Comment by 1oooqooq

7 days ago

this is still perfectly legal and allowed.

every app can scan your apps and recently opened ones "for security".

same for your contacts.

whatsapp (only meta product i need to touch in our fleet) will do both at very fast intervals, and upload a contact list diff if it detect changes.

the whole issue here was that meta bypassed the user matching on the web without paying google "cookie matching" price

8 comments

1oooqooq

Reply
BobaFloutist  6 days ago

It's so obnoxious that whatsapp refuses to function if you don't let it scan your contacts.

I genuinely think that should be illegal.

  • Tepix  6 days ago

    I‘m using it without sharing my contacts on iOS

    • extraduder_ire  6 days ago

      That's purely down to iOS's contacts API not telling apps if they have full access to contacts if you refuse or supply a subset. Genuinely wish android's APIs worked the same way.

      I currently store all my contacts in an app that doesn't expose them through the contacts API for this reason.

    • aendruk  6 days ago

      I wonder if it’s improved recently. I’ve been cursing at Facebook for years for holding hostage the ability to create WhatsApp group chats when I’ve declined to expose all of my contacts to it, but I just checked again and there’s a “Skip” button now that proceeds to the phone number UI.

raxxorraxor  6 days ago

"Legal" is missing the point by a mile and is irrelevant.

  • 1oooqooq  6 days ago

    ok, get the point of being enraged by the one thing while ignoring the same other 4 things that are above board and do the same thing

    • raxxorraxor  6 days ago

      It is just that I expect applications to behave well. I am not a fan of mobile OS because they have a bad security model in my opinion. It sets wrong incentives with trying to mitigate badly behaving apps. That other forms of software environments are possible is empirically proved but another topic.

      If an app does everything it "legally" could, it would have become malware long before. The principle of that argument is quite similar to that of poor mobile ecosystems we sadly are subjected to. Of course other factors were as important to create these "security" models.

      I also think that this plainly isn't or wasn't legal in any jurisdiction because Twitter lacked informed consent if this particular case ever got in front of a judge.

      That Twitter isn't the only guilty party is true, like we know from the article.