os-issue-tracker icon indicating copy to clipboard operation
os-issue-tracker copied to clipboard

Published 20 hours ago verified publisher icon GrapheneOS

Contact Scopes: control access to Bluetooth devices, e.g., cars

Open de0u opened this issue 1 year ago • 7 comments

I just paired my Pixel 6a (TQ3A.230605.010.2023062800) with a car, and gave the car contact access. The car near-instantly slurped out 100% of my contacts, and I was not offered an opportunity to set up a contact scope.

Personally I think I would define one scope for family vehicles and another for rental vehicles, and then I would want each car's Bluetooth MAC address to be scoped in the way that each app currently is.

de0u avatar Jul 07 '23 04:07 de0u

Not really a security issue IMO. A workaround would be to not use Bluetooth on public devices like rental cars. You don't know who has used that device in the past. On a personal vehicle I would look to see if it had internet connectivity and if it did I wouldn't sync contacts with it. I personally don't sync contacts at all with cars.

robcle avatar Jul 21 '23 15:07 robcle

I think that structurally it makes just as much sense to share a defined set of contacts with a particular vehicle (the proposed feature) as it does to share a defined set of contacts with a particular app (the existing GrapheneOS Contact Scopes feature).

Some people may choose to share their contacts with zero vehicles -- that's fine, just as some people choose to share their contacts with zero non-system apps.

I'm not sure where the "Not really a security issue IMO" comment comes from. I don't think the original issue filing said "security issue", nor do I see any security-like tags on the issue.

de0u avatar Jul 21 '23 18:07 de0u

I plan to look into this post-Android 14.

muhomorr avatar Jul 23 '23 14:07 muhomorr

Thanks!

de0u avatar Jul 23 '23 20:07 de0u

Please consider the suggestions in #2339 for this feature, as they are very similar.

Those would include:

  • Checkbox left unchecked by default when connecting
  • Reject future contact requests if left unchecked
  • Add note to mention contact sharing can be re-enabled in Bluetooth > Devices

aboveagency avatar Jul 25 '23 15:07 aboveagency

I agree this would be interesting, although I dont use a car nor this feature, so if anyone wants to do this, why not

secretmango avatar Sep 20 '23 17:09 secretmango

I think that structurally it makes just as much sense to share a defined set of contacts with a particular vehicle (the proposed feature) as it does to share a defined set of contacts with a particular app (the existing GrapheneOS Contact Scopes feature).

It's simpler: My car entertainment system can save 500 contacts, my phone book have 1200 contacts. So my car give a error on connect and show only the caller number, no names. Contact scopes can resolve this, I can sync only relevant contacts (private, key accounts and so on).

Mrothyr avatar Feb 12 '24 12:02 Mrothyr