• General

  • Contacts and location privacy workarounds

I bought a Pixel 4a to give GrapheneOS a try and see if it would be good enough to switch from an iPhone. I’m really impressed - I’d say it’s 95% perfect. But…

There’s a couple of showstoppers. The main trouble is that I can deny access for apps to contacts and location, but then they refuse to start. So either I grant them that permission or I don’t run the app.

For contacts the prime offender is WhatsApp. On iOS it’ll run without contact permission and works fine, but on Android it’s desperate to vacuum up my contacts. I could put it in a separate profile, but then the notifications don’t include the content of the messages, so that’s awkward, and there’s no sharing of photos etc between profiles (by design) so it’s awkward to send them.

For location, random apps insist on having it and I can’t open them without it. Seems to be especially IoT apps - had it for controlling a power supply and a fan.

It would be great to have contact and location scopes, but until that time are there any workarounds that people use for these? Last time I had Android I used PrivacyGuard to offer fake contacts and location, but that needs root.

I could imagine something like a dialler and SMS app which used their own not system contacts - then I could let WA have access to my empty system contacts. I don’t know what to do about location: if I grant access but turn off location the apps don’t start, and there’s no way to feed them a fake location.

So does anyone have any ideas for defending privacy while still running troublesome apps?

    Foggy Contact Spaces is an upcoming feature in GrapheneOS that will allow you manage multiple "buckets" (for lack of a better term) of contacts and only grant apps access to specific buckets instead of having to grant broad contacts access.

    For now, you can use an app like Connect You, which allow you to look at your device contacts, which apps can access via the contacts permission, but also has a "local" option to store contacts in the app's internal storage to keep them private, which is an option if you don't want to take the multiple profile route.

    For location, I know that long term plans include similar features for location etc., but that's probably a long way away. I don't really have an elegant solution for that, I'm afraid.

      Foggy I'm pretty sure Whatsapp can be set up and used without granting it Contacts access. I've been able to do it in the past and have done so recently. Are you completely unable to launch/use Whatsapp if you dismiss its permission prompt for Contacts? Can you describe the way this occurs?

      You could try exporting all your contacts, then deleting them from the Contacts app, then launching Whatsapp and granting it Contacts permission, then once it's setup, deny its access to Contacts, restore your contacts inside the Contacts app and see if Whatsapp works fine.

      Using Whatsapp without Contacts access isn't as convenient but it is definitely possible.

          233328 WhatsApp will run without contacts privilege, but you can’t initiate a chat with someone you’ve not already contacted before. If you press the ‘new message’ button it asks for contacts permission. If you say ‘not now’ it goes back to the list of old chats with no way to start a new message.

          That might be ok in limited circumstances, if you can ask people to message you first, but it’s tricky if you need to initiate contact.

              Foggy Alternatively, you can simply type wa.me/phone_number as a url in your web browser, it should automatically redirect you to
              Whatsapp and Whatsapp will open a chat with that number.

                  I have a complicated setup but it works very well.

                  I dont have any contacts saved in the device storage of owner profile, i use the simple contacts app, which is also having option store contacts inside the app's internal storage, i Use the simple dialer app and simple sms app, these apps can use the contacts stored inside the simple contact app's internal storage, so i see who is calling and messaging.

                  I have a secondary profile where i have stored contacts which are needed to be available in whatsapp, and there whatsapp has contact permission.
                  Installed whatsapp again in the owner profile, while login in to whatsapp when we take out sim card it will show a link device option with qr code instead of entering the number(this is a new feature of whatsapp), take the photo of that qr using another phone, switch the profile open the main whatsapp and add device with that qr code.
                  it works like whatsapp web but instead of browser we are using the same whatsapp app, i then end the session of that profile and disable the multiple user option, once in 15 days need to open the main whatsapp so that it wont sign out the linked device.
                  now the whatsapp in owner profile doesn't need contact permission but shows the contacts available in the other profile.
                  I made this setup to workaround some other app mainly a caller identification app which shows name of unknown callers but upload every single contact of us to their server (thats how they are finding the caller).

                  Waiting for the Contact scope got get implemented, till then this is my setup.

                  GOOD ONE, 233328 !!
                  This has the two advantages of using hardened, secure Vanadium,
                  AND NOT having to install an app of unknown quality.