My source is this Tumblr post, which caused me to check my settings because I just got the latest major update.
I found these settings enabled in my discord app:
I know ideally one wouldn’t use Discord at all, but so many of the nice little people in my phone are on Discord.
BTW it’s never a good idea to allow apps access to your contacts, other than your actual phone and SMS apps.
Stay safe!
it was enabled on my phone and it never asked me
Same exact experience for me!
There are 2 possibilities:
UI bug or you’ve given it access to your contacts. There are 0 other possibilities.
You know a weirdly large amount about something you can’t possibly know about or have sources for.
This is my job. I’m a staff level software engineer who previously worked at Google. My entire career has been writing Android apps.
Permissions are integral to phone app development and contacts is a specific permission that is heavily locked down.
So yes: I can possibly know and I have literally read the source code.
Unless you’re trying to insist that Discord developed a new 0 day that lets them bypass both Android and iOS operating system locks and then decided to use it to scrape contacts while giving you an option to turn it off?
Cause if that’s your supposition you’ve got a bad case of magical thinking.
Discord, to my knowledge, is closed source, and has not had a source code leak. So taking your word for it, if you’ve seen Discord’s source code, then you work for Discord?
Access to Contacts has to go through the Android API, which means the user has to explicitly grant permission for Discord to access that specific functionality. That’s what the comment you’re replying to meant: access to permissions is protected at the operating system level and they’ve seen the source code on the OS side. Permissions might have been granted by the user reflexively, just muscle memory, when setting up Discord, but it absolutely had to have happened if Sync Contacts was enabled. Unless there’s some kind of bug where Discord enables the in-app setting without actually having the permissions to access contacts–I guess that could be possible. It couldn’t actually see any contact info in that instance, but it would try. If I go into Discord settings and try to enable the Sync Contacts option my phone displays the built-in Android permissions prompt with the text “Allow Discord to access your contacts?”
Thanks for the reply. I wouldn’t have thought OP meant Android source code but that makes sense lol.
That’s the bug exactly. It’s kind of a UI glitch; but I found out through Samsung bungling my permissions preferences through a One UI (OTA System) update, that it actually does enable the in-app setting by accident and that this is going to access your contacts if the permission is presently GRANTED, but not throw up a prompt asking for permission if the permission is already DENIED.