Privacy is a million things where most people only know four or five of those million things, and just one of those million things that most
people don't know is to keep their contacts sqlite database completely
empty on Android.
Carlos E.R. wrote:
On 2026-02-05 19:47, Maria Sophia wrote:
Privacy is a million things where most people only know four or five
of those million things, and just one of those million things that
most people don't know is to keep their contacts sqlite database
completely empty on Android.
We do know. We choose to disregard.
But then you must ask for permission from each contact for you to store
their private information on the cloud, which is a lot of work, is it not?
On 2026-02-05 22:32, Maria Sophia wrote:
Carlos E.R. wrote:
On 2026-02-05 19:47, Maria Sophia wrote:
Privacy is a million things where most people only know four or five
of those million things, and just one of those million things that
most people don't know is to keep their contacts sqlite database
completely empty on Android.
We do know. We choose to disregard.
But then you must ask for permission from each contact for you to store their private information on the cloud, which is a lot of work, is it not?
No, I don't have to. Not in Europe.
Carlos E.R. <robin_listas@es.invalid> wrote:
On 2026-02-05 22:32, Maria Sophia wrote:
Carlos E.R. wrote:No, I don't have to. Not in Europe.
On 2026-02-05 19:47, Maria Sophia wrote:
Privacy is a million things where most people only know four or five >>>>> of those million things, and just one of those million things that
most people don't know is to keep their contacts sqlite database
completely empty on Android.
We do know. We choose to disregard.
But then you must ask for permission from each contact for you to store
their private information on the cloud, which is a lot of work, is it not? >>
Not only that, but the contact information isn't stored "on the cloud"
in the first place. But "on the cloud" sounds so conveniently scary, so
why say where it's actually stored, when you can lie about it being "on
the cloud"?
BTW, "*on* the cloud" isn't that bad anyway, but I digress ...
As to the original 'Subject:': What happened to Wi-Fi?
On 2026-02-05 22:32, Maria Sophia wrote:
Carlos E.R. wrote:
On 2026-02-05 19:47, Maria Sophia wrote:
Privacy is a million things where most people only know four or five
of those million things, and just one of those million things that
most people don't know is to keep their contacts sqlite database
completely empty on Android.
We do know. We choose to disregard.
But then you must ask for permission from each contact for you to store
their private information on the cloud, which is a lot of work, is it not?
No, I don't have to. Not in Europe.
Carlos E.R. wrote:
On 2026-02-06 11:55, Frank Slootweg wrote:
Carlos E.R. <robin_listas@es.invalid> wrote:
On 2026-02-05 22:32, Maria Sophia wrote:
Carlos E.R. wrote:
On 2026-02-05 19:47, Maria Sophia wrote:
Privacy is a million things where most people only know four or five >>>>>>> of those million things, and just one of those million things that >>>>>>> most people don't know is to keep their contacts sqlite database >>>>>>> completely empty on Android.
We do know. We choose to disregard.
But then you must ask for permission from each contact for you to
store
their private information on the cloud, which is a lot of work, is
it not?
No, I don't have to. Not in Europe.
If we had to, lawyers would have jumped lot long ago at the yugular of
Google. And the regulatory bodies of several European countries. Right
now, France is suing some huge USA corporations for I don't remember
what exactly, related to privacy concerns.
And in the USA Google is also being sued for something big, too.
ÿÿ Not only that, but the contact information isn't stored "on the
cloud"
in the first place. But "on the cloud" sounds so conveniently scary, so
why say where it's actually stored, when you can lie about it being "on
the cloud"?
Google would have to state in their conditions that they are going to
make use of the contact list for something akin to publishing it.
ÿÿ BTW, "*on* the cloud" isn't that bad anyway, but I digress ...
ÿÿ As to the original 'Subject:': What happened to Wi-Fi?
Hi Carlos (and Frank),
I read EVERYTHING you both write, always, so I appreciate what you said.
Carlos & Frank bring up excellent points that just having contacts in the sqlite location on Android (or in iOS) isn't a privacy hole by itself.
Since I put together systems for a living, and since I used to have an engineering-level TSSI special access designation, I'm likely more tuned to privacy holes than most people, as I've seen "how they work out there".
Most people, I'd wager, would be shocked at how much is hoovered about us. With that in mind, I will address Carlos' & Frank's stated concerns above.
This is a technical summary of what actually happens with contacts on
Android and why the privacy risks are not about the SQLite file itself
but about the data flows around it.
1. What is Android's local-storage model for contacts anyway?
ÿ A. Android stores contacts in a local SQLite database accessed through
ÿÿÿÿ the ContactsContract provider.
ÿ B. The file is on the device, not on a remote server, so in that narrow
ÿÿÿÿ sense it is not "on the cloud" as Frank had astutely mentioned.
ÿ C. The real issue is not the file location but which processes can read
ÿÿÿÿ it and where they send the data. That locale could be "on the cloud".
2. What about the pernicious sync adapters from the hoovering outfits?
ÿ A. Google, Samsung and other account providers register sync adapters
ÿÿÿÿ that copy the local contacts to their servers.
ÿ B. This includes backup, deduplication, and "smart" features that
ÿÿÿÿ require server side processing.
ÿ C. Once synced, the data is stored, replicated, and retained under the
ÿÿÿÿ provider's policies. Do you trust them? I don't. Not inherently.
3. What about third-party app access to your contacts list?
ÿ A. Any app granted READ_CONTACTS can query the entire address book.
ÿ B. Many apps upload the data to their own servers for contact
ÿÿÿÿ discovery, spam detection, or analytics.
ÿ C. This creates shadow profiles of people who never installed the app
ÿÿÿÿ and never consented to any processing. IMHO, that's rude.
4. I think it was Carlos who brought up the EU rules on privacy...
ÿ A. Under GDPR the people in our address book are data subjects and we
ÿÿÿÿ and the service providers are controllers or joint controllers.
ÿ B. Storing a friend's number so we can call them is usually covered by
ÿÿÿÿ legitimate interest.
ÿ C. Uploading their data to multiple foreign companies for profiling is
ÿÿÿÿ a different matter and often outside reasonable expectations.
ÿ D. Purpose limitation and data minimization apply even if the user
ÿÿÿÿ interface makes the upload look routine.
On 2026-02-06 19:22, Maria Sophia wrote:
Since I put together systems for a living, and since I used to have an
engineering-level TSSI special access designation,
I'm likely more tuned to
privacy holes than most people, as I've seen "how they work out there".
Chris wrote:
Since I put together systems for a living, and since I used to have an >>>> engineering-level TSSI special access designation,
As per usual this person can't stop self-aggrandising themselves as a
pretence for authority. And as per usual gets it wrong. There's no such
thing as TSSI. He probably means TS/SCI
https://en.wikipedia.org/wiki/List_of_U.S._security_clearance_terms
Chris,
I know EXACTLY what it is. And just like nobody who is a caver ever calls
it 'spelunking', nor do bikers call it 'driving', nobody calls it TS/SCI.
Take the case of octane ratings, for example, in organic chemistry, where I was taught in the 1960's what it meant so ever since I could drive, I would nonchalantly innocently and inquisitively ask the person filling up next to me "What's the difference between regular and premium?".
In decades of asking that question, I've only gotten the correct answer
about a half dozen times, which fits with my hypothesis that people only
know about six of the million things that they need to know about anything.
Privacy is a million things, of which people only know about a half dozen.
You don't protect against what you "think" they'll do.
You protect against what you know they 'can' do.
If you knew how much hoovering they did, oh, way back in the 80's, you'd likely be shocked with what they can do today on the Internet.
Carlos E. R. wrote:
On 2026-02-07 21:41, Maria Sophia wrote:
Take the case of octane ratings, for example, in organic chemistry,
where I
was taught in the 1960's what it meant so ever since I could drive, I
would
nonchalantly innocently and inquisitively ask the person filling up
next to
me "What's the difference between regular and premium?".
In decades of asking that question, I've only gotten the correct answer
about a half dozen times, which fits with my hypothesis that people only >>> know about six of the million things that they need to know about
anything.
You do not need to know what is the difference between regular and
premium. But I do know it. My father was a chemist and worked in an
oil refinery. One of his initial jobs was to measure the octane number
of gasoline mixtures. I think they used a small gasoline motor adapted
for variable compression and or variable advance. I don't remember
exactly and he is no longer in this world to ask him.
Hi Carlos,
I never disagree with anyone who says sentient things, where both the
common octane ratings are measured using the same standardized test engine that you remember from when you were a kid since they haven't changed.
In most of Europe they use the Motor Octane Number (MON) while in the USA
we use the AKI system (which is the average of the Research Octane Number (RON) and Motor methods (R+M)/2).
They're both measured with a motor but under very different conditions.
RON is determined at lower speed, lower temperature, and fixed ignition timing, which represents mild light-load driving. MON is measured at higher speed, higher temperature and with variable ignition timing which simulates heavy-load, high-stress operation. Because MON is the harsher test, it's usually (always?) lower than RON for the same fuel.
For example, when we see "87 octane" here in the USA, that's roughly equivalent to about 91-92 RON on your pumps
My point in bringing this up isn't that people need to know the chemistry, but that many drivers pay extra for "premium" simply because they assume a higher number must be better simply because marketing has decided to charge more for it. Marketing also "markets" it as "better", although, much like Apple marketing is brilliant lies, they never actually say so outright.
Back to the topic, a key observation is that we can port contacts easily if we "upload" them to "the cloud", but that's exactly what "they" want us to do.ÿ Once it's on "the cloud", we have lost control of our contacts.
And, since our contacts are our friends and neighbors, it's like placing everyone's data on a deck of cards and letting those cards blow in the wind around town for anyone else to pick up and use if they feel like it.
Privacy is a million things, of which people only know about a half
dozen.
You don't protect against what you "think" they'll do.
You protect against what you know they 'can' do.
If you knew how much hoovering they did, oh, way back in the 80's,
you'd likely be shocked with what they can do today on the Internet.
That they might do things with the contact list, would be breach of
contract for starters, and illegal, at least here. I don't have to
assume they do and not use the provided contact app and tools. What we
do is legal and normal usage.
Now, if I wanted secrecy, I wouldn't. I would assume the worst.
I'm not so concerned about "breach of contract" than about malefactors getting a hold of it, but I'm not saying I know of any cases where malefactors have harmed our friends and neighbors.
What I'm saying is simply that uploading ANYHTHING to the cloud is absurd when you have no need to upload anything to the cloud when backing things
up from your Android phone to the Windows PC.
For example, I've backed up my exact home screen to a file, and my ~600 user-added applications to a folder (including split APKs) and my SMS/MMS
to a folder and my contacts to a file and my calendar to a file, etc.
Have I missed anything?
What I can't back up without being root is the /data/data because my
Android is above Android 11 & Samsungs in the USA aren't rootable (AFAIK).
But much of my data is kept on the external sd card which can be popped
into another phone and all that data (e.g., map data) will still work.
The good news is that it turns out to be rather easy to back up everything (including contacts) to the PC with privacy (without using the cloud).
But I do comment, wistfully, that out of a million people, only six of them know how to do it, which is a sad statement about people (if it's true).
On 2026-02-09 18:51, Maria Sophia wrote:[...]
Back to the topic, a key observation is that we can port contacts easily if we "upload" them to "the cloud", but that's exactly what "they" want us to do.? Once it's on "the cloud", we have lost control of our contacts.
And, since our contacts are our friends and neighbors, it's like placing everyone's data on a deck of cards and letting those cards blow in the wind around town for anyone else to pick up and use if they feel like it.
Sorry, I do not agree. They are still my contacts, and they are not
shared with google.
What I'm saying is simply that uploading ANYHTHING to the cloud is absurd when you have no need to upload anything to the cloud when backing things up from your Android phone to the Windows PC.
I do not agree. It is far more convenient, easier, safe enough, and
private enough.
Frank Slootweg wrote:
As long as he keeps misrepresenting what's really happening, there's
just no point rehashing this (non-)issue till the cows come home.
Hi Frank,
I get it that you can't resist throwing personal insults in every post even though I wasn't speaking with you and Carlos and I were talking science.
If you can't attack the facts, you attack the person speaking the facts.
Carlos E. R. wrote:
Marketing also "markets" it as "better", although, much like
Apple marketing is brilliant lies, they never actually say so outright.
We just have to trust the sales guy from the car company. "Just use
regular as long as they make it."
There was a decision to ditch regular, but it is always postponed.
Hi Carlos,
Just like with leaded gas, they can't just ditch the higher-octane-rated fuels without actually changing the engines, although truth be told, knock sensors retard timing nowadays when engines feel detonation pinging.
If a new vehicle gas-cap door doesn't have a sticker saying that the higher octane rated gasoline isn't needed then there's zero advantage to using it.
I's actually worse gas for cars that don't need it, which isn't going to be able to be measured by us, but I still think it's kind of funny that out of
a million people, only about 6 know that the more expensive fuel is worse.
Marketing "teaches" people everything they "think" they know about science.
Back to the topic, a key observation is that we can port
contacts easily if we "upload" them to "the cloud", but that's
exactly what "they" want us to do.' Once it's on "the cloud", we
have lost control of our contacts.
And, since our contacts are our friends and neighbors, it's like
placing everyone's data on a deck of cards and letting those
cards blow in the wind around town for anyone else to pick up
and use if they feel like it.
Sorry, I do not agree. They are still my contacts, and they are not
shared with google.
Well, do you use the Google GMail app on Android to get your email?
(Note: Gmail on iOS, is, surprise!, more private than GMail on Android.)
Bear in mind, out of a million people, only six actually test what GMail
does and I've tested it (and reported to the Android newsgroup years ago).
The *first* time you log into the Google GMail app on an Android phone, Google *creates* the mothership account (if it's not already created), and, in my tests, Google *AUTOMATICALLY UPLOADS* your contacts since you have no chance of unchecking the default setting until *after* that happens!
It has been years since I've tested that behavior in gory detail though,
but that's why I use FairEmail instead of Google's GMail on Android.
And there's (way) more than just Google's GMail which uploads contacts.
Do you have WhatsApp? Telegram? Signal? Facebook? Instagram? TikTok? Snapchat? Microsoft Outlook? Yahhoo Mail? Truecaller? Hiya? Drupe?
Do you use any OEM cloud backup program (e.g., Samsung Cloud)?
Most people don't realize this but Gboard can read the contacts sqlite database, and that's "just a keyboard" (or so they think it is).
As I said many times, privacy is a million things, but most people only
know about half a dozen of those things which we are discussing here.
I'm not so concerned about "breach of contract" than about malefactors
getting a hold of it, but I'm not saying I know of any cases where
malefactors have harmed our friends and neighbors.
What I'm saying is simply that uploading ANYHTHING to the cloud is
absurd when you have no need to upload anything to the cloud when backing >>> things up from your Android phone to the Windows PC.
I do not agree. It is far more convenient, easier, safe enough, and
private enough.
The problem with "private enough" is that many entities have said the same thing, and, well, think about history and all the "surprise attacks" in it.
There's a long history of cloud-stored personal data being breached, and contacts/phone numbers are often part of what leaks. A few well-known examples from just the last few years:
Frank Slootweg wrote:
There *were* no "personal insults". As said, you're misrepresenting
what is really happening. And it's *impossible. to "attack the facts", because what you keep emitting, are misrepresenations, not facts.
Exactly which factual "misrepresentation" are you claiming you object to?
Carlos E. R. wrote:
Just like with leaded gas, they can't just ditch the higher-octane-rated >>> fuels without actually changing the engines, although truth be told,
knock
sensors retard timing nowadays when engines feel detonation pinging.
No, ditch the lower rated.
Hi Carlos,
Well, what would the advantage of mandating worse & more-expensive gas be?
The octane rating is a measure of how resistant a fuel is to auto-igniting (knocking) under compression in an engine where Premium gasoline typically has slightly lower energy per gallon than Regular (because the blend and ethanol used to raise octane lower the energy density at the same time).
Drivers would pay more for less
There's no advantage whatsoever (for cars that run fine on Regular).
No extra power, no better mileage, nothing.
Just higher costs for worse gas.
If a new vehicle gas-cap door doesn't have a sticker saying that the
higher
octane rated gasoline isn't needed then there's zero advantage to
using it.
The maker recommends the higher, but the car adapts and the vendor
recommends the lower.
I did my own testing, based on mileage, and decided to stay on the lower.
Check the BMW forums from about five or ten years ago where I ran extensive tests for a couple of years and there's no measurable benefit to Premium.
However, I would caution people who are scared to not run the test since under high speed high load high heat conditions, the piezoelectric knock sensors might not be able to retard the timing enough to prevent knocking.
But nobody on the planet who knows anything about chemistry would ever
claim that you get better anything from premium gasoline for a vehicle that is running correctly and which is designed for the regular gas blends.
It's not possible to get better anything with the wrong gas in the engine.
The *first* time you log into the Google GMail app on an Android phone,
Google *creates* the mothership account (if it's not already
created), and,
in my tests, Google *AUTOMATICALLY UPLOADS* your contacts since you
have no
chance of unchecking the default setting until *after* that happens!
Uploads to my account space. This is fine and I want it. Does not
share it.
How do you know that Google will never be hacked?
Most people don't realize this but Gboard can read the contacts sqlite
database, and that's "just a keyboard" (or so they think it is).
As I said many times, privacy is a million things, but most people only
know about half a dozen of those things which we are discussing here.
You confuse privacy with secrecy. And you tell people having different
ideas they are rude. No, we are not!
I'm making a normative argument about courtesy, consent, and respect
Uploading someone else's personal information without their knowledge or consent is discourteous, regardless of the uploader's intentions or personality.
It's not about secrecy.
It's about respecting other people's control over their own data.
The behavior is discourteous
I could use the word "uncaring" though if that sounds better to everyone?
Just let me know which word you like best for the argument, which is about basic human decency for protecting other people's private information.
The problem with "private enough" is that many entities have said the
same
thing, and, well, think about history and all the "surprise attacks"
in it.
There's a long history of cloud-stored personal data being breached, and >>> contacts/phone numbers are often part of what leaks. A few well-known
examples from just the last few years:
Then there will be fines. I did not share data nor breach confidence.
How do you know no company whom you interacted with won't be attacked?
Frank Slootweg wrote:
Maria Sophia <mariasophia@comprehension.com> wrote:
Frank Slootweg wrote:
There *were* no "personal insults". As said, you're misrepresenting
what is really happening. And it's *impossible. to "attack the facts", >>> because what you keep emitting, are misrepresenations, not facts.
Exactly which factual "misrepresentation" are you claiming you object to?
That one's Contacts are stored "on the cloud"/"in the cloud" (i.e. meaningless FUD/scare-mongering), while
ignoring - or 'conveniently', dishonestly, silently, snipping - my/our arguments to the contrary.
I.e. like you've done again in this response of yours, ignoring and silently snipping:
[Rewind/repeat:]
So your next task is to (try to) describe what's *really* happening
with one's Contacts and Google systems. Carlos has already given a
number of clues.
[End rewind/repeat.]
[Non relevant side-stepping/diversion deleted.]
Hi Frank,
Brushing aside your personal insults including your ad hominem whataboutism veiled riddles used to avoid responsibility for your insults, I'm asking
you what facts I posted that you (not Carlos, Frank, you!) disagree with.
That one's Contacts are stored "on the cloud"/"in the cloud" (i.e. meaningless FUD/scare-mongering), while
ignoring - or 'conveniently', dishonestly, silently, snipping - my/our arguments to the contrary.
[Rewind/repeat:]
So your next task is to (try to) describe what's *really* happening
with one's Contacts and Google systems. Carlos has already given a
number of clues.
[End rewind/repeat.]
Frank Slootweg wrote:
ÿ That one's Contacts are stored "on the cloud"/"in the cloud" (i.e.
meaningless FUD/scare-mongering), while
ignoring - or 'conveniently', dishonestly, silently, snipping - my/our >>>> arguments to the contrary.
ÿ Of course yours are *not* "facts", but that's what you posted and I/we
'disagree with'.
Hi Frank,
Speak for yourself please.
There is one "fact" that you need to comprehend at the technical level.
If you comprehend that fact, then you should state that fact here & now.
Since I wouldn't ask you to state a fact that I wouldn't state myself,
I'll answer the question below and then ask you the *same* question.
Q: Where are all my Android mobile-device contacts actually stored?
A: They were stored in /data/data inside the "Conversation settings"
field in the last-known-good-version of PulseSMS but I've moved them
ÿ to the internal storage of DOpen Contacts & into a Windows vCard file.
ÿ My Android Contacts.db is empty and therefore nothing is "on the cloud".
You can dispute what "on the cloud" means until the end of time, but what
it means is not on your personal devices anymore so that you lost control.
Speaking for myself, uploading someone else's personal information without their knowledge or consent is inherently discourteous regardless of the uploader's intentions. You may or may not be as caring as I am on that.
The privacy decency point is I know exactly where my contacts are stored.
Now let's ask you to answer the same question of fact that I just did.
Q: Where are all *your* Android mobile-device contacts actually stored?
A: ?
Frank Slootweg wrote:
That one's Contacts are stored "on the cloud"/"in the cloud" (i.e.
meaningless FUD/scare-mongering), while
ignoring - or 'conveniently', dishonestly, silently, snipping - my/our >>> arguments to the contrary.
Of course yours are *not* "facts", but that's what you posted and I/we 'disagree with'.
Hi Frank,
Speak for yourself please.
There is one "fact" that you need to comprehend at the technical level.
If you comprehend that fact, then you should state that fact here & now.
Since I wouldn't ask you to state a fact that I wouldn't state myself,
I'll answer the question below and then ask you the *same* question.
Q: Where are all my Android mobile-device contacts actually stored?
You can dispute what "on the cloud" means until the end of time, but what
it means is not on your personal devices anymore so that you lost control.
Speaking for myself, uploading someone else's personal information without their knowledge or consent is inherently discourteous regardless of the uploader's intentions. You may or may not be as caring as I am on that.
The privacy decency point is I know exactly where my contacts are stored.
Now let's ask you to answer the same question of fact that I just did.
Q: Where are all *your* Android mobile-device contacts actually stored?
A: ?
Frank Slootweg wrote:
The privacy decency point is I know exactly where my contacts are stored. >> Now let's ask you to answer the same question of fact that I just did.
Q: Where are all *your* Android mobile-device contacts actually stored?
A: ?
Carlos already answered it and very well and succinctly, so I'll just repeat it:
<Carlos>
In our phones, with a copy in our private area of google servers. Under
our control.
</Carlos>
Hi Frank,
Thanks for hazarding a guess as to what the answer to the question is.
I am well aware it's scary to answer factual questions on Usenet.
Unfortunately, the explanation you gave leaves out an important part since even if contacts are stored locally and synced to Google, that's only one tiny part of the picture. Any app with contact access can upload that data to its own servers, and many do. WhatsApp, Facebook Messenger, Telegram, Signal (for contact discovery), LinkedIn and many others all do this.
And it's not just messaging apps. Contact managers, SMS apps, RCS clients, dialer replacements, email apps, sharing apps and even spam-blocking or caller-ID apps routinely upload contact information. They use it for matching, spam detection, 'smart' suggestions, syncing or building their
own databases. Once you grant access to any app on Android, there's no technical way to verify where that data goes or how long it's kept."
That's why saying 'my contacts are only on my phone and Google' isn't accurate in practice. But since you were brave enough to answer the
question (which I knew ahead of time how you would answer it), allow me to be brave enough to point out on my own system how many apps that may be.
I have 80 packages with READ_CONTACTS: granted=true.
Do I know what every single one of them is doing with it?
Nope.
Q: How many do you have?
A: ?
Frank Slootweg wrote:
The privacy decency point is I know exactly where my contacts are
stored.
Now let's ask you to answer the same question of fact that I just did.
Q: Where are all *your* Android mobile-device contacts actually stored?
A: ?
ÿ Carlos already answered it and very well and succinctly, so I'll just
repeat it:
<Carlos>
In our phones, with a copy in our private area of google servers. Under
our control.
</Carlos>
Hi Frank,
Thanks for hazarding a guess as to what the answer to the question is.
I am well aware it's scary to answer factual questions on Usenet.
Unfortunately, the explanation you gave leaves out an important part
since even if contacts are stored locally and synced to Google, that's
only one tiny part of the picture. Any app with contact access can
upload that data to its own servers, and many do. WhatsApp, Facebook Messenger, Telegram, Signal (for contact discovery), LinkedIn and many others all do this.
| Sysop: | Tetrazocine |
|---|---|
| Location: | Melbourne, VIC, Australia |
| Users: | 15 |
| Nodes: | 8 (0 / 8) |
| Uptime: | 234:20:02 |
| Calls: | 207 |
| Files: | 21,502 |
| Messages: | 83,204 |