Bluetooth shares contacts and calls history despite being turned off by default.

words

When pairing with new Bluetooth device, Allow access to contacts and call history toggle is off. However, once connected, if we go to paired device settings, we can observe that the toggle is actually on. Turning the toggle on and off on first connect resolves the issue. Not sure whether the bug is visual or not.

words

tw-hx However I cannot think of a way to do the initial pair without leaking your entire address book.

words Turning the toggle on and off on first connect resolves the issue

words

Bumping the issue.

Carlos-Anso

I dont see that. What phone or tablet and what device are you pairing with?

words

P8P that connects to a speaker.

nullable

words what speaker? sometimes the device you connect to plays host when it shouldn't. Not sure how that get's decided but maybe has to do with that.

Pretty sure it's working as it's supposed to though..

words

nullable Pretty sure it's working as it's supposed to though..

No. This bug is 100% reproducible for me on other devices, and it's not visual. It shares the whole contact list since GrapheneOS doesn't have contact scopes for Bluetooth devices also.

spammerofspam

words This is strange. I'm not seeing the same behavior on my P9P. The only devices that show the toggle enabled are devices where I intentionally enabled it.

fid02

words More information might be beneficial to anyone trying to reproduce this. Is it possible to provide the make and model of these devices?

words

fid02
https://litter.catbox.moe/c34sly.mp4

words

words I honestly don't know who produced this speaker. Bought it used in Georgia.

muhomorr

https://litter.catbox.moe/c34sly.mp4

words Can you share this video again? It's no longer available.

words

Seems like the latest update fixed the issue. I'll report back once i get near a problematic speaker.

words

words 2024111800, still unfixed.

GrapheneOS

words We've made another attempt at fixing it and it should be resolved now. It will be included in the next release, which we can do tomorrow since we have some other important fixes too.

tw-hx

Can confirm, also on 2024111800. Paired phone with a 2022 Toyota Corolla, did not grant permission to share contacts in initial pair dialogue (default was off, did not touch toggle). The car subsequently sent further permission requests to access contacts (and to be fair I switched away to another app as they came through, but did not grant these).

Checked today and all contacts have been uploaded to the car (which has remote connectivity to Toyota so may have leaked my entire private address book to the manufacturer!). In GrapheneOS Bluetooth Settings the toggle for allowing contact and message access is on for the "CAR MULTIMEDIA" device. This is a major privacy bug.

If you manually disable the toggle in phone Bluetooth settings after pairing, forget the device on the car, then re-pair, the toggle stays disabled. However I cannot think of a way to do the initial pair without leaking your entire address book.

73kk13

Can't reproduce. Running 2024111800 on a P7 the option is and stays toggled off for both my headset and my watch. Will check with other devices when back home though.

73kk13

Couldn't reproduce with other speakers either. But since confirmation for pairing and request for contact access appear in the same dialogue, there's the possibility to grant the access accidently.

tw-hx

Thanks @words . That is a very useful clue and may have cracked the case! Since you have not gotten any traction here for this vulnerability in the last 8 weeks, I have dug into the GrapheneOS source code and I believe I have found the bug.

I have reported it on the GrapheneOS Github issues. Fingers crossed the developers can confirm and patch it.

GrapheneOS

@tw-hx You've misunderstood the situation. We weren't only trying to change the default but rather were also trying to fix the stock OS granting hands-free calling devices access to Contacts before a prompt was shown to the user or without the prompt being shown at all. It appears that it hasn't actually been fixed correctly but definitely it's not an issue introduced by GrapheneOS. The way you're approaching this is inappropriate and very counterproductive in terms of getting it fixed. If someone simply would have left a comment on the original issue we were trying to fix or opened a new issue we would have dealt with it already. This is an existing Android problem and us failing to fully fix it in every case doesn't mean we introduced a new vulnerability. Android was already sharing contacts with hands-free calling devices with no prompt and before it shown the prompt. It has been that way for ages. We were not only trying to fix the default setting.

GrapheneOS

@tw-hx You can see for yourself the thread was created on October 5th, most posts are from October and our change was made in the November 17th release:

https://grapheneos.org/releases#2024111700

This post from 2 days ago said the issue was still occurring:

https://discuss.grapheneos.org/d/16226-bluetooth-shares-contacts-and-calls-history-despite-being-turned-off-by-default/12

Our development team hadn't seen this report that the issue hadn't been successfully fixed. Now that we've seen it, we'll make further changes to try to address it. We clearly didn't introduce this issue as you repeatedly claimed on the issue tracker. Please look at the timeline here. How could be have introduced this issue in our November 17th release?

You say that it got no traction but we just recently put out a release with a fix that had been developed for it over several weeks. Your account of what's happening here and your claim that we introduced the problem is completely wrong.

GrapheneOS

Since our November 17th fix didn't work, we're making a further change to address the issue. The commit message does not properly explain what the commit is trying to do. Please see the discussion about it here:

https://github.com/GrapheneOS/platform_packages_apps_Settings/pull/299