Contact Scopes: control access to Bluetooth devices, e.g., cars

GrapheneOS / os-issue-tracker

Issue tracker for GrapheneOS Android Open Source Project hardening work. Standalone projects like Auditor, AttestationServer and hardened_malloc have their own dedicated trackers.

https://grapheneos.org/

353 stars 20 forks source link

Contact Scopes: control access to Bluetooth devices, e.g., cars #2304

Open de0u opened 1 year ago

de0u commented 1 year ago

I just paired my Pixel 6a (TQ3A.230605.010.2023062800) with a car, and gave the car contact access. The car near-instantly slurped out 100% of my contacts, and I was not offered an opportunity to set up a contact scope.

Personally I think I would define one scope for family vehicles and another for rental vehicles, and then I would want each car's Bluetooth MAC address to be scoped in the way that each app currently is.

robcle commented 1 year ago

Not really a security issue IMO. A workaround would be to not use Bluetooth on public devices like rental cars. You don't know who has used that device in the past. On a personal vehicle I would look to see if it had internet connectivity and if it did I wouldn't sync contacts with it. I personally don't sync contacts at all with cars.

de0u commented 1 year ago

I think that structurally it makes just as much sense to share a defined set of contacts with a particular vehicle (the proposed feature) as it does to share a defined set of contacts with a particular app (the existing GrapheneOS Contact Scopes feature).

Some people may choose to share their contacts with zero vehicles -- that's fine, just as some people choose to share their contacts with zero non-system apps.

I'm not sure where the "Not really a security issue IMO" comment comes from. I don't think the original issue filing said "security issue", nor do I see any security-like tags on the issue.

muhomorr commented 1 year ago

I plan to look into this post-Android 14.

de0u commented 1 year ago

Thanks!

aboveagency commented 1 year ago

Please consider the suggestions in #2339 for this feature, as they are very similar.

Those would include:

Checkbox left unchecked by default when connecting
Reject future contact requests if left unchecked
Add note to mention contact sharing can be re-enabled in Bluetooth > Devices

secretmango commented 1 year ago

I agree this would be interesting, although I dont use a car nor this feature, so if anyone wants to do this, why not

Mrothyr commented 8 months ago

I think that structurally it makes just as much sense to share a defined set of contacts with a particular vehicle (the proposed feature) as it does to share a defined set of contacts with a particular app (the existing GrapheneOS Contact Scopes feature).

It's simpler: My car entertainment system can save 500 contacts, my phone book have 1200 contacts. So my car give a error on connect and show only the caller number, no names. Contact scopes can resolve this, I can sync only relevant contacts (private, key accounts and so on).