How do Apps get MY phone number to find friends?

Question

I'm currently working on a cordova web-app.

I wonder how Apps like Runkeeper show me contacts of my addressbook, that are also using Runkeeper. On each contact there is a little telephone symbol, so i guess the link is somehow established via the phone number.

Runkeeper has never gotten my or my friend's phone number and it is not readable from the SIM cards, though.

The only possible way that i could think of is, that Runkeeper reads my other Accounts from the AccountManager and makes a connection using my WhatsApp-ID...

Does anybody know how that happens and can I do it too in my cordova app?

How do you know the app doesn't read your address book? The permissions in the Play Store say "read your contacts" — OneCricketeer, Apr 11 '16 at 20:48
@cricket_007 it reads my address book, but the question is, how it gets my own number — Sentenza, Apr 11 '16 at 21:01
Your own number is part of your Google account and in your phone's address book — OneCricketeer, Apr 11 '16 at 21:05
So other apps can read my phone number via the google account? — Sentenza, Apr 11 '16 at 21:12
That is one way to get a phone number, yes, if you save the number to your account, otherwise the link Juan left in the comments below is another way. — OneCricketeer, Apr 11 '16 at 21:14
I checked it and i did not store my phone number in my google account. Juan's link does not apply for SIM cards on which the phone number is not stored... — Sentenza, Apr 11 '16 at 21:19
did you problem solve? from the comment on the answer you saying in the the you don't have stored your number anywhere and it's not even retrieve with cordova plugins but Runkeeper still get your contactbook/number ? — HardikDG, Apr 22 '16 at 02:39
Does the app actually show you your own phone number? Or is it just showing you numbers of your contacts that also have the app installed? — brandall, Apr 22 '16 at 13:29
@brandall: It is showing contacts, that also have this app installed. — Sentenza, Apr 24 '16 at 07:19

score 1 · Answer 1 · edited May 23 '17 at 11:59

1

Runkeeper read your contacts as per their own website. When you install the app, they store your install in their database with your number or something that was originated from your number (encrypted version for example).

When you want to know who has the app, they do the same encryption on your contacts numbers, and correlate with what they have.

For example:

User1 : [Phone 1234] 
User2 : [Phone 2341] 
User3 : [Phone 3412]

User1 installs the app, Runkeeper stores the sha1 of his number, salted or not, in their database:

Runkeeper database of installs:
    7110eda4d09e062aa5e4a390b0a572ac0d2c0220

User2 installs the app, Runkeeper stores the sha1 of his number in their database:

Runkeeper database of installs:
    7110eda4d09e062aa5e4a390b0a572ac0d2c0220  <-user1
    52c88b165a3a614a5e3ceac0074bad92d5bb1c0a  <-user2

When User2 loads the activity that shows him his contacts that are using the app, Runkeeper reads your contacts then for each contact they contact their database and correlate without ever sending your phone number or your contacts outside.

Disclaimer

This is an example approach, I have no idea if this is the way they're doing it. It's overly simplified on purpouse for sake of clarity.

Follow-up While it may be true that you never provided the phone number to the app, it doesn't necessarily mean that it doesn't have it already. Test yourself the code in this answer to check whether or not it's readable

Apparently op's Settings / About Phone / Status / My phone Number is empty, as is the google account phone number, which would be another way of accessing it.

edited May 23 '17 at 11:59

Community

1
1

answered Apr 11 '16 at 20:51

Juan Cortés

20,634
8
68
91

"Runkeeper has never gotten my phone number and it is not readable from the SIM card, though." – Sentenza Apr 11 '16 at 20:58
That would only hinder the ability of other users finding YOU as a contact who has installed the app, not you finding theirs.. http://stackoverflow.com/questions/2480288/programmatically-obtain-the-phone-number-of-the-android-phone – Juan Cortés Apr 11 '16 at 21:02
i know, sorry i did not make that clear. I tried it with a friend's phone... We found me on her phone and i found her on my phone and for both phones the phone number is not readable from the SIM card – Sentenza Apr 11 '16 at 21:03
What do you mean by not readable from the SIM card? Can you test the linked question in a sample app to see if it is indeed readable or not? I'm curious about this now – Juan Cortés Apr 11 '16 at 21:06
Tested it with "SIM Card Info" and two similar apps. The field is empty. It's a German provider... – Sentenza Apr 11 '16 at 21:12
`Settings / About Phone / Status / My phone Number` is that empty? That's what's being read by my previous link – Juan Cortés Apr 11 '16 at 21:21
Yes, that is what makes this issue so exciting ;) – Sentenza Apr 11 '16 at 21:26
Oh my, this is getting weird :D – Juan Cortés Apr 11 '16 at 21:32
@Sentenza When you signed up for Runkeeper, did you provide a phone number or email? That should correlate to the info that Runkeeper has for your user profile. If your friend has the phone number or email you used for sign up in their contacts, then it would use that to link them up. – Daniel Nugent Apr 16 '16 at 02:09
I only provided a email address, that my friend does not have in her address book – Sentenza Apr 16 '16 at 12:45

HardikDG · Answer 2 · 2016-04-20T04:39:26.533

As you asked in the question cordova has plugins which can retrieve the details from the current Android phone, by which you can get the information about the current user Some of the plugin you can for this is:
- https://github.com/vliesaputra/DeviceInformationPlugin
- https://github.com/pbakondy/cordova-plugin-sim, it has property 'phoneNumber' which can give phone no of the owner

When you login/signup they collection your device information and store it on server by some mechanism

To Get all the contacts there is also some plugins by which you can get all the contacts from the contact list like this:
https://github.com/apache/cordova-plugin-contacts, with this plugin you can find some contact in the address book or get all the contacts

document.addEventListener("deviceready", init, false);
function init() {

    navigator.contacts.find(
        [navigator.contacts.fieldType.displayName],
        gotContacts,
        errorHandler);

}

function errorHandler(e) {
    console.log("errorHandler: "+e);
}

function gotContacts(c) {
    console.log("gotContacts, number of results "+c.length);
    for(var i=0, len=c.length; i<len; i++) {
        console.dir(c[i]);
    }
}

Ref and more information: https://www.raymondcamden.com/2014/12/23/cordova-demo-viewing-all-contacts/

Another plugin for get all contacts: https://github.com/dbaq/cordova-plugin-contacts-phone-numbers
By this ways you can get your and other users contact/phone number in the your project

I don't know how they are mapping your contacts to find which friends are using this app. May be there are doing some server/client side processing on your contact list or it may be something like 'Juan Cortes' mention in his answer

score 0 · Answer 3 · edited May 23 '17 at 12:07

There are some workarounds to fetch user's phone number since some of the sim card providers doesn't allow to read it.

First try to use TelephonyManager to check if you can read from sim card (mostly can't).
Most of the devices have whatsapp / telegram / or similar apps installed. So check their account using Accountmanager
If phone number is must for your app it is better to ask user to enter it and store in sharedprefs after verify.
Read users Sent SMS messages and fetch sender address(which is phone number)

Here is the link for 1, 2 and 3

And the link for 4

I haven't tried them yet but these are the basic workarounds as i know so far.

Hope it helps

How do Apps get MY phone number to find friends?

3 Answers3