Private Contacts is an Android app to manage your contacts with additional features for privacy and data protection not offered by your phone's default contacts app.
When any app (e.g. a messenger like WhatsApp) asks for permission to access your phone's contacts, the choice is purely binary: You either give it access to all your contacts or none of them. In that moment you will likely feel fine about sharing the phone-numbers of your friends who also have the same app installed, anyway. However, what about the phone number of your doctor, your therapist, etc.? Do you really want to provide that information to everyone asking? Often, the mere presence of that contact on your phone is enough to deduce a lot about your health, preferences and behavior.
Right now, the app simply offers you the typical functionalities of a contacts app without sharing its contacts with any other app. If an app has the permission to access the phone's contacts, it will not get those stored in Private Contacts anyway.
The app supports caller-detection, displaying a notification if a known contact is calling you. Unfortunately, that depends heavily on manufacturer and Android version. For that reason it is not 100% reliable yet (feedback is very welcome).
Additional features
- Displaying & editing the normal contacts of the phone.
- Moving contacts from the standard Android database to the app (and removing them from the standard database so they are no longer visible to other apps)
- Creating new contacts in the standard Android database
- Moving contacts from Private Contacts back the the standard Android contact database (in case that is desired)
- Support of Imports/Exports in vcf format
- Periodic, automatic backups to a local folder of your choice
- Encrypted backups: backup files of periodic backups can optionally be protected with a user-supplied password
- Protecting the app with biometric prompt
- Hiding the app by changing the app-name and -icon to "Pocket Calculator" with a calculator-icon.
- Periodic backups of secret and public contacts
- Encrypted backups for better privacy
- Backups to Google Drive (we recommend to only store encrypted backups on Google Drive)
- Support of additional features of a contact app
- Mark contacts as favorites
- Improvements of caller detection
- Maybe an additional category of "Anonymized" contacts which are shared with other apps but under an alias.
- Suggestions are always welcome...
- What we would like to do is provide contacts to e.g. the official phone-app while withholding them from e.g. WhatsApp. Unfortunately, Android does not allow this: we cannot provide a contact to some apps but not to others.
- Either a contact is in the public contact-database where every app with the necessary permission can read it;
- or it is secret and no app (other) can read it.
- Both Google and phone manufacturers like Samsung tightly restrict call-detection (i.e. reacting to an incoming call by e.g. showing a popup). This is good because it improves our privacy. Unfortunately, it also restricts what we can do within this app. We try to detect incoming calls and show notifications but the corresponding logic changes with every version of Android and may also vary between phone manufacturers. Therefore, the detection-feature can be a bit flaky and may not work reliably on your device. We are sorry for the inconvenience and happy about feedback (e.g. on which devices it does not work or also technical suggestions for improving it).
| Start Screen | Contact Details | Contact Edit 1 | Contact Edit 2 |
|---|---|---|---|
 |
 |
 |
 |
This sections explains the meaning and workings of the settings-screen.
- App theme: whether the app is displayed in light-theme, dark-theme or the system-default.
- Order by first name: whether the contact-list should be ordered by first- or last-name.
- Show contact type in contact list: whether the contact-type (public or secret) is depicted in the list of contacts using a lock-icon. The lock is closed and green for secret contacts. It is open and red for public contacts.
- Show additional save-button in the edit-screen: this setting is about the screen which can edit contacts or create a new one. The primary save-button is in the navigation-bar, in the top-right of the screen. If this checkbox is set, another one will be added at the bottom for reasons of convenience.
- Show the navigation-bar at the bottom of the screen: inverts the position of the navigation-bar, showing it at the bottom instead of the default top. This can be more convenient on large-screen phones.
- Show WhatsApp buttons: if enabled, a buttons will be shown next to all phone-numbers on the detail-screen (with the overview over a contact). These buttons show the icon of WhatsApp and - when pressed - will open WhatsApp in a chat with this contact.
- This allows the user to start a new chat in WhatsApp with that contact, sharing only that single phone-number (no name no other information)
- As we cannot check if that phone-number is actually connected to a WhatsApp account without giving the number to WhatsApp (which is the last thing we want), this button is shown next to all phone-numbers independent of whether they are registered on WhatsApp or not.
- Match incoming calls with contacts: whether the app should try to detect when a secret contact is calling them. See the technical section below for details.
- Show information on lock-screen: whether the notification informing about a caller in the list of secret-contacts should be shown before the phone is unlocked.
- Block calls from unknown numbers: whether the app should block all incoming calls from numbers which are not stored in your contacts (either secret or public). This feature only works with Android 10 or newer.
- Show public contacts: whether the app should just show you your secret contacts or also the public ones which are managed by your phone's standard contacts-app and the operating system. If this checkbox is set, the app will need the permission to access your phone's contacts. It will then populate a second tab showing both secret and public contacts.
- Show third-party contact accounts: if disabled, the app only allows you to store public contacts in either your Google-account or your phone's local contacts. If enabled, any account stored on the device will be allowed.
- Beware: You may need to restart the app after changing this setting.
- BEWARE: We cannot reliably determine whether any selected account is actually able to store your contacts. If you choose an account unsuited for storing contacts, this might lead to the loss of your data. Be careful.
- Second tab: the first tab will always show the list of secret contacts. This setting allows the user to define what the second tab should show: either all contacts or just the public ones.
All settings in this section define defaults which can be overridden by the user on the spot.
- Contact-type: whether a newly created contact should be public or secret by default (can ofc be changed during creation).
- Contact account: only relevant for public contacts, defines where they should be stored (e.g. phone-local or in your google account).
- VCF version: VCF is the format in which contacts are exported and can be imported in other contacts apps. This format has a newer version 4 and an older version 3. The older version has fewer features but is more likely to be compatible with older contacts-apps.
- App authentication: will add an authentication-step in the app startup. This means that the user will e.g. have to authenticate by fingerprint or face-id before seeing the list of contacts. The app does not implement any of the authentication-methods itself but delegates to the standard authentication defined by the operating system (e.g. fingerprint, face-id, or PIN).
This section controls automatic, scheduled backups of your contacts to a local folder of your choice.
- Backup frequency: how often the backup should run automatically. Options are Disabled (no automatic backup), Daily, Weekly, and Monthly.
- Contact scope: which contacts should be included in the backup. Options are Secret contacts only, Public contacts only, or All contacts. Note: including public contacts requires the contacts permission. This field is only shown if periodic backups are enabled.
- Backup folder: the folder where backup files will be written. Tap the edit-icon to pick a folder. The app will request persistent read/write access to the chosen folder. A backup folder must be selected before automatic backups can run. This field is only shown if periodic backups are enabled.
- Encrypt backups: if enabled, backup files are encrypted with a password you supply. The encrypted file uses the
.vcf.cryptextension instead of the usual.vcf. When you later import an encrypted backup, you will be asked for the password. This field is only shown if periodic backups are enabled.- Important: if you forget the password, the backup cannot be recovered. There is no password-reset mechanism.
- Google Drive Backup: if enabled, future backup files will be uploaded to a folder in your Google Drive for additional safety, in case you lose access to your phone.
- We recommend to only enable this in concert with backup encryption.
- Google Account: shows the Google account which is used for your Google Drive backup. This field is only shown if Google Drive backup is enabled.
- Drive folder: shows the name of the created backup folder in your Google Drive. The folder-name always ends in a cryptic combination of letters and numbers to make sure that it is unique. If you have the app installed on more than one device, the devices may create separate folders.
- Hide app name and icon: changes the name and icon of the app on the home-screen and in the app-overview. The app pretends to be a simple calculator app named "Pocket Calculator" (the name was chosen to start with the same letter so the app can be more easily found in alphabetical sorting).
- However, in the system-settings the true name will still appear.
- Depending on your phone, operating system and launcher, you will have to restart your phone to see the change — we apologize for the inconvenience but that is outside of our control.
- Send anonymous error reports: if the app crashes or something goes wrong during its operation, we won't notice unless it happens on one of our phones. That is not satisfying because many bugs only appear under very specific circumstances (like only on one specific model or manufacturer). Therefore, we use Google's "Crashlytics" framework to get error-reports. We make sure that no sensitive information is written into these reports. However, you can of course turn this off if it makes you uncomfortable. In that case, please let us know about bugs by email.
This chapter illustrates some technical background information to help users understand what happens behind the scenes.
The "normal" contact system of Android works (a bit simplified) like this:
- The operating system manages one big database of contacts.
- Apps with the appropriate read-permission can read contacts from this database.
- Apps with the appropriate write-permission can write to this database.
As a consequence, any contact written to this central database can be read by any other app with the contact-read permission, e.g. standard telephone- and contacts-apps, 3rd-party apps like WhatsApp, Signal, Gmail, Outlook, etc.
Once a contact is written into the central database, we lose control over it.
- For that reason, contacts marked secret are not written there.
- Contacts marked as public, on the other hand, are written into that database to allow other applications to find them.
PrivateContacts maintains its own, separate database to store those contacts that are marked as secret. That database is in the app's private directory where it cannot be accessed by other apps (unless the device is rooted (jailbroken), but in that case all security-bets are off, anyway).
A downside of this is of course that we are now responsible for backing them up: they are no longer synchronized nicely over Google. However, Google's "Google One-Backup" (which backs up the app-state of all installed apps for recovery after a factory-reset or on new phone) will cover the private directory of all apps, including the database of secret contacts.
On first glance, this may look counter-intuitive to the promise of keeping these contacts secret, however we have decided that it is a risk worth taking, for the following reasons.
- The convenience of this automatic backup-solution is unquestionable.
- Google has promised not only publicly but under oath in the US legal system that these backups are end-to-end encrypted and cannot be read by anyone but the user.
- We have the highest possible trust in Googles technical competence to make sure no one else is able to read these backups - if anything we would question their motivation to build in a back-door for themselves.
- Any user who distrusts this statement can and should disable the entire "Google One-Backup" feature anyway.
- If that is still not enough for you, probably you should not use an operating system developed and maintained by Google: in the end no app can protect you from the operating system in which it is running.
In addition to the Google One-Backup, the app offers its own periodic backup feature. It exports your contacts as a .vcf file to a folder of your choice at a configurable interval (daily, weekly, or monthly). This gives you full control over where your backup is stored — for example in a folder that is synced by a cloud provider of your choice, or on local storage only.
Optionally, these backup files can be encrypted with a password you supply. The file is then saved with a .vcf.crypt extension and can only be imported back into the app by providing the correct password. Technically, the file content is encrypted with AES-256-GCM using a key derived from your password via PBKDF2 (310,000 iterations, random salt). Your password itself is never stored in plain text: it is encrypted with a key held in the Android KeyStore (hardware-backed on supported devices) and only the resulting ciphertext is persisted. This means that even if someone gains access to the app's storage, they cannot recover your backup password.
The second big disadvantage of keeping our contacts out of the central contacts-database is ofc that not even the standard phone-app can get to them: we are still exploring technical possibilities to allow sharing secret contacts with select apps but have so far been unsuccessful. As a consequence, the call-screen will show an unknown number of one of your secret contacts calls you.
The experimental call-detection feature registers the app to be informed by the operating-system whenever a call is incoming. It can then match the calling number against the list of secret contacts to check if the caller is among them. If yes, the app will show a notification (at the top of the screen) with the callers name, as well as a toast at the bottom. Unfortunately, the correct working of this is strongly dependent on the phone-manufacturer "playing nice": some phone-apps will just put themselves in the foreground so strongly that neither the toast nor the notification will be visible to the user. Having "extra powers" (i.e. higher permissions) granted by the manufacturer, they rightfully "win" against any 3rd-pary app like PrivateContacts.
(this is a non-complete list of the most important libraries used; please consult the build.gradle for the complete list)
- "Jetpack Compose" by Google for the UI: https://developer.android.com/jetpack/compose
- "Contact Store" by Alex Styl for accessing the contacts: https://github.com/alexstyl/contactstore
- "libaddressinput" by Google for formatting addresses: https://github.com/google/libaddressinput
- Florian Gubler
- 2Gusoft@gmail.com
- App entry in Google Play Store: PrivateContacts
- Privacy Policy: PrivateContacts Privacy Policy
- Disclaimer: we refuse any and all liability for damage incurred by using this app.