One of your main terms we follow is “secrecy”. Therefore I want to explain how we implemented the contact sync feature in our “Where the hell are you” – app.
So first of all what does the contact sync feature do?
The answer is, it needs to provide the user a list of contacts that are already using this app. Thus, this behaviour is well known from services like WhatsApp or Telegram.
Depending on the contact identifier the service uses, that identifier has to be sent to the server (for each contact of course) in order to perform a matching against the table with registered users. Many services (including WhatsApp) are sending each phone number from the users address book to their server to do the matching. In some cases, e.g. like WhatsApp*, … there is even more Data sent to the server, like the contacts name, email, etc..
This is a major privacy issue and should concern all users of such services.
So what do we do differently:
When we started thinking about how to perform this contact syncing in the most private way possible we instantly thought about hashing (if you are not familiar with the cryptographic terminology of a hash function see this link for an explanation). This is ultimately one of the best ways on how to do this, because hashing is a one-way function.
The way the contact sync works in our case is the following:
- We use the hashed phone number as main identifier for our users.
- For the contact sync we only send a list of hashed data to the server.
- The server compares these hashes and returns those who belong to registered users.
- The client now knows which hash belongs to which user and displays them in the contacts list.
What should be mentioned:
This is a much better approach than sending plain text information, although is not a bulletproof way of making data anonymous.
With some information about the hashing algorithm in use (and the salt value) and knowledge about the data that is hashed, it is theoretically possible to find out the data that has been originally sent. More info about this can be found here and here. Therefore hashing is better than doing nothing, but reducing the data that is sent to the server to a necessary minimum is the best privacy feature at all.
For those who do not want to be sent any data to our servers we are offering a manual contact adding feature.
Currently in Android version only, bus iOS will come soon!