From Newsgroup: comp.mobile.android

I have 78 or 79, including system apps that have read permission to my contacts, although none of them can get even a single contact from me.

How many do you have?
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Maria Sophia wrote:

I have 78 or 79, including system apps that have read permission to my contacts, although none of them can get even a single contact from me.

How many do you have?

Most people have no idea how many apps can read their contacts.
adb shell dumpsys package > dump.txt
grep -Ff pkgs.txt dump.txt | grep "READ_CONTACTS: granted=true" > read.txt

Caring about other peopleos privacy means recognizing that our choices
about data don't just affect us because our choices about data can expose everyone near and dear to us whose information we hold on our phones.

Generally the Settings "privacy" UI is a polite fiction compared to what dumpsys actually reports (where dumpsys is hundreds of thousands of lines).

Some apps get READ_CONTACTS because they are:
the default SMS app
the default Dialer
the default Contacts provider
the default Assistant
the default Phone app

Settings might not show these as "granted" because they're not user-controlled. But as a starting point, the Settings GUI isn't all that
bad either in my comparison tests just now compared to dumpsys.

Also, settings doesn't provide the granularity of
GRANTED_BY_DEFAULT
SYSTEM_FIXED
GRANTED_BY_ROLE
REVOKED_COMPAT
USER_SET
REVIEW_REQUIRED

Also, settings only shows the current effective state.
And settings only shows the current user's permissions.
But Settings wasn't too shabby either (I had expected it to be worse).

My main point is that most people have no idea that the courteous thing to
do is to care to think about protecting other people's contact information.

I do that by using apps that don't store the contacts in the Android
contacts database, but if people have other caring methods, I'm all ears.

The problem is that there could be scores of apps that can read contacts.
Any one of which has access to the entire contacts database at any time.

While dumpsys is the best way to find which apps have read permission to
our contacts sqlite database, my Android 13 Galaxy has
Settings > Security and privacy > Privacy > Permission manager > Contacts

Guess what it shows?
Yup. I's a brazen lie.

It shows "15 of 60 apps" have permission. Heh heh heh... but that's a lie.
It shows "Allowed" and "Not allowed" (but not "Allowed only while in use"). When I click the 3dots & then "Show system" apps, it shows 78 pkgs though.

That's pretty close (and some of those are duplicates too).

--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-10 13:51, Maria Sophia wrote:

I have 78 or 79, including system apps that have read permission to my contacts, although none of them can get even a single contact from me.

How in the hell does that sentence make sense?

Can someone help me out here?
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-10 13:52, Maria Sophia wrote:

Maria Sophia wrote:

I have 78 or 79, including system apps that have read permission to my
contacts, although none of them can get even a single contact from me.

For someone who prattles on endlessly about how your privacy is
important to you, that seems very, very odd that you've allowed so many
apps access to that information.

It's almost like this was never really about privacy, but you just
trying to score points.

Efye

How many do you have?

Most people have no idea how many apps can read their contacts.
adb shell dumpsys package > dump.txt
grep -Ff pkgs.txt dump.txt | grep "READ_CONTACTS: granted=true" > read.txt

Wow, you need to use a terminal command to find out something this
important?

On my iPhone, I just went...

Settings (app)
Privacy & Security
Contacts

...and I instantly knew how many apps on my iPhone had access to my
contacts.

It was 4 by the way.

Including the Contacts app itself, there were 2 other with full access
(one of which I've subsequently turned off) and 1 with limited access
which actually had no contacts selected for access!

That was easy wasn't it?

I wonder if some other person might have been able to figure out that
Android has a method that is just as easy? I bet there is.

Efye

See: I'm not trying to pretend this is an advantage to using iOS.

Efye
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 10/02/2026 21:56, Alan wrote:

On 2026-02-10 13:51, Maria Sophia wrote:

I have 78 or 79, including system apps that have read permission to my
contacts, although none of them can get even a single contact from me.

How in the hell does that sentence make sense?

Can someone help me out here?

From what I remember has been previously written, there are no contact
names stored anywhere on Maria Sophia's phone. I guess it means that
when a message is received (eg email or SMS), and the Contacts app
offers to store the senders name as a contact, that offer is refused
every time.

The contacts could instead be stored in a text file with email addresses
and phone numbers next to them.

BICBW...
--
Jeff
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-10 14:23, Jeff Layman wrote:

On 10/02/2026 21:56, Alan wrote:

On 2026-02-10 13:51, Maria Sophia wrote:

I have 78 or 79, including system apps that have read permission to my
contacts, although none of them can get even a single contact from me.

How in the hell does that sentence make sense?

Can someone help me out here?

From what I remember has been previously written, there are no contact names stored anywhere on Maria Sophia's phone. I guess it means that
when a message is received (eg email or SMS), and the Contacts app
offers to store the senders name as a contact, that offer is refused
every time.

The contacts could instead be stored in a text file with email addresses
and phone numbers next to them.

BICBW...

I supposed that could be true.

Of course, I wouldn't refer to a null set of contacts as "my contacts".
That would make no sense.

If that's what I meant--that 78 or 79 apps had access to the contacts database, I'd probably have written something like:

"I have 78 or 79, including system apps that have read permission to the contacts database, although that's empty because I don't use it."


But then, I'm interesting in making this clear, and that never seems to
be among Arlen's motivations for posting.

Did you see where he recently wrote that iOS doesn't expose the "real
file system" to your PC, as "every other common consumer operating
system does"...

...and then in his very next post on the subject it was suddenly a "normal-looking storage area" instead of a "real file system"?

:-)
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Maria Sophia wrote:

I have 78 or 79, including system apps that have read permission to my contacts, although none of them can get even a single contact from me.

How many do you have?

17, only 4 of which aren't "stock" apps on a Pixel.

--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Jeff Layman wrote:

On 10/02/2026 21:56, Alan wrote:

On 2026-02-10 13:51, Maria Sophia wrote:

I have 78 or 79, including system apps that have read permission to my
contacts, although none of them can get even a single contact from me.

How in the hell does that sentence make sense?

Can someone help me out here?

From what I remember has been previously written, there are no contact names stored anywhere on Maria Sophia's phone. I guess it means that
when a message is received (eg email or SMS), and the Contacts app
offers to store the senders name as a contact, that offer is refused
every time.

The contacts could instead be stored in a text file with email addresses
and phone numbers next to them.

BICBW

Hi Jeff Layman,

Long time no see. Good to hear from you again on the Android newsgroup!

Can you please check how many apps (including system apps!) can read your contacts database for this group-wide survey. Just make sure you include
system apps because most people don't realize they abound on Android.

The act of storing other people's information on a smartphone is not a
private act as it's a shared responsibility steeped in courtesy & respect.

People who THINK about privacy know which tools are privacy aware, whereas people who just do what the marketing organizations tell them to do, can't.

I use a privacy-respecting contacts app because it keeps my friends' and family's information out of the 70+ apps on my phone that have permission
to read the system contacts sqlite database via Contacts ContentProvider.
</data/data/com.android.providers.contacts/databases/contacts2.db>

Most people would claim they only have a half dozen or so, but nobody who claims that small a number ever has any idea whatsoever how to even check.

They just guess.
They think the GUI is going to tell them the truth.
It won't.
It can't.

It's not designed to tell them the truth.
That's why in this thread I used adb dumpsys to get at the truth.

And the fact my phone has over 70 apps with read permission on the contacts
is meaningless on my phone because I'm rather intelligent about my setup.

It's impossible for any app on the planet to get to my contacts even if
they have full read permission, because my sqlite database is empty.

On purpose.
Although I could populate it with false data using apps designed for that.
Fake Contacts, MIT License, by Bill Dietrich
<https://f-droid.org/en/packages/me.billdietrich.fake_contacts/>
"The idea is to feed fake data to any apps or companies who are copying
our private data to use or sell it. This is called data-poisoning."

But I've kept my contacts database empty for years, and I can use a phone
as well or better than anyone else on the planet in terms of communication.

That's what respect for people & courtesy looks like in the digital world.

I know of you so I know you don't think always the way you're told to think (e.g., when we discussed the "fused provider" years ago as one example).

So I'm hoping you understand that it's a mark of respect to preserve the sanctity of privacy as contacts are NOT our data to share to 3rd parties.

Contacts are other people's private information. Treat them as such.
Contacts are not ours to share on the Internet without express permission.

The fundamental way most people store contacts privately is they use apps
which are specifically sandboxed so that no other apps can get the data.

Hence a privacy-respecting contacts app stores its data in its own sandbox.
a. Other apps cannot access that sandbox.
b. Therefore, our contacts remain private.

These FOSS apps are designed by intelligent people who care very much about privacy, so they're not like the standard Google apps which do not.

A FOSS privacy-aware contacts app is "DOpen Contacts" for example.
*DOpen Contacts* (Dialer + Open Contacts)
<https://f-droid.org/en/packages/opencontacts.open.com.opencontacts/>
<https://gitlab.com/sultanahamer/OpenContacts> debug APK available
"Even though we are not having any problem sharing our mobile number
with all third parties, people in our phone book might have.
We should not be sharing their contact information online.
This app saves contacts in its own database separate from android
contacts. This way no other app would be able to access contacts.
Can be used in place of your default phone(dialer) app.
It can import contacts from vCard files.
So we can export Android contacts and import into this app.
Maintains call log as well.
Also shows the person's name upon receiving call"

It's used by people who are courteous to others because it stores the
contacts in its own database that the other 50 or so apps can't get to.
--
The obvious answer is often the one marketing provides for you which
means that it's rarely (if ever) the most private way to do the task.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-10 16:22, Maria Sophia wrote:

Jeff Layman wrote:

On 10/02/2026 21:56, Alan wrote:

On 2026-02-10 13:51, Maria Sophia wrote:

I have 78 or 79, including system apps that have read permission to my >>>> contacts, although none of them can get even a single contact from me.

How in the hell does that sentence make sense?

Can someone help me out here?

-aFrom what I remember has been previously written, there are no
contact names stored anywhere on Maria Sophia's phone. I guess it
means that when a message is received (eg email or SMS), and the
Contacts app offers to store the senders name as a contact, that offer
is refused every time.

The contacts could instead be stored in a text file with email
addresses and phone numbers next to them.

BICBW

Hi Jeff Layman,

Long time no see. Good to hear from you again on the Android newsgroup!

Can you please check how many apps (including system apps!) can read your contacts database for this group-wide survey. Just make sure you include system apps because most people don't realize they abound on Android.

The act of storing other people's information on a smartphone is not a private act as it's a shared responsibility steeped in courtesy & respect.

It's a private act if you buy your smartphone from a company that
doesn't want to monetize your personal information.

People who THINK about privacy know which tools are privacy aware, whereas people who just do what the marketing organizations tell them to do, can't.

I use a privacy-respecting contacts app because it keeps my friends' and family's information out of the 70+ apps on my phone that have permission
to read the system contacts sqlite database via Contacts
ContentProvider. </data/data/com.android.providers.contacts/databases/ contacts2.db>

Don't you still have to trust that your "privacy-respecting contacts
app" actually respects your privacy.

Most people would claim they only have a half dozen or so, but nobody who claims that small a number ever has any idea whatsoever how to even check.

They just guess.
They think the GUI is going to tell them the truth. It won't. It can't.

It's not designed to tell them the truth.
That's why in this thread I used adb dumpsys to get at the truth.

Show us that you get a different answer from the GUI tools...

And the fact my phone has over 70 apps with read permission on the contacts is meaningless on my phone because I'm rather intelligent about my setup.

Or you could have just denied them permission in the first place...

It's impossible for any app on the planet to get to my contacts even if
they have full read permission, because my sqlite database is empty.

Wow!

On purpose.
Although I could populate it with false data using apps designed for that. Fake Contacts, MIT License, by Bill Dietrich <https://f-droid.org/en/packages/me.billdietrich.fake_contacts/>
-a"The idea is to feed fake data to any apps or companies who are
copying -a our private data to use or sell it. This is called data- poisoning."

But I've kept my contacts database empty for years, and I can use a phone
as well or better than anyone else on the planet in terms of communication.

That's what respect for people & courtesy looks like in the digital world.

I know of you so I know you don't think always the way you're told to think (e.g., when we discussed the "fused provider" years ago as one example).

So I'm hoping you understand that it's a mark of respect to preserve the sanctity of privacy as contacts are NOT our data to share to 3rd parties.

Contacts are other people's private information. Treat them as such.
Contacts are not ours to share on the Internet without express permission.

The fundamental way most people store contacts privately is they use apps which are specifically sandboxed so that no other apps can get the data.

Hence a privacy-respecting contacts app stores its data in its own sandbox. a. Other apps cannot access that sandbox.
b. Therefore, our contacts remain private.

These FOSS apps are designed by intelligent people who care very much about privacy, so they're not like the standard Google apps which do not.

A FOSS privacy-aware contacts app is "DOpen Contacts" for example.
*DOpen Contacts* (Dialer + Open Contacts) <https://f-droid.org/en/packages/opencontacts.open.com.opencontacts/> <https://gitlab.com/sultanahamer/OpenContacts> debug APK available
"Even though we are not having any problem sharing our mobile number
-awith all third parties, people in our phone book might have. -aWe
should not be sharing their contact information online.
-aThis app saves contacts in its own database separate from android
-acontacts. This way no other app would be able to access contacts.
-aCan be used in place of your default phone(dialer) app. -aIt can import contacts from vCard files. -aSo we can export Android contacts and import into this app.
-aMaintains call log as well. -aAlso shows the person's name upon
receiving call"

It's used by people who are courteous to others because it stores the contacts in its own database that the other 50 or so apps can't get to.

And you just trust that they're not lying to you...

BTW, is this you:

<https://xdaforums.com/m/galaxya325g.11604613/>

I read a couple of posts, and it sounds exactly like you, Arlen!

"I was asked why I consider it rude for people to upload their contacts without asking permission so I figured I'd copy my response here so that
we can all benefit from the privacy discussion.

Since I put together systems for a living, and since I used to have an engineering-level TSSI special access designation, I'm likely more tuned
to privacy holes than most people, as I've seen "how they work out there".

Most people, I'd wager, would be shocked at how much is hoovered about us.

This is a technical summary of what actually happens with contacts on
Android and why the privacy risks are not about the SQLite file itself
but about the data flows around it."

<https://xdaforums.com/t/privacy-how-to-save-back-up-restore-contacts-completely-offline-while-still-being-usable-outside-the-default-android-sqlite-contacts2-db-database.4777974/>

"Does hiding your home AP broadcast beacon prevent UPLOAD of your SSID/BSSID/GPS to Google?"

<https://xdaforums.com/t/privacy-does-android-upload-your-home-ap-ssid-bssid-gps-if-the-home-ap-broadcast-beacon-is-hidden.4284897/page-2#post-90401241>

You guys tell me: am I right?

:-)





--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-11 02:03, Alan wrote:

BTW, is this you:

<https://xdaforums.com/m/galaxya325g.11604613/>

I read a couple of posts, and it sounds exactly like you, Arlen!

Yes, it is him.

This time he wrote a post where he said his new name.
--
Cheers,
Carlos E.R.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On Tue, 10 Feb 2026 13:56:45 -0800, Alan wrote:

How in the hell does that sentence make sense?

Can someone help me out here?

Arlen is hallucinating.
--
s|b
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On Tue, 10 Feb 2026 16:52:54 -0500, Maria Sophia wrote:

Most people have no idea how many apps can read their contacts.
adb shell dumpsys package > dump.txt
grep -Ff pkgs.txt dump.txt | grep "READ_CONTACTS: granted=true" > read.txt

We get it; you're (pretending to be) 1337.

I just go to

Instellingen > Beveiliging en privacy > Privacyopties > Rechtenbeheer > Contacten en accounts

Everybody can do that.
--
s|b
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On Tue, 10 Feb 2026 14:06:55 -0800, Alan wrote:

I wonder if some other person might have been able to figure out that Android has a method that is just as easy? I bet there is.

Instellingen > Beveiliging en privacy > Privacyopties > Rechtenbeheer > Contacten en accounts
--
s|b
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 11/02/2026 00:22, Maria Sophia wrote:

Jeff Layman wrote:

On 10/02/2026 21:56, Alan wrote:

On 2026-02-10 13:51, Maria Sophia wrote:

I have 78 or 79, including system apps that have read permission to my >>>> contacts, although none of them can get even a single contact from me.

How in the hell does that sentence make sense?

Can someone help me out here?

From what I remember has been previously written, there are no contact
names stored anywhere on Maria Sophia's phone. I guess it means that
when a message is received (eg email or SMS), and the Contacts app
offers to store the senders name as a contact, that offer is refused
every time.

The contacts could instead be stored in a text file with email addresses
and phone numbers next to them.

BICBW

Hi Jeff Layman,

Long time no see. Good to hear from you again on the Android newsgroup!

Can you please check how many apps (including system apps!) can read your contacts database for this group-wide survey. Just make sure you include system apps because most people don't realize they abound on Android.

According to my phone, I have 5 of 15 apps allowed access to Contacts.
These are: Contacts, FairEmail, Messages, Personal Safety, Phone.

All are System apps with the exception of FairEmail according to the Muntashirakon App Manager.

I can supposedly disallow permission for all of these to access Contacts
with the exception of Personal Safety, where "Do not allow" is greyed
out. If I try to disallow the permission for the System apps, I get a
warning message: "If you deny this permission, basic features of your
device may no longer function as intended". This is probably nonsense,
as I've disallowed Google access, and get the same message.
--
Jeff
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

s|b wrote:

On Tue, 10 Feb 2026 16:52:54 -0500, Maria Sophia wrote:

Most people have no idea how many apps can read their contacts.
adb shell dumpsys package > dump.txt
grep -Ff pkgs.txt dump.txt | grep "READ_CONTACTS: granted=true" > read.txt

We get it; you're (pretending to be) 1337.

I just go to

Instellingen > Beveiliging en privacy > Privacyopties > Rechtenbeheer > Contacten en accounts

Everybody can do that.

I never disagree with anyone, no matter who they are, if/when they make a logically sensible statement which is based on evidence and fact.

So, I agree with you that everyone can do that, but what people might not
know if I didn't inform them is that its output is essentially a lie.

Not a big lie mind you.
But not the full truth either.

As long as we realize it doesn't output the full truth, it's fine.

BTW,. I'm not necessarily pretending to be elite so much as learning from others by way of comparison, how many apps they own that can read contacts.

On my system, it's somewhere between 70 and 80 "packages", but of course on
my system, no package on the planet can read my contacts even with read permission.

But I know more of the million things that most people only know 6 of.
So my contacts sqlite file is completely empty (and always has been).

Directly to your stated point above...

Everyone knows the first half dozen steps of the million things we need to
do on any computing device to be private, so I agree this is trivial stuff.
Beveiliging en privacy -> Security & privacy
Privacyopties -> Privacy options
Rechtenbeheer -> Permission management
Contacten en accounts -> Contacts and accounts

While that activity isn't bad if you turn on "System" apps, it is rather untruthful if you don't know that system apps overwhelm user apps.

Also, it's untruthful if you don't know it's onlyh for one user.
And it's only "at the moment".
And it doesn't say how the read permission on contacts was ste.
etc.

For that, we need the adb "dumpsys" command, which, when run on my device, revealed over two hundred thousand lines of information about my setup.

Anyway, the important thing of this survey is to help others understand
that it's a common decent courtesy to protect private inforamtion in
contacts since it's a basic human right not to be sold by other people.

To that end, the answer to this question is supremely important:
Q: How many apps (including system apps) have read access to your contacts?
A: ?

When you find the number, the question I'd ask is "Are you surprised?".
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On Wed, 11 Feb 2026 12:19:03 +0100
"Carlos E. R." <robin_listas@es.invalid> wrote:

On 2026-02-11 02:03, Alan wrote:

BTW, is this you:

<https://xdaforums.com/m/galaxya325g.11604613/>

I read a couple of posts, and it sounds exactly like you, Arlen!

Yes, it is him.

This time he wrote a post where he said his new name.

I'm giving up on this group. Well done "purposely helpful" Arlen.
--
Bah, and indeed Humbug.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Carlos E. R. wrote:

Yes, it is him.

This time he wrote a post where he said his new name.

Hi Carlos,

I'm being nice this year, even on the Apple newsgroups, as an experiment to
see if I can help turn that newsgroup around and part of "being nice" is
not responding to trolls so you'll note I have long ago plonked Alan Baker.

Nonetheless, you felt the need to respond to him so I will only say that
I've never hidden who I am and many (many!) many times, I've pointed to XDA threads of mine on all the OS Usenet newsgroups so I don't hide my posts.

The fact anyone would gleefully claim they're an utter genius for finally figuring out after a dozen years of me saying so, is kind of funny though.

My point is for you to "confirm" the idiocy of someone like Alan claiming
to have figured out what was never hidden, is an insult to me and others.

For you to insult our intelligence so openly and readily is disconcerting.

If you don't realize how insulting it was your response, then think about
it and if you still can't figure out how wrong you are about it, just ask.

BTW, let's get back on topic.
Q: How many apps (including system apps) have read access to your contacts?
A: ?

When you find the number, the question I'd ask is "Are you surprised?".
--
That was just about as nice as I could have put it given my skill sets.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

s|b wrote:

On Tue, 10 Feb 2026 13:56:45 -0800, Alan wrote:

How in the hell does that sentence make sense?

Can someone help me out here?

Arlen is hallucinating.

There's an entire thread on the Windows newsgroup about your incessant
trolling where once you trolls infest a newsgroup, you ruin the threads.

This is an Android newsgroup.
Not your personal troll forum.

This is an Android question about contacts privacy.
Not your personal troll repository.

I'm going to ask you nicely, s|b, that if you have no capability of contributing to the contact-privacy topic, then please stop trolling us.

We're adults who are trying to learn more about how Android & privacy works (and if you can't post within those basic decency rules, do not post).

If you do, perchance, post an on-topic comment, we will treat you as an
adult, but you first have to stop incessantly trolling this newsgroup.

Please.
I'm asking you nicely.

If you can't add any on-topic value, at least...

*Please stop trolling this newsgroup.*
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Kerr-Mudd, John wrote:

This time he wrote a post where he said his new name.

I'm giving up on this group.

Once the trolls like Alan Baker, s|b and Kerr-Mudd Curmudgeon infest any
Usenet newsgroup, the thread topic is ruined (which is their main goal).

There are entire threads on the English language and Windows newsgroups
about this Kerr-Mudd John common troll so I'll only ask this troll to
please stop trolling this newsgroup and, to back up his own claims above.

Since Kerr-Mudd John implied he has added value to this Android
newsgroup... I only need to ask a single value-added question.

Q: Please name a single non-troll post of value of yours to any ng?
A: ?

If you can't point to even a single thread of added value, then all I would like to do is ask you to please act like an adult with common decency.

If you can't add any on-topic value, at least...

*Please stop trolling this newsgroup.*
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Can you please check how many apps (including system apps!) can read your
contacts database for this group-wide survey. Just make sure you include
system apps because most people don't realize they abound on Android.

According to my phone, I have 5 of 15 apps allowed access to Contacts.
These are: Contacts, FairEmail, Messages, Personal Safety, Phone.

All are System apps with the exception of FairEmail according to the Muntashirakon App Manager.

I can supposedly disallow permission for all of these to access Contacts with the exception of Personal Safety, where "Do not allow" is greyed
out. If I try to disallow the permission for the System apps, I get a warning message: "If you deny this permission, basic features of your
device may no longer function as intended". This is probably nonsense,
as I've disallowed Google access, and get the same message.

Hi Jeff,

Thanks for checking as the trolls from s|b and Alan Baker & Kerr-Mudd John
are derailing this thread, but I realize they troll because they can't contribute to the topic, where you can contribute so this is refreshing.

The main thrust of this thread is to help all of us better figure out what
the privacy situation is on our own devices with respect to the trust that
has been entrusted to us to protect our contacts from 3rd-party intrusions.

Based *only* on my output from adb dumpsys, I would question such a low
number given read permission is automatic for many system packages.

However...

I have a ton of wi-fi & gps utilities (like a ton of a ton!) and Google required all of them to get the same permissions so that may be one reason
why I have an overwhelmingly huge amount of apps that can read contacts.

Note as an aside that I'm not worried though because my contacts sqlite database has been empty for years, so they upload nothing to their servers.

The GUI never shows the full list (but it could be close in some cases).
But adb dumpsys package always does.

Q: Why the GUI shows fewer apps
A: Apparently it doesn't show system components that aren't apps
ContactsProvider
TelephonyProvider
Google Play Services modules
OEM frameworks
Backup/restore services
Sync adapters
Account managers
And it doesn't show apps that have the permission implicitly.
Also if an app declares a permission but doesn't request it at runtime
(because it's pre-granted), the GUI may not list it.

I'm not really sure why the numbers are so low for others though.
Mine are between 70 and 80 by way of stark contrast (via dumpsys).

Still, it's a great datapoint where the next question I'd ask of you and
anyone who has any apps with read permission to their contacts, is are you surprised at the number which you found out that "could" read contacts?
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Andy Burns wrote:

Maria Sophia wrote:

I have 78 or 79, including system apps that have read permission to my
contacts, although none of them can get even a single contact from me.

How many do you have?

17, only 4 of which aren't "stock" apps on a Pixel.

Hi Andy,

Thanks for responding, where your numbers are the only numbers (so far)
that I think might be reliable since there are *plenty* of system apps
which the permissions GUI may not be showing for a variety of reasons which
I have explained elsewhere in this thread so I don't need to repeat them.

The only truthful answer is one that comes out of adb dumpsys, but I do
agree that parsing that two-hundred-thousand-line output is problematic.

Did you get that number from the GUI or from dumpsys?

If from dumpsys, the easiest way I can think of checking is to grep
as findstr is problematic in that in my tests, it reports too much:

adb shell dumpsys package > dump.txt
type dump.txt | findstr "READ_CONTACTS: granted=true"

adb shell dumpsys package > dump.txt
type dump.txt | grep "READ_CONTACTS: granted=true" > read.txt

Many of the outputs in my dumpsys aren't even proper apps, as they're
sync adapters
account managers
Google Play Services modules
OEM frameworks
emergency services
telephony components
backup/restore services

Read.txt is 79 lines long but some apps have multiple similar permissions.

adb shell dumpsys package | grep -c "READ_CONTACTS.*granted=true"

Sorted uniquely, I only have 11 "types" of contacts read permission.
android.permission.READ_CONTACTS: granted=true, flags=[ GRANTED_BY_DEFAULT]
android.permission.READ_CONTACTS: granted=true, flags=[ GRANTED_BY_DEFAULT|RESTRICTION_SYSTEM_EXEMPT|RESTRICTION_UPGRADE_EXEMPT]
android.permission.READ_CONTACTS: granted=true, flags=[ GRANTED_BY_DEFAULT|USER_SENSITIVE_WHEN_GRANTED|USER_SENSITIVE_WHEN_DENIED]
android.permission.READ_CONTACTS: granted=true, flags=[ REVOKED_COMPAT|REVIEW_REQUIRED]
android.permission.READ_CONTACTS: granted=true, flags=[ REVOKED_COMPAT|REVIEW_REQUIRED|USER_SENSITIVE_WHEN_GRANTED|USER_SENSITIVE_WHEN_DENIED]
android.permission.READ_CONTACTS: granted=true, flags=[ SYSTEM_FIXED|GRANTED_BY_DEFAULT]
android.permission.READ_CONTACTS: granted=true, flags=[ SYSTEM_FIXED|GRANTED_BY_DEFAULT|RESTRICTION_SYSTEM_EXEMPT|RESTRICTION_UPGRADE_EXEMPT]
android.permission.READ_CONTACTS: granted=true, flags=[ USER_SENSITIVE_WHEN_GRANTED|GRANTED_BY_ROLE]
android.permission.READ_CONTACTS: granted=true, flags=[ USER_SENSITIVE_WHEN_GRANTED|USER_SENSITIVE_WHEN_DENIED]
android.permission.READ_CONTACTS: granted=true, flags=[ USER_SENSITIVE_WHEN_GRANTED|USER_SENSITIVE_WHEN_DENIED|GRANTED_BY_ROLE]
android.permission.READ_CONTACTS: granted=true, flags=[ USER_SET|USER_SENSITIVE_WHEN_GRANTED|USER_SENSITIVE_WHEN_DENIED]

For example, notice the "system fixed" permission of this line.
android.permission.READ_CONTACTS: granted=true, flags=[ SYSTEM_FIXED|GRANTED_BY_DEFAULT]
It's is system-level package that Android automatically gives access to,
and the user cannot revoke it. One question is how many of these exist.

GRANTED_BY_DEFAULT
Android gives this permission automatically to certain system components.
We cannot revoke it.

SYSTEM_FIXED
Hard-wired into the OS.
We definitely cannot revoke it.

GRANTED_BY_ROLE
Given because the app plays a system role (e.g., Phone, Contacts, Messaging).

USER_SET
We explicitly granted it at some point.

USER_SENSITIVE_WHEN_GRANTED / WHEN_DENIED
Android considers this a sensitive permission and may show it in the GUI.

REVOKED_COMPAT / REVIEW_REQUIRED
Older apps that Android keeps working for compatibility reasons.

RESTRICTION_SYSTEM_EXEMPT / RESTRICTION_UPGRADE_EXEMPT
Privileged packages that bypass certain permission restrictions.

There may be more types, but those are what I found in my dumpsys.

But wait, there's more... :)

Some are not currently granted so there's more than just "true"
since it won't show up in the GUI but it "can" be granted later.
android.permission.READ_CONTACTS: granted=false, flags=[ USER_SENSITIVE_WHEN_GRANTED]

So mainly, I need to know if your output is from dupsys
or from the GUI since I don't really trust the GUI output.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 11/02/2026 17:21, Maria Sophia wrote:
Mine are between 70 and 80 by way of stark contrast (via dumpsys).

Still, it's a great datapoint where the next question I'd ask of you and anyone who has any apps with read permission to their contacts, is are you surprised at the number which you found out that "could" read contacts?

I'm never surprised by anything in Android which compromises privacy.
It's interesting to compare the approach to giving information about an
app in the Google Play Store and F-Droid. The latter clearly has a
section entitled "Permissions" which show what the app will be able to
access (and perhaps modify). Not so the Play Store, which has a vague
section called "Data Safety".
--
Jeff
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Maria Sophia wrote:

Did you get that number from the GUI or from dumpsys?

The Permissions Manager in Settings.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

John,

I'm giving up on this group. Well done "purposely helpful" Arlen.

Put him into your killfile. Most newsgroup clients will than also hide all responses (and responses to them, etc.) to his posts too.

I know it helped me to ignore most of his clap-trap. There are enough
people left here who's posts are worth reading.

Regards,
Rudy Wieser


--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-11 17:49, Maria Sophia wrote:

My point is for you to "confirm" the idiocy of someone like Alan claiming
to have figured out what was never hidden, is an insult to me and others.

For you to insult our intelligence so openly and readily is disconcerting.

Not insulting. But now you are insulting me by saying I insulted you.
--
Cheers,
Carlos E.R.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Carlos E. R. wrote:

For you to insult our intelligence so openly and readily is disconcerting.

Not insulting. But now you are insulting me by saying I insulted you.

Well, I apologize but what you did, in my humblest of opinions, was affirm
the idiocy of Alan Baker who claimed, after me saying so for many years,
that he finally figured out who I was on the XDA developers web site.

If it take both of you five years to figure out that which was never
hidden, then you have no right to insult me like you did in your response.

I could insult you, but I won't because my reason for posting to you was to ask you to stop responding to Alan Baker's idiocy as if he's making a claim that holds water.

He was intimating I was trolling by having a different moniker on a
different web site & you affirmed that idiocy, where both of you acted like children.

I take offense when you act like a child when trying to insult me.
Since you're so desperate to insult me, at least have a cause by God.

Especially as your attempted insult is because I used a name on the XDA
site which is the name of my phone and I said so for five years here.

It's insulting that you agreed with Alan Baker's insults, especially as
your insult is that I used the name of my phone on XDA's web site.

1. I've said so for five years here.
2. I've posted my own thread links scores of times here.
3. I post the same images there and here.
4. The same text.
5. The same phone.

The same everything.
And yet, you are so desperate to insult me, you call me a troll.

For that?
Nobody is as transparent on that as I am, Carlos.

And yet, you are so desperate to insult me that you back up Alan?
I already dealt with s|b who is desperate to insult me today.
And I dealt with Kerr-Mudd who is also desperate to insult me.

All you guys have the same inferiority complex apparently.
Get rid of it.

Or at least focus your inferiority complex on someone else.
I'm trying to make progress here with this privacy thread.

Which you are desperate to derail with untoward insults.
By acting like a child.

If it takes you five years to figure that out, there's a problem,
but I don't mind you acting like a child if you weren't so desperate to
insult me by doing so.

At least have a real reason for insulting me, Carlos.
It's actually insulting you can't even come up with a valid insult.

With the XDA threads, I did everything right.
At least try to insult me for something that I actually did wrong.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

R.Wieser wrote:

There are enough
people left here who's posts are worth reading.

Hi Rudolph Weiser,

All the trolls who have never added an ounce of value in their lives
are coming out to attack this thread topic for some strange reason.

Why are they so desperate to prove they lack the ability to add value?

s|b
Alan Baker
Kerr-Mudd John
Rudolph Weiser

Each of them is desperate to post something (anything) even as
not one of them even comprehends what the topic is.

As a simple test, when you post again, Rudolph, please first
state what you think the topic of this thread is about.
--
I'm spelling Rudolph Weiser's name correctly; he is not.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-11 16:03, Maria Sophia wrote:

Carlos E. R. wrote:

For you to insult our intelligence so openly and readily is
disconcerting.

Not insulting. But now you are insulting me by saying I insulted you.

Well, I apologize but what you did, in my humblest of opinions, was
affirm the idiocy of Alan Baker who claimed, after me saying so for many years, that he finally figured out who I was on the XDA developers web
site.

"Finally figured out"?

No. I'd never ever checked before and stumble across your userID when I
did a web search to s

If it take both of you five years to figure out that which was never
hidden, then you have no right to insult me like you did in your response.

He didn't insult you. You made that bit up.

I could insult you, but I won't because my reason for posting to you was
to ask you to stop responding to Alan Baker's idiocy as if he's making a claim that holds water.

He was intimating I was trolling by having a different moniker on a different web site & you affirmed that idiocy, where both of you acted
like children.

Nope. I was simply amused that your style was so obvious.

I take offense when you act like a child when trying to insult me.
Since you're so desperate to insult me, at least have a cause by God.

Especially as your attempted insult is because I used a name on the XDA
site which is the name of my phone and I said so for five years here.

I don't recall a single instance of you ever mention the XDA site.

But then, you change nyms so frequently that actually checking if you've
ever "said so" is challenging, isn't it?

It's insulting that you agreed with Alan Baker's insults, especially as
your insult is that I used the name of my phone on XDA's web site.

What insult?

"BTW, is this you:

<https://xdaforums.com/m/galaxya325g.11604613/>

I read a couple of posts, and it sounds exactly like you, Arlen! "

How is that or anything else I wrote an insult?

1. I've said so for five years here.

You've also said that iOS can't possibly act as an SMB server on
standard ports.

2. I've posted my own thread links scores of times here.

Assuming anyone ever bother to look, how would know that they were users...

...assuming they even exist?

3. I post the same images there and here.
4. The same text.
5. The same phone.

The same everything.
And yet, you are so desperate to insult me, you call me a troll.

I've read his post from which you claim "insult"...

"Yes, it is him.

This time he wrote a post where he said his new name. "

...and you're a liar if you say he called you a "troll"

For that?
Nobody is as transparent on that as I am, Carlos.

And yet, you are so desperate to insult me that you back up Alan?
I already dealt with s|b who is desperate to insult me today.
And I dealt with Kerr-Mudd who is also desperate to insult me.

All you guys have the same inferiority complex apparently.
Get rid of it.

LOL!

Or at least focus your inferiority complex on someone else.
I'm trying to make progress here with this privacy thread.

Which you are desperate to derail with untoward insults.
By acting like a child.

If it takes you five years to figure that out, there's a problem, but I don't mind you acting like a child if you weren't so desperate to insult
me by doing so.

No insult was given, Liar.

At least have a real reason for insulting me, Carlos.
It's actually insulting you can't even come up with a valid insult.

With the XDA threads, I did everything right.
At least try to insult me for something that I actually did wrong.

No one insulted you, Liar.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-11 16:03, Maria Sophia wrote:

Carlos E. R. wrote:

For you to insult our intelligence so openly and readily is
disconcerting.

Not insulting. But now you are insulting me by saying I insulted you.

Well, I apologize but what you did, in my humblest of opinions, was
affirm the idiocy of Alan Baker who claimed, after me saying so for many years, that he finally figured out who I was on the XDA developers web
site.

The truly amusing part is that your narcissism imagines yourself as
important enough to any of us that we would bother to try to "figure
out" anything about you at all.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Jeff Layman wrote:

Still, it's a great datapoint where the next question I'd ask of you and
anyone who has any apps with read permission to their contacts, is are you >> surprised at the number which you found out that "could" read contacts?

I'm never surprised by anything in Android which compromises privacy.
It's interesting to compare the approach to giving information about an
app in the Google Play Store and F-Droid. The latter clearly has a
section entitled "Permissions" which show what the app will be able to access (and perhaps modify). Not so the Play Store, which has a vague section called "Data Safety".

Hi Jeff,

I agree with anyone who makes a logically sentient statement, where I agree that the Google Play Store is inferior to F-Droid in listing pernicious permissions, and, let's be clear, Aurora's replacement to the Google Play
Store client at least lists which apps incorporate GSF which is helpful.

There's a reason I uninstalled the Google Play Store app years ago. :)

And I have no problem installing apps from the Google Play Store repo
without a Google Account on the phone, so it works better w/o it.

To your very point, on F-Droid s website or within the client, each app s
page lists the permissions it requests.

For example, the open-source
Contacts app explicitly states it requires permission to |read your
contacts. <https://f-droid.org/packages/com.vayunmathur.contacts/>

Interestingly, your comment made me dig a bit, which is refreshsing after having responded to the trolls attempting to derail this discussion because they can't add any value, it turns out that F-Droid hosts an app called Permissions Summary which scans your installed apps and lists which ones
have access to sensitive permissions, including Contacts (read/write).
However, it only shows user-installed apps with |dangerousi permissions
(like contacts, camera, microphone, location, etc.) that require explicit runtime approval.
<https://f-droid.org/packages/com.simpol.permissionssummary/>

I just downloaded it but it will take a while to test it for the team.
<https://f-droid.org/repo/com.vayunmathur.contacts_6.apk>
Name: com.vayunmathur.contacts_6.apk
Size: 24131675 bytes (23 MiB)
SHA256: A348428B9C0E8526C021C49366B44563C6851FCEE8480C9046B516F466EE75C6

Drat. It crashes every time. Can you (or someone also helpful) test it
for the team? It seems like a decent app to get the "real" permissions.

In addition, you have Muntashirakon App Manager, which everyone on this newsgroup is well aware of as the best of the best of FOSS Android apps.

For any installed app, AM shows:
Requested permissions
Granted vs. denied
Whether the permission is runtime, dangerous, signature, or special
Whether it was auto-granted by the system
So we can instantly see if an app has:
android.permission.READ_CONTACTS
android.permission.WRITE_CONTACTS
android.permission.GET_ACCOUNTS (related to contacts
But of course, that's on an app-by-app basis, so it's good, but manual.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-11 08:38, Maria Sophia wrote:

s|b wrote:

On Tue, 10 Feb 2026 16:52:54 -0500, Maria Sophia wrote:

Most people have no idea how many apps can read their contacts.
-aadb shell dumpsys package > dump.txt
-agrep -Ff pkgs.txt dump.txt | grep "READ_CONTACTS: granted=true" >
read.txt

We get it; you're (pretending to be) 1337.

I just go to

Instellingen > Beveiliging en privacy > Privacyopties > Rechtenbeheer >
Contacten en accounts

Everybody can do that.

I never disagree with anyone, no matter who they are, if/when they make a logically sensible statement which is based on evidence and fact.

Well that is plainly bullshit.


--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-11 16:31, Maria Sophia wrote:

Jeff Layman wrote:

Still, it's a great datapoint where the next question I'd ask of you and >>> anyone who has any apps with read permission to their contacts, is
are you
surprised at the number which you found out that "could" read contacts?

I'm never surprised by anything in Android which compromises privacy.
It's interesting to compare the approach to giving information about
an app in the Google Play Store and F-Droid. The latter clearly has a
section entitled "Permissions" which show what the app will be able to
access (and perhaps modify). Not so the Play Store, which has a vague
section called "Data Safety".

Hi Jeff,

I agree with anyone who makes a logically sentient statement,

Well that is plainly bullshit.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-11 08:57, Maria Sophia wrote:

s|b wrote:

On Tue, 10 Feb 2026 13:56:45 -0800, Alan wrote:

How in the hell does that sentence make sense?

Can someone help me out here?

Arlen is hallucinating.

There's an entire thread on the Windows newsgroup about your incessant trolling where once you trolls infest a newsgroup, you ruin the threads.

This is an Android newsgroup. Not your personal troll forum.

This is an Android question about contacts privacy.
Not your personal troll repository.

I'm going to ask you nicely, s|b, that if you have no capability of contributing to the contact-privacy topic, then please stop trolling us.

We're adults

Well that...

...(based on your inclusion among the "we")...

...is plainly bullshit.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Andy Burns wrote:

Maria Sophia wrote:

Did you get that number from the GUI or from dumpsys?

The Permissions Manager in Settings.

Thanks. I don't trust that GUI for the stated reasons.

But even so, your number (17) is more realistic given how many system apps
have read permission on the contacts that can't be revoked sans rooting.

Since this question is really all about basic human decency, and since I'm
well aware what everyone else but me does, the thread is really opened to
learn more about contacts and to help teach why they're so dangerous.

There were people on the other thread who claimed they had complete control
of their contacts, where this thread pretty much proves that a fallacy.

Just like Germany & Japan thought they had complete control of their
ciphers in WWII, nobody has complete control over their contacts.

Except me. :)

In case my optimism is unwarranted, I challenge anyone to dispute that.
But remember, my contacts sqlite database is empty (or poisoned if I like).

So they'd have to challenge my rightful smugness on whether or not DOpen Contacts' private /data/data storage is open to attack, or if the FOSS
app itself is doing malicious things (which I haven't checked if it does).

My point is that most people are not as considerate as I am but I'm not expecting them to all of a sudden be decent to their fellow contacts.

But I do expect them to think about how to protect their contacts.
Maybe not as much as I have.

But at least a little bit for them to think about what respect means.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Maria Sophia wrote:

Andy Burns wrote:

Maria Sophia wrote:

Did you get that number from the GUI or from dumpsys?

The Permissions Manager in Settings.

Thanks. I don't trust that GUI for the stated reasons.
But even so, your number (17) is more realistic given how many system apps have read permission on the contacts that can't be revoked sans rooting.

The apps listed as /actually/ using their contacts permission are

Contacts
Google
Pixel Watch
Messages
Phone
Signal
Thunderbird
SMS Backup & Restore

Which feels reasonable, the final app in the list is one that I have
used for years (back to when I ran custom ROMs and didn't want to lose
call history and SMS conversations each time I flashed the phone, I
think syncing to a google account does the same thing these days, but I
leave that app doing a belt-n-braces export to XML files in my Gdrive.

Play services does occasionally warn that it is an old app and might not
be trustworthy, maybe I should stop running it ...


--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 12/02/2026 00:31, Maria Sophia wrote:

Jeff Layman wrote:

Still, it's a great datapoint where the next question I'd ask of you and >>> anyone who has any apps with read permission to their contacts, is are you >>> surprised at the number which you found out that "could" read contacts?

I'm never surprised by anything in Android which compromises privacy.
It's interesting to compare the approach to giving information about an
app in the Google Play Store and F-Droid. The latter clearly has a
section entitled "Permissions" which show what the app will be able to
access (and perhaps modify). Not so the Play Store, which has a vague
section called "Data Safety".

Hi Jeff,

I agree with anyone who makes a logically sentient statement, where I agree that the Google Play Store is inferior to F-Droid in listing pernicious permissions, and, let's be clear, Aurora's replacement to the Google Play Store client at least lists which apps incorporate GSF which is helpful.

There's a reason I uninstalled the Google Play Store app years ago. :)

And I have no problem installing apps from the Google Play Store repo
without a Google Account on the phone, so it works better w/o it.

To your very point, on F-DroidN++s website or within the client, each appN++s page lists the permissions it requests.

For example, the open-source
Contacts app explicitly states it requires permission to N++read your contacts. <https://f-droid.org/packages/com.vayunmathur.contacts/>

Interestingly, your comment made me dig a bit, which is refreshsing after having responded to the trolls attempting to derail this discussion because they can't add any value, it turns out that F-Droid hosts an app called Permissions Summary which scans your installed apps and lists which ones
have access to sensitive permissions, including Contacts (read/write). However, it only shows user-installed apps with N++dangerousN++ permissions (like contacts, camera, microphone, location, etc.) that require explicit runtime approval. <https://f-droid.org/packages/com.simpol.permissionssummary/>

I just downloaded it but it will take a while to test it for the team.
<https://f-droid.org/repo/com.vayunmathur.contacts_6.apk>
Name: com.vayunmathur.contacts_6.apk
Size: 24131675 bytes (23 MiB)
SHA256: A348428B9C0E8526C021C49366B44563C6851FCEE8480C9046B516F466EE75C6

Drat. It crashes every time. Can you (or someone also helpful) test it
for the team? It seems like a decent app to get the "real" permissions.

I installed that Contacts app (Vayun Mather) but on running it crashes
for me too with an error message: "Contacts keeps stopping".

I also installed Permissions Summary and ran that, but it seems to give
less info than my phone Settings info which I posted earlier. For
example, it reports only FairEmail as accessing Contacts.

I've uninstalled both.

In addition, you have Muntashirakon App Manager, which everyone on this newsgroup is well aware of as the best of the best of FOSS Android apps.

For any installed app, AM shows:
Requested permissions
Granted vs. denied
Whether the permission is runtime, dangerous, signature, or special
Whether it was auto-granted by the system
So we can instantly see if an app has:
android.permission.READ_CONTACTS
android.permission.WRITE_CONTACTS
android.permission.GET_ACCOUNTS (related to contacts
But of course, that's on an app-by-app basis, so it's good, but manual.

Yes, I had looked at what it reports for permissions, but going through hundreds of apps manually was not feasible.
--
Jeff
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-12 01:03, Maria Sophia wrote:

Carlos E. R. wrote:

For you to insult our intelligence so openly and readily is
disconcerting.

Not insulting. But now you are insulting me by saying I insulted you.

Well, I apologize but what you did, in my humblest of opinions, was
affirm the idiocy of Alan Baker who claimed, after me saying so for many years, that he finally figured out who I was on the XDA developers web
site.

If it take both of you five years to figure out that which was never
hidden, then you have no right to insult me like you did in your response.

I could insult you, but I won't because my reason for posting to you was
to ask you to stop responding to Alan Baker's idiocy as if he's making a claim that holds water.

He was intimating I was trolling by having a different moniker on a different web site & you affirmed that idiocy, where both of you acted
like children.

I take offense when you act like a child when trying to insult me.
Since you're so desperate to insult me, at least have a cause by God.

Arlen, I was not even trying to insult you. I only commented on
something he said, which wasn't either insulting. You may not agree with
him, you may have a past history with him, but he made a question and I replied, that's all.
--
Cheers,
Carlos E.R.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-11 12:19, Carlos E. R. wrote:

On 2026-02-11 02:03, Alan wrote:

BTW, is this you:

<https://xdaforums.com/m/galaxya325g.11604613/>

I read a couple of posts, and it sounds exactly like you, Arlen!

Yes, it is him.

This time he wrote a post where he said his new name.

Oh, I made a mistake. I thought that link above was a link to some
thread here on Usenet, so I did not even look. I don't know if Arlen
writes in that xda thing.

I only meant that Maria Sophia is Arlen.
--
Cheers,
Carlos E.R.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-12 01:41, Maria Sophia wrote:

Andy Burns wrote:

Maria Sophia wrote:

Did you get that number from the GUI or from dumpsys?

The Permissions Manager in Settings.

Thanks. I don't trust that GUI for the stated reasons.
But even so, your number (17) is more realistic given how many system apps have read permission on the contacts that can't be revoked sans rooting.

Since this question is really all about basic human decency, and since I'm well aware what everyone else but me does, the thread is really opened to learn more about contacts and to help teach why they're so dangerous.

There were people on the other thread who claimed they had complete control of their contacts, where this thread pretty much proves that a fallacy.

Arlen, that a number of apps have read access to the contact list is of
no consequence at all.

My privacy and that of my contacts is safe.
--
Cheers,
Carlos E.R.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On Wed, 11 Feb 2026 11:57:53 -0500, Maria Sophia wrote:

8<snip 8

There's an entire thread on the Windows newsgroup about your incessant trolling where once you trolls infest a newsgroup, you ruin the threads.

Not seeing it. Got a message-id?

Also, pot... kettle...

This is an Android newsgroup.
Not your personal troll forum.

I'm not the one changing my handle all the time, Arlen. Nymshifting is
typical troll behaviour.

(Added [OT] to the Subject, so people can kill filter this subthread.)
--
s|b
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On Wed, 11 Feb 2026 21:52:37 +0100, R.Wieser wrote:

John,

I'm giving up on this group. Well done "purposely helpful" Arlen.

Put him into your killfile. Most newsgroup clients will than also hide all responses (and responses to them, etc.) to his posts too.

8< snip >

I usually do*, but then he invents another handle again. Someone should
keep a list.




* Just created a global kill filter (again).
--
s|b
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

s|b,

I usually do*, but then he invents another handle again. Someone
should keep a list.

:-) Some of us already do - in the form of a killfile.

Regards,
Rudy Wieser


--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

s|b,

I'm not the one changing my handle all the time, Arlen.
Nymshifting is typical troll behaviour.

And his "you are {something bad}" rethoric is nothing more than him trying
to change the subject. Tell him to prove his claim, and he will drop the whole issue like its a hot potato.

And he's far from origional : just after John mentions he wants to drop this newsgroup because of Arlen, Arlen comes up with the idea that its actually /you/ who is causing it.

(Added [OT] to the Subject, so people can kill filter this subthread.)

Perhaps better : prefix an [Arlen] tag ([OT] is already in use for something else).

Regards,
Rudy Wieser


--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-12 03:28, Carlos E. R. wrote:

On 2026-02-12 01:03, Maria Sophia wrote:

Carlos E. R. wrote:

For you to insult our intelligence so openly and readily is
disconcerting.

Not insulting. But now you are insulting me by saying I insulted you.

Well, I apologize but what you did, in my humblest of opinions, was
affirm the idiocy of Alan Baker who claimed, after me saying so for
many years, that he finally figured out who I was on the XDA
developers web site.

If it take both of you five years to figure out that which was never
hidden, then you have no right to insult me like you did in your
response.

I could insult you, but I won't because my reason for posting to you
was to ask you to stop responding to Alan Baker's idiocy as if he's
making a claim that holds water.

He was intimating I was trolling by having a different moniker on a
different web site & you affirmed that idiocy, where both of you acted
like children.

I take offense when you act like a child when trying to insult me.
Since you're so desperate to insult me, at least have a cause by God.

Arlen, I was not even trying to insult you. I only commented on
something he said, which wasn't either insulting. You may not agree with him, you may have a past history with him, but he made a question and I replied, that's all.

But to a narcissist like Arlen...
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Carlos E. R. wrote:

he made a question and I replied, that's all.

Hi Carlos,

Given both you and I have added tremendous value to the technical knowledge level of this newsgroup, and given you replied to Alan Baker, who has not, allow me to only ask you this question since we need to stay on topic here.

Q: What value has Alan Baker ever added to this Android ng in his life?
A: ?

Do not respond if you can't answer that question, since it's about you amplifying off-topic trolls, so it's not actually a simple question.

There's a reason I plonk Alan Baker, Snit, Joerg Lorenz and others.

My request to you is not to amplify their trolls so that we can stick to
the topic of this thread, which, clearly, is all about contact management.

Once you answer the question above about your amplification of trolls,
then I would like to ask you to explore your point of view on contacts.

In one of your rare on-topic posts in this thread, you said (verbatim):
"That a number of apps have read access to the contact list is
of no consequence at all. My privacy and that of my contacts is safe."

Staying on topic and ignoring your previous unwarranted trolling as water
under the Usenet bridge, I openly state that I agree with your first
sentence if you also append "to me" at the end (meaning, you don't care
about others' privacy - which is fine - as that's your prerogative).

But you not being respectful of other people's privacy does not equate to
you claiming, sans any evidence, that your "contacts are safe".

Since we don't need to disagree with your first sentence, as you don't have
to give your friends and relatives any respect, the latter is an issue.

Q: Why do you think your "contacts are safe"?
A:

Do you even *know* what apps are uploading your contacts to the net?
--
What's needed with people being entrusted with other people's private information is that they need to be respectful of that trust in them.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-12 13:35, Maria Sophia wrote:

Carlos E. R. wrote:

he made a question and I replied, that's all.

Hi Carlos,
Given both you and I have added tremendous value to the technical knowledge level of this newsgroup, and given you replied to Alan Baker, who has
not, allow me to only ask you this question since we need to stay on
topic here.

Q: What value has Alan Baker ever added to this Android ng in his life?
A: ?

I provided you the technical knowledge that Android doesn't present its
real filesystem to Windows when connected via USB...

...at which point you pivoted away from your earlier claim.

Do not respond if you can't answer that question, since it's about you amplifying off-topic trolls, so it's not actually a simple question.

There's a reason I plonk Alan Baker, Snit, Joerg Lorenz and others.

My request to you is not to amplify their trolls so that we can stick to
the topic of this thread, which, clearly, is all about contact management.

Once you answer the question above about your amplification of trolls,
then I would like to ask you to explore your point of view on contacts.

You didn't ask a question about the "amplification of trolls", now did you?

In one of your rare on-topic posts in this thread, you said (verbatim):
"That a number of apps have read access to the contact list is
-aof no consequence at all. My privacy and that of my contacts is safe."

Staying on topic and ignoring your previous unwarranted trolling as water

There was no "trolling".

I asked a question and he answered it.

You then accused both of us of insulting you.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Jeff Layman wrote:

Drat. It crashes every time. Can you (or someone also helpful) test it
for the team? It seems like a decent app to get the "real" permissions.

I installed that Contacts app (Vayun Mather) but on running it crashes
for me too with an error message: "Contacts keeps stopping".

Hi Jeff,

Thanks for adding on-topic technical value to the privacy discussion.

Wow. I appreciate that you tested the app for the team. Most people on
Usenet aren't as helpful as you and I am in that respect. Much appreciated. Sorry it was a waste of your valuable time, but we saved others' time.

We're trying to solve a very real gap in Android 12+ which is to find a
simple, reliable, on-device app that can list all packages holding a
specific permission (e.g., READ_CONTACTS) without root.

The built-in Samsung permission UI is too coarse, adb dumpsys is too huge,
and the F-Droid "Contacts Permission Viewer" app crashes on modern devices

I also installed Permissions Summary and ran that, but it seems to give
less info than my phone Settings info which I posted earlier. For
example, it reports only FairEmail as accessing Contacts.

I've uninstalled both.

Thank you for testing these two apps, which helps others on the team.
<https://f-droid.org/repo/com.vayunmathur.contacts_6.apk>

<https://f-droid.org/packages/com.simpol.permissionssummary/>
Permission Summary is a lightweight, open source Android app
that helps you quickly check which apps have access to sensitive
permissions on your device iX in just a few seconds.

The app only lists user-installed apps and only those with
dangerous permissions. These are permissions Android classifies
as potentially privacy-invasive and require explicit runtime approval.
Permissions Checked:
... snip ...
Contacts - Read, write, or access contact data and accounts
... snip ...
Non-dangerous permissions like INTERNET, POST_NOTIFICATIONS,
and BLUETOOTH are intentionally excluded to reduce noise.

<https://f-droid.org/repo/com.simpol.permissionssummary_130.apk>
Name: com.simpol.permissionssummary_130.apk
Size: 5070639 bytes (4951 KiB)
SHA256: F1D43B111346C3BB39CCA97DCFA4DDACA778DD9F2422716196ED4E64044B347E

In my tests, it came up with a "Permissions Summary" screen with each of
the types of permissions listed in blue buttons, one of which was
"Contacts" but in my case, it said "11 apps have this permission".

We both know that's dead wrong, but I hit the down arrow and it
brought up the 11 apps that it found with read-contacts permission.
1. Barcode Scanner <com.google.zxing.client.android>
2. Barcode Scanner+ <com.srowen.bs.android>
3. Calendar Import-Export <org.sufficientlysecure.ical>
4. Etar Calendar <ws.xsoh.etar>
5. Import Contacts <am.ed.importcontacts>
6. Export Contacts <am.ed.exportcontacts>
7. GPS to SMS <ru.perm.trubnikov.gps2sms>
'8. Pulse <xyz.klinker.messenvger>
9. SMS Backup & Restore <com.riteshsahu.SMSBackupRestore>
10. Smart Switch <com.sec.android.easyMover>
11. WhatsApp <com.whatsapp>
Each of which, when clicked, takes us to that app's settings
page in the Android settings (which is a nice feature).

These are all
a. User-installed
b. Declared READ_CONTACTS
c. Granted READ_CONTACTS
d. Visible to the app under Android 13's restrictions
But about 60 apps are known by me to be invisible to it.

This is my main strategic-intelligence point about contacts privacy.

Most people who think there is no privacy issue have absolutely no idea whatsoever which packages have access to their personal contacts.

Including me!
In my case, it doesn't matter because my contacts db is empty.

But the fact is almost nobody is as respectful as I am to our friends and family so it's very important for other people to understand the point.

There's also three dots at the top right for "Trusted List" but I think it simply hides apps you check from the main permission-summary screen.

I agree with you if I go to my unrooted Android 13 Samsung Settings >
Security and privacy > Privacy > Permission manager > Contacts
it says "15 of 60 Allowed", which again, we know is a brazen lie.

Interestingly, when I go to that lookup, it crashes the already running Permissions Summary app, which is interesting but not diagnostic.

What all of us should take out of this is that unless we run an adb
dumpsys, everything we "think" about which packages are accessing our
contacts, is overly optimistic (and hence, it under counts the real privacy issues). But my dumpsys is over two hundred thousand lines long.

Worse, a simple grep/findstring won't catch all that we want because the
name of the package is an indeterminate number of lines above the string
Package [com.cemique.shortcutwidgets]
... snip ...
"READ_CONTACTS: granted=true"
... snip ...
Package [am.ed.importcontacts] (the next app in the list)

Those who think their contacts "are safe" are not basing that on facts
since, without running adb dumpsys, there is no known reliable way to tell.

If there was, we'd likely know it by now, but what I'll do is ask the
question on the XDA developers web site, which sometimes knows more than we
do here (but most of the time, they know less than we do about Android).

In addition, you have Muntashirakon App Manager, which everyone on this
newsgroup is well aware of as the best of the best of FOSS Android apps.

For any installed app, AM shows:
Requested permissions
Granted vs. denied
Whether the permission is runtime, dangerous, signature, or special
Whether it was auto-granted by the system
So we can instantly see if an app has:
android.permission.READ_CONTACTS
android.permission.WRITE_CONTACTS
android.permission.GET_ACCOUNTS (related to contacts
But of course, that's on an app-by-app basis, so it's good, but manual.

Yes, I had looked at what it reports for permissions, but going through hundreds of apps manually was not feasible.

Yup. Thanks for looking. I agree with you wholeheartedly that, while Muntashirakon App Manager is one of the best apps on Android, it doesn't
output what I want, which is a list of all apps with contacts permission.

Only adb dumpsys does that (to my knowledge).

My main strategic-intelligence point here is if we are to make any rational Occam's Razor type assessment of the privacy of our contacts, we need to
know two things which almost nobody knows (least of all me) which are:

Q: Which apps have read permission to our contacts?, and,
Q: What are they doing with it?

Note for me, neither matters because I keep my contacts sqlite database
empty but only 6 out of a million people know what I know about privacy.

It's all about intelligent respect for the decency of human privacy.

For most people, if they don't know the answer to those two contacts
questions, then they can't say with certainty that they protected them.
--
What's needed with people being entrusted with other people's private information is that they need to be respectful of that trust in them.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-12 14:31, Maria Sophia wrote:

Jeff Layman wrote:

Drat. It crashes every time. Can you (or someone also helpful)
test it for the team? It seems like a decent app to get the
"real" permissions.

I installed that Contacts app (Vayun Mather) but on running it
crashes for me too with an error message: "Contacts keeps
stopping".

Hi Jeff,

Thanks for adding on-topic technical value to the privacy
discussion.

Wow. I appreciate that you tested the app for the team. Most people
on Usenet aren't as helpful as you and I am in that respect. Much appreciated. Sorry it was a waste of your valuable time, but we
saved others' time.

What "team", you narcissist?
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-12 22:35, Maria Sophia wrote:

Carlos E. R. wrote:

he made a question and I replied, that's all.

Hi Carlos,
Given both you and I have added tremendous value to the technical knowledge level of this newsgroup, and given you replied to Alan Baker, who has
not, allow me to only ask you this question since we need to stay on
topic here.

Q: What value has Alan Baker ever added to this Android ng in his life?
A: ?

Arlen, you do not decide who I answer or why or what I write. Not even
what is of value to others.

...
--
Cheers,
Carlos E.R.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Carlos E. R. wrote:

you do not decide who I answer or why or what I write. Not even
what is of value to others.

My request to you is not to amplify their trolls so that we can stick to
the topic of this thread, which, clearly, is all about contact management.

Once you answer the question above about your amplification of trolls,
then I would like to ask you to explore your point of view on contacts.

In one of your rare on-topic posts in this thread, you said (verbatim):
"That a number of apps have read access to the contact list is
of no consequence at all. My privacy and that of my contacts is safe."

Staying on topic and ignoring your previous unwarranted trolling as water
under the Usenet bridge, I openly state that I agree with your first
sentence if you also append "to me" at the end (meaning, you don't care
about others' privacy - which is fine - as that's your prerogative).

But you not being respectful of other people's privacy does not equate to
you claiming, sans any evidence, that your "contacts are safe".

Since we don't need to disagree with your first sentence, as you don't have
to give your friends and relatives any respect, the latter is an issue.

Q: Why do you think your "contacts are safe"?
A:

Do you even *know* what apps are uploading your contacts to the net?
--
Those who most deprecate privacy are often blissfully unaware that they, themselves, are the ones who are being disrespectful of others' privacy.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

On 2026-02-13 18:34, Maria Sophia wrote:

Carlos E. R. wrote:

you do not decide who I answer or why or what I write. Not even what
is of value to others.

My request to you is not to amplify their trolls so that we can stick to
the topic of this thread, which, clearly, is all about contact management.

Once you answer the question above about your amplification of trolls,
then I would like to ask you to explore your point of view on contacts.

In one of your rare on-topic posts in this thread, you said (verbatim):
"That a number of apps have read access to the contact list is
-aof no consequence at all. My privacy and that of my contacts is safe."

Staying on topic and ignoring your previous unwarranted trolling as water under the Usenet bridge, I openly state that I agree with your first
sentence if you also append "to me" at the end (meaning, you don't care
about others' privacy - which is fine - as that's your prerogative).

But you not being respectful of other people's privacy does not equate to
you claiming, sans any evidence, that your "contacts are safe".

That's your claim, and we do not accept it. We are all respectful of
other people privacy when using the Android contact app.

Since we don't need to disagree with your first sentence, as you don't have to give your friends and relatives any respect, the latter is an issue.

Q: Why do you think your "contacts are safe"?
A:
Do you even *know* what apps are uploading your contacts to the net?

--
Cheers,
Carlos E.R.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Carlos E. R. <robin_listas@es.invalid> wrote:

On 2026-02-13 18:34, Maria Sophia wrote:

[...]

That's your claim, and we do not accept it. We are all respectful of
other people privacy when using the Android contact app.

I think it's rather disrespectful of 'Arlen' to put the names and
e-mail addresses of his contacts "on the cloud".

And no 'Arlen', this is not trolling, this is just exposing the
inconsistency in your argument.

And yes 'Arlen', I've made this argument before and you ignored it and silently snipped it. We wonder why.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Frank Slootweg wrote:

That's your claim, and we do not accept it. We are all respectful of
other people privacy when using the Android contact app.

I think it's rather disrespectful of 'Arlen' to put the names and
e-mail addresses of his contacts "on the cloud".

And no 'Arlen', this is not trolling, this is just exposing the inconsistency in your argument.

And yes 'Arlen', I've made this argument before and you ignored it and silently snipped it. We wonder why.

Hi Frank,

You are misrepresenting what I actually do with contacts.

My setup is simple. The system contacts database on my phone is empty
and I use a separate, sandboxed contacts app which stores its data in
its own database. That means the many packages with read permission
on the system contacts provider have nothing at all to read.

I do not store my contacts in any public cloud service. If you have a
specific quote where I said otherwise, please feel free to point to it.

If you see a technical inconsistency in that model, describe it in
concrete terms and we can talk about it. Personal remarks about my
respect for privacy do not change how the data flows actually work.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Frank Slootweg <this@ddress.is.invalid> writes:

Yes, you do store the names and e-mail addresses of your contacts on a public service, you just don't realize it. The public service you use is
as liable to leaking contact information as the Google service you don't (want to) use. That's the inconsistency in your argument.

That's not the way I read it. I read it as he doesn't use the contacts
app, he puts his contacts somewhere else, presumably somewhere which is
not stored or backed up to the cloud. (Although Google Contacts are
encrypted in the cloud anyway, so it is only on the phone where apps
have permission to read them that it matters).
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: comp.mobile.android

Frank Slootweg <this@ddress.is.invalid> writes:

Richmond <dnomhcir@gmx.com> wrote:

Frank Slootweg <this@ddress.is.invalid> writes:

Yes, you do store the names and e-mail addresses of your contacts on a >> > public service, you just don't realize it. The public service you use is >> > as liable to leaking contact information as the Google service you don't >> > (want to) use. That's the inconsistency in your argument.

That's not the way I read it. I read it as he doesn't use the contacts
app, he puts his contacts somewhere else, presumably somewhere which is
not stored or backed up to the cloud.

I'm not commenting on what he says, but on what he does *not* say, but still *does*, without realizing it.

OK, what is it he does without realising it, and how did you know about
it if he didn't?
--- Synchronet 3.21b-Linux NewsLink 1.2