[grzm]

There's a number of straw men here: I understand the difference between being able to copy and decrypt data. You're the one who brought that up. The FBI case is about unlocking a device (which make the keys available), not decrypting data at rest when you don't have access to the keys. You brought up specifically accessing contact data available to specific apps, and those were the points I addressed.

So, only software you compile yourself, and never storing data on servers you don't own? How about hardware, including chips, from third-parties? Trusting encryption algorithms others have certified? How far does your trust extend? Is it reasonable for others to have different levels of trust than you?

[candiodari]

Nope. You do not require that you only use software you compile yourself. Software that only uses local storage, for obvious reasons, does not need that.

That's why I'm saying that you only need to be watch out for cloud software. Local contact storage is of course fine.

It's just that neither android nor Apple/ios has that.

[grzm]

I don't know what the options are on Android, but you aren't required to use iCloud on iOS for Contacts (or at all, for that matter, though there are likely feature limitations such as some syncing between devices if you don't have it enabled).

[candiodari]

I'm not sure why it is so terribly important for you to defend Apple here, but let's just say that I'm pretty sure I would just avoid using a smartphone all together for anything important.

Contacts has code in it that is explicitly designed to expose this info (to provide features found useful by many Apple customers of course). And we know that the safety guarantees are somewhat noncommittal (and I would argue at least a bit misleading).

And that's enough, if you want to avoid giving out this info, I'd use other tools to communicate.

[grzm]

> "I'm not sure why it is so terribly important for you to defend Apple here"

Only that it appears you're misrepresenting the situation. I would ask the same of you as to why it's important to continue to rail against Apple and Google to make incorrect claims and build straw men when those claims are pointed out. Here, you again shift your position. Initially you talk about cloud storage for contacts, and it's not an option to not use the cloud for storage. When I point out that that's wrong (at least for Apple), you retreat and now only talk about contacts in general. If I'm wrong about anything I've said, please point it out. If I knew more about Google and Android, I'd fill in those details, too, but I don't.

> "let's just say that I'm pretty sure I would just avoid using a smartphone all together for anything important."

If your point is you don't think using a smartphone for anything important, that's fine, and I completely agree that, depending on your threat model, smart phones may not be a good option. But you don't need to make false, misleading, (or perhaps just uninformed) claims about specific features. That just undermines your point. If you're coming at this from an op-sec perspective, that requires a particularly calm and dry-eyed look at the situation, as any misrepresentation likely has severe consequences.