinguished
from others with a special badge.
Do I need to return the item after reviewing it?
Amazon Vine items are yours to keep, unless a return is specifically
requested by Amazon.com.
Where can I get help if I have a question or issue about my reviews?
To find our more information about your review or the Community Guidelines, follow these steps:
1. Visit Amazon Customer Service
2. Select rCLHelp with something elserCY (if this button is displayed)
3. Select rCLSomething elserCY
4. Select rCLAmazon CommunityrCY
5. Select rCLAmazon Vine ProgramrCY and follow steps to completion
How do I report fake reviews?
Use the Report link near the review content that you want to report.
What should I do if IrCOm asked to change my review?
If someone offers you compensation to create, edit, or remove a review,
report it using the Report Review Compensation form. After we receive your report, we'll investigate and take appropriate action.
Review Quality
What is the Review Insightfulness Score (RIS) and why does Amazon evaluate
the insightfulness of my Vine review texts?
Review Insightfulness Score (RIS) measures how helpful and detailed your
Vine reviews are for other customers. We look at the content of your review text to determine how well you explain products and provide valuable information that helps customers make informed purchasing decisions. This helps maintain high-quality standards in the Vine program. Please note that RIS only applies to reviews of Vine orders and not to reviews you write for other Amazon orders.
Where can I find my Review Insightfulness Score and what do the different levels mean?
You can find your Review Insightfulness Score on your Vine Account page
along with other performance metrics for the current evaluation period. The score appears in one of four levels from Excellent (Green) to Poor (Red), reflecting how detailed, contextualized, and relevant your review content
is. Your score reflects average review quality of all reviews submitted
during the current evaluation period and is factored into your tier status.
How is my Review Insightfulness Score calculated and how can I improve it?
We evaluate several key aspects of your review content when calculating
your score:

Level of Detail: We look at how specifically you describe the product based on your actual experience. Instead of saying "works well," explain
how it performed specific tasks.
Contextualization: We consider how well you explain when and how the product works best. For example, "I used this blender for making smoothies with frozen fruit" is more helpful than "I used this blender."
Topic Relevancy: We check whether your review focuses on the product itself rather than shipping, ordering, or other non-product aspects.
Star Rating Context: We assess how well your written review supports
your star rating. Your review should provide specific details and examples that help other customers understand your rating choice, whether positive
or negative.

Please note that this score does not have specific word count
requirements or media (images/video) requirements, which means that
increasing word count or adding media will not automatically improve your score.

Why am I not seeing an RIS score yet or why hasn't my score updated?
There are a few reasons why your RIS score might not appear or update immediately. You need to have submitted at least one Vine review before receiving a score. Most reviews may have a 3 day delay between when you
submit or edit a review and when the score is calculated and displayed.

If you've submitted reviews more than 14 days ago and still don't see a
score, check that your review submission was confirmed or contact Vine Customer Support with a link to your review to report a potential issue.
The Vine Customer Service team cannot modify Review Insightfulness Scores
or share additional details about how specific scores were calculated.
Why do rejected reviews still show an RIS score? How does this impact my overall score?
If one of your reviews is rejected by Amazon's Customer Reviews team, it
will still display a score from when it was initially evaluated. If you can
no longer edit or delete the rejected review, then its score continues to count toward your overall score for the current evaluation period.

Please note that occasionally reviews with high insightfulness scores may still be rejected as they need to comply with our Community Guidelines, regardless of their insightfulness score. For example, a detailed review
that mentions competing products by name or includes external website links may be rejected even if it's otherwise well-written and insightful.

If you have rejected reviews affecting your overall score, focus on writing several high-quality reviews for your new Vine items to improve your
average score over time.
--
Probably one out of a million people know how to properly review a product.
--- Synchronet 3.21b-Linux NewsLink 1.2