LOS 15.1 Trust - Privacy Guard: grant "contacts" permission, but pass empty contacts list

Continuing the discussion from Upgrading from official 14.1 to 15.1 (feedback/issues):

This is one important reason why I’m still refusing to install this widely-used closed-source IM app. But also for other apps it’s sometimes helpful to either pass an empty contacts list or even only contacts of e.g. a selected account or group.

So I tested (with the built-in email app) how to achieve this under LOS 15.1, but was unable to find out how to pass an empty list of contacts to an app.
@Roboe, can you please shed some (more) light on this and elaborate how to change Privacy Guard settings to achieve the desired result?

Yes, of course I can help.

Introduction to Android permissions

First, an introduction to understand this feature to get the right midset for making it serve you well.

Privacy Guard feature dates back to the times of CyanogenMod 4.4, if I recall correctly. Remember that before Android 6, there weren’t toggable permissions per-app. The user just granted all permissions an app requested on install, or they wouldn’t install it. So the clever people at CyanogenMod figured they could hijack the calls those apps made to the system to retrieve data, and replace the real data with fake one. Instead of the list of contacts, apps would get an empty list, or instead of giving access to the camera, they would give an status indicating that it was busy. That way apps wouldn’t crash, and they wouldn’t get those things the user didn’t want them to have.

Once Android 6 was released, permissions of level dangerous were no more granted at install time, but at run time, asking directly to the user. Apps should then request them at each time they needed it, and the user had the ability to grant or reject them. But apps could react to the rejection, and then act in different ways. Some apps just refuse to work at all when you reject any of the permissions they request —this is a bad practice that has been mitigated since—, while others consider some permissions mandatory for their mere existence —obviously, a camera app need the camera permission, but a mail client app could live without access to your contacts, as long as you don’t mind to type e-mail addresses manually.

TL;DR: Android pre-Marshmallow lacked granular permission-granting. With Marshmallow onwards, the app decides which permission is crucial for it to work. They could (and do) disrespect the user decision not to share something with them.

The case: WhatsApp

WhatsApp, a widely-used, closed-source, Facebook-owned, centralized instant messaging app that even privacy-advocates could not avoid to use sometimes (thank you, network effect, ). As most of you already know, this app uses phone numbers as user addresses, so you don’t need to share your privacyisfreedom@onlineservice.com address with someone, just your number, and the app will build an address <national_prefix><phone_number>@s.whatsapp.net transparently for you (I’d say opaquely, though).

The point: the app reads periodically your entire contact list and saves it in their servers (the “cloud”) in order to build this sublist of people you can reach through their service. Naturally, it asks for the “read contacts” permission, and if you reject it, it refuses to work. But the tricky thing here is that you can perfectly receive messages from other people without any problem (people you don’t have their number could message you if they have yours). Privacy Guard to the rescue!

TL;DR: WhatsApp refuses to work when you reject the “read contacts” permission. Nothing prevents the app to receive messages from other people and you interacting with the chat normally when that happens other than the app reaction to the permission rejection.

Tricking WhatsApp with Privacy Guard

So, the plan: giving the “read contacts” permission to WhatsApp, but passing an empty list with Privacy Guard.

First, make sure you have the app installed. Then, enable Privacy Guard for the app: go to Settings #los:settings → Trust → Privacy Guard → look for WhatsApp in the list and ensure the icon at the right is colored:

WhatsApp with Privacy Guard enabled540×960 64.4 KB

Then, tap and hold the WhatsApp entry in the list. You’ll be redirected to the Privacy Guard options for that app. Then search for the Read contact option, tap on it, and select “Ignore”. From now on, the OS will send an empty list of contacts to the app when it requests them.

WhatsApp Privacy Guard options540×960 50.2 KB

Next time the app asks you to read your contacts, grant the permission. Don’t worry, Privacy Guard has your back. This is the trick: the app will think you’ve shared your contact list. You haven’t, really, :

WhatsApp showing an empty contact list1080×1920 91.6 KB

Caveats

From now on, you won’t see people’s name in the chat, but their numbers. Just don’t expose your list of chats or an opened chat to cameras or other eyes to respect the privacy of your contacts. Privacy is built on trust, just like other human links, and it’s a shared responsibility. I happen to use Guardian Project’s ObscuraCam whenever I need to share some screenshot with personal data (like my list of apps above).

Since you don’t have contacts, the “Statuses” festure of WhatsApp won’t list anything. This is positive for me, since I consider that feature intrusive, annoying and attention-stealing.

Advise: what I’ve learned thanks to GDPR

The EU’s General Data Protection Regulation introduced an obligation to bussinesses to give the user of their services the personal data they have of them on request. I requested it to WhatsApp the first day GDPR went active, and even when I had been tricking WhatsApp for months, they hadn’t erased (what I think is) the last contact list I gave them.

So, if you already shared your contact list with WhatsApp even once, you’ll only avoid them to get updates on it (new contacts, new phone numbers, new names, etc).

To do: ask WhatsApp to permanently delete my contact list from their servers. They must do it complying with the GDPR.

Pro-tip: starting chats with phone numbers

As explored above, once you negate WhatsApp the ability to read your contact list, you can receive messages and interact with already-opened chats, but you cannot start new ones.

This section describes a workaround I discovered to open new chats with random phone numbers (well, you could just use NoWhatOpen, but that’s no fun, right?).

Apps have the ability to react to certain URLs while you browse. WhatsApp uses this for a variety of things, like for those “Share with WhatsApp” links you see on news and articles over the Web. But it can be (ab)used too for opening chats with random numbers.

Whenever you open a link in the form https://api.whatsapp.com/send?phone=<phone_prefix><phone_number>, it will check if that number is registered in their system and open a new chat window with it. Easy.

The way I use it is with KISS launcher. KISS has an omnibar where you can search for contacts, apps, paste URLs or perform searches in the Web. As a hack, in KISS settings → Providers selection → Add search provider you can enter https://api.whatsapp.com/send?phone={q} as the URL to search “the Web”, but trigger WhatsApp to open those links. Then, you could write a phone in the omnibar (with prefix!) to open chats directly.

I usually search for the name of my contact, then hold the desired one to copy their phone number, and paste it again in the omnibar to “search it in WhatsApp”.

Phew! That was quite the write!

Your turn. Question, doubts, etc. I promise I’ll be more concise,

Don’t do it if you have the chance. Apps won’t only get your personal data, but they will log your activity too. There’s no (easy) way to avoid closed-source apps to know that I’m going to bed late today, or that you have a stable job because you wake up early from monday to friday. Furthermore, WhatsApp is being pressured by Facebook: one of its co-founders left and founded the Signal Foundation and WhatsApp will introduce targeted-ads soon (first link I’ve found).

Hi @Roboe, thanks a million for the comprehensive answer! Working in IT for ~ 20 year now, I have long given up for even hoping for documentation of this quality.
I more or less was aware of the Android permission system introduced with MM and I also knew Privacy Guard, but missed the background on how the latter worked. So your explanations on that are very helpful and more than welcome!

Some more remarks from my side:

You do, at least I know those from CM11 I ran on my SGS1 that I used before my FP2.

That’s the part that I missed, I was assuming that also Privacy Guard would just remove/reject the permission in general. We totally agree on the “clever” part.

…which IMO is not GDPR compliant; in Germany there was a court decision that stated likewise in the case of an 11-year-old using WA (German source: Landgericht Bad Hersfeld, Aktenzeichen F 111/17 EASO). Independently of that, I personally believe I would have to ask every person I keep in my contacts list if they mind me to upload their data to the servers of an American company.

I don’t plan to, as I stated, the privacy topic is only one that keeps me from doing so. I think we can agree to summarize the other ones under

Additional take-away from your explanations:

So the second scenario is nothing that can (currently) be achieved with Privacy Guard. This will continue to be a scenario for XPrivacy.

Thanks again for your great and very comprehensive elaboration on this topic!

@moderators: Do we have an appropriate badge (or can introduce one) for Roboe, since this is definitively not the first post of excellent quality that he’s donating to this community.
I’m thinking of something like “Top contributor” or maybe anything between “Fairphoner of the month” and “Forum member of the century”…

My pleasure,

Thank you for the reference. Quite interesting case.

Yes, you’re right and that’s accurate. I forgot to state this explicitly.

Oh, while I appreciate it, there’s no need for that. I already have the Leader trust level, kindly granted by @Douwe,

That would go to @AnotherElk, which is blazing fast solving user issues lately and his contributions are invaluable (like his “upgrading and feature tests” for multiple OSes).

And that for @paulakreuzer for her wikis and @Stefan for his good mood posts, and for the work of both organizing the whole forum!

I’d like to add there’s also the possibility to use a second user (“Android at work”) which can be activated by the (beta) app island by oasisfeng. This creates a work context where you can have an independent contact list with only the sacrificed persons

Thank you very much, but I guess we can agree on this Leader badge thing being enough.

I can not guarantee any “service level” anyway, speed and quality are mostly coincidence, don’t count on me too much .

You are exaggerating plentifully .
It’s one OS at a time, the one I use myself. And only because there’s no beta testing (I wouldn’t need to do that for e.g. Fairphone Open OS) as I don’t like surprises with the basic functionality, and I don’t like to gather all the source links together all over again everytime, so there I have them all in one place.

So, all eyes back on @Roboe please !

We won’t demand it neither,

This is called “documentation” and it’s of great value for other people as well,

Thanks for this. I can remember you wrote about that app in the past. I don’t know what’s the level of difficulty on making and restoring backups for secondary profiles, though. I like to keep it simple, but this is a plausible solution for that usecase, together with the Xposed-based XPrivacy.

It’s definitely a thing I’ve had to tinker with… Depends on what is on the second user account. Contacts can be exported to a vcf file, but more might get tricky. In the other hand, it might still be easier than keeping up to date with xposed… (And xprivacy, for that matter)

I completely agree,

Thanks a lot for these explanations!

Unfortunately the help within Privacy Guard isn’t of much help here as it only tells you that apps will not be able to access your personal data, but doesn’t tell you that the real data is replaced by fake data (which is useful to know if you want to use Privacy Guard appropriately).

There is now also the open source app Shelter which can be used for this purpose (it was recently added to F-Droid).

Thanks for this hint! Looks like an interesting alternative. However, it looks like Shelter seems not to be compatible with LineageOS 14.1 (at least F-Droid tells me so on my LOS 14.1 device), so probably also not with Android 7 in general.
On FP2 with LOS 15.1 it is installable though.

Shelter Version 1.0 requires Android 8.0 or newer.

But Version 1.1 should also support Android 7.0 as you can see here.

Thank you so much for mentioning Shelter! I was a bit reluctant to use a closed-source app like Island especially for hiding root from my banking app. I think I dare give it a try with Shelter.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.