Роскомнадзор обязал сервис GetContact передавать данные пользователей силовым структурам
What happened
The Russian Roskomnadzor is forcing GetContact to give direct access to Russian security agencies to their data. News in russian
GetContact allow users to see possible name of incoming call with obligation that the user share with GetContact own contact list!
The app is extremely popular in Russia and other countries. So GetContact actually have information about social links of all population even if they never installed this app.
So FSB give to app time to grow and now they will have access to connections of every person without Google and Apple.
GetContact already have history of cooperation with Russian Government.
What is GetContact. Are you exposed if you don't use it? :( Yes
During install the app ask you to give access to your contact book. Then the app loads numbers and how you named it to their database. There their service create list of names for every number.
So if you saved person with number +1234567 under name "Alex Craigslist bed". When other person which will get a call from +1234567 will know that this person is Alex and sometime he sold a bed on Craigslist.Not for public but it have links between all numbers in their db. If your friend A and B have this app then Officers will know that they are your contacts. They also will know who are you to them from how they named your number!It how Bellingcat found suspected FSB officers who poisoned Navalny. Numbers from leaked flight registration had in list names as "Stanislav FSB" and "Vladimir FSB" which later were connected to FSB members who works in FSB labaratory in Podlipki.Probably FSB also will want to clean GetContact databases after their fail with poisoning of Navalny.
What could Android do (and Apple)
If Android would allow to create personalized list of contacts for every app it would fix many issues with voluntary leaking.
It also would help in case when user for first time download messenger and the user is not available to send messages without give the permission to the contact book. In this case app can send to all your contact annoying messages "Hey, I use this app".
What possible to do now
If you use Signal or Telegram, never share your number but share name of your user instead.I would like to hear an advice from you