Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ask for explicit user consent to send their contact details to the identity server #2375

Closed
bmarty opened this issue Nov 10, 2020 · 1 comment · Fixed by #2377
Closed

Ask for explicit user consent to send their contact details to the identity server #2375

bmarty opened this issue Nov 10, 2020 · 1 comment · Fixed by #2377
Assignees
@bmarty
Milestone
Sprint 16

Comments

@bmarty
Copy link
Member

bmarty commented Nov 10, 2020
edited

We need to explicitly tell the user that if he granted permission to access their contact book, their emails and phone numbers may be sent to the identity server, hashed or not, depending on the capability of the identity server.

If we do not do that, we get exposed to the risk that Google removes the app from the PlayStore without any previous warning, as they use to do it in the past.

See the requirement from Google: https://support.google.com/googleplay/android-developer/answer/9888076?hl=en section "Prominent Disclosure & Consent Requirement"

So, we need to ask for the user consent to send their private data to the identity server they configured if any, and we have to do that independently of the contact permission grant request, i.e. even if the contact permission is already granted, we should ask (and store the answer) for the permission to send the data to the IS. The question can be asked on the opened screen when the user click on "Search in my contact", if and only if there is a IS configured on the account. The consent can also be given, and eventually revoked, in the identity server setting screen. If the identity server is removed from the account, the answer to the consent will also be deleted.

Wording proposal for the dialog:

Send emails and phone numbers

In order to discover existing contacts you know, do you accept to send your contact data (phone numbers and/or emails) to the configured Identity Server (%{identity_server_url})? For more security, the sent data will be hashed before being send.

Yes / No

If the identity server does not provide the sha256 algorithm, the wording would be:

In order to discover existing contacts you know, do you accept to send your contact data (phone numbers and/or emails) to the configured Identity Server (%{identity_server_url})? Note that the data will be sent in plain text, i.e. without being hashed.

This change will also fulfill what is recommended here: https://matrix.org/docs/spec/identity_service/latest#security-considerations
@bmarty bmarty added the p1 label Nov 10, 2020
@bmarty bmarty added this to the Sprint 16 milestone Nov 10, 2020
@bmarty bmarty self-assigned this Nov 11, 2020
@bmarty
Copy link
Member Author

bmarty commented Nov 11, 2020
edited

Note that Identity Servers MUST support sha256, as per https://matrix.org/docs/spec/identity_service/latest#get-matrix-identity-v2-hash-details, so support of none can be handled later. We will just ensure that we are not using none for the moment

bmarty added a commit that referenced this issue Nov 11, 2020
@bmarty
Ask for explicit user consent to send their contact details to the id…
6020f42 
…entity server (#2375)
@bmarty bmarty mentioned this issue Nov 11, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bmarty bmarty

Labels
None yet
Projects
None yet
Milestone
Sprint 16
Development

Successfully merging a pull request may close this issue.

Feature/bma/consent element-hq/element-android
1 participant
@bmarty