You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We need to explicitly tell the user that if he granted permission to access their contact book, their emails and phone numbers may be sent to the identity server, hashed or not, depending on the capability of the identity server.
If we do not do that, we get exposed to the risk that Google removes the app from the PlayStore without any previous warning, as they use to do it in the past.
So, we need to ask for the user consent to send their private data to the identity server they configured if any, and we have to do that independently of the contact permission grant request, i.e. even if the contact permission is already granted, we should ask (and store the answer) for the permission to send the data to the IS. The question can be asked on the opened screen when the user click on "Search in my contact", if and only if there is a IS configured on the account. The consent can also be given, and eventually revoked, in the identity server setting screen. If the identity server is removed from the account, the answer to the consent will also be deleted.
Wording proposal for the dialog:
Send emails and phone numbers
In order to discover existing contacts you know, do you accept to send your contact data (phone numbers and/or emails) to the configured Identity Server (%{identity_server_url})? For more security, the sent data will be hashed before being send.
Yes / No
If the identity server does not provide the sha256 algorithm, the wording would be:
In order to discover existing contacts you know, do you accept to send your contact data (phone numbers and/or emails) to the configured Identity Server (%{identity_server_url})? Note that the data will be sent in plain text, i.e. without being hashed.
We need to explicitly tell the user that if he granted permission to access their contact book, their emails and phone numbers may be sent to the identity server, hashed or not, depending on the capability of the identity server.
If we do not do that, we get exposed to the risk that Google removes the app from the PlayStore without any previous warning, as they use to do it in the past.
See the requirement from Google: https://support.google.com/googleplay/android-developer/answer/9888076?hl=en section "Prominent Disclosure & Consent Requirement"
So, we need to ask for the user consent to send their private data to the identity server they configured if any, and we have to do that independently of the contact permission grant request, i.e. even if the contact permission is already granted, we should ask (and store the answer) for the permission to send the data to the IS. The question can be asked on the opened screen when the user click on "Search in my contact", if and only if there is a IS configured on the account. The consent can also be given, and eventually revoked, in the identity server setting screen. If the identity server is removed from the account, the answer to the consent will also be deleted.
Wording proposal for the dialog:
If the identity server does not provide the
sha256
algorithm, the wording would be:This change will also fulfill what is recommended here: https://matrix.org/docs/spec/identity_service/latest#security-considerations
The text was updated successfully, but these errors were encountered: