Groups | Search | Server Info | Login | Register

Groups > comp.mobile.android > #153798

Re: PSA: Fossify Simple Mobile Tools FOSS replacement apps

From Maria Sophia <mariasophia@comprehension.com>
Newsgroups comp.mobile.android
Subject Re: PSA: Fossify Simple Mobile Tools FOSS replacement apps
Date 2026-05-03 23:56 -0600
Organization BWH Usenet Archive (https://usenet.blueworldhosting.com)
Message-ID <10t9ce5$2tmf$1@nnrp.usenet.blueworldhosting.com> (permalink)
References <10t15d7$b3i$1@nnrp.usenet.blueworldhosting.com> <10t445g$n0b$1@nnrp.usenet.blueworldhosting.com> <10t62io$cje$1@nnrp.usenet.blueworldhosting.com>

Show all headers | View raw

Maria Sophia wrote:
> I'm simply starting my quest with this thread trying to find those apps.

While researching iOS contacts-privacy apps, I found this for Android:
 <https://github.com/seenware/savelon-app>
 Savelon: Private Contacts
 Savelon is a privacy-first contacts app where users can store 
 confidential contacts safely in a separate encrypted vault.
 The app is fully offline: there are no clouds, no backend servers, 
 and no remote sync. Contact data is encrypted on device and unreadable
 to other apps. This project is open source.

Savelon FOSS Privacy-first contacts app
 a. 256-bit on-device encryption
 b. No cloud, no servers, open source
 c. Completely separate contact store
 d. Password-protected backups
 e. Designed specifically for private contacts
    <https://savelon.com/> 

Android:
 <https://play.google.com/store/apps/details?id=com.seenware.encryptedcontacts>
iOS:
 <https://apps.apple.com/de/app/savelon-private-contacts/id6755902938>

Below is the article where I first unearthed Savelon, from the iOS ngs.
  =====================================================================
The point of this thread is to find a way for better iOS contacts privacy.

The very fact the user has no idea which contact permissions are being 
asked for is a problem. And that messages can't be made private is too.

Whether you comprehend it or not, iOS does not granularize permissions by 
field so the prompt simply does not enumerate what the app will access.

I've known this for years. 
But I had never tried to solve this privacy flaw until recently.

It's widely known to people who understand privacy that the only real 
solution is keeping contacts out of the system address book entirely,

To solve this privacy issue, I dug deeper to find that privacy-focused 
contacts apps do exist on iOS, and several of them explicitly solve the
some of the "separate, encrypted, not visible to other apps" problems. 

Given the fact that... 
 a. iOS cannot granularize Contacts permissions by field.
 b. iOS cannot show which fields an app will access.
 c. iOS cannot granularize Contacts permissions by field.
 d. iOS cannot show which fields an app will access.
 e. iOS cannot replace the system dialer with a privacy-aware one.

So the only viable path is keeping sensitive contacts out of the system 
database entirely, which is the goal that I seek to solve in this thread.

The strongest options today appear to be Savelon, Stealth Contacts and 
GhostContact, all of which create independently private contact stores that 
are not exposed through the system Contacts framework.	 

Savelon, for example, (which also works on Android & macOS) has
 a. 256-bit on-device encryption
 b. No cloud, no servers, open source
 c. Completely separate contact store
 d. Password-protected backups
 e. Designed specifically for private contacts
    <https://savelon.com/> 

Perhaps better, Stealth Contacts, which allows seeing the caller's name 
without putting them in the system Contacts database, has a
 a. Private vault with Face ID / passcode
 b. Caller ID works even though contacts are not in system Contacts
 c. Invisible to all other apps
 d. Never appears in Spotlight, call history, or search
 e. Optional iCloud sync that does not touch iCloud Contacts  
    <https://apps.apple.com/us/app/stealth-contacts/id6760033667>

Similar to Stealth Contacts but simpler is Ghost Contacts which also 
shows caller ID using the CXCallDirectoryProvider, which 
 a. Creates a second, private contact list
 b. Caller ID works without adding to system Contacts
 c. Data stored only on device
 d. No access by other apps 

<https://apps.apple.com/us/app/ghostcontact-private-contacts/id6742730895>	 

Even after enabling the CallKit extension in 
  Settings > Phone > Call Blocking & Identification.
there are still unplugged iOS privacy holes in call logs and in messages.

The call log leak:
Even if a contact is in a "Stealth" vault, when the call ends, the phone
number will still appear in our native Phone app's "Recents" tab.
It just won't have a name attached to it. If an app has "Call Log" access
it can see the metadata of the call, just not the identity of the caller.

The messages leak:
Even if a contact lives entirely inside a Stealth-style vault, iOS Messages
still exposes the phone number because Messages only consults the system 
database, not any private contact store. Incoming texts create a permanent 
thread tied to the raw number, which is then indexed by Spotlight, 
suggested by Siri, shown in the share sheet, and stored in the Messages 
database (and in iCloud if syncing is enabled). The identity stays hidden, 
but the number, timestamps, and conversation metadata remain visible to the
OS and to any app with notification or message-related access.	 

For example, to see "John Doe" in our text messages, we are forced to add 
him to the system Contacts. Once we do that, the privacy "wall" is broken.
.
Every other app with contact permission (Facebook, TikTok, etc.) 
can now see that contact, and specifically, if they get the Notes
field, if you put a gate code in that field, those third-party 
apps can now steal that code (if they request that field).

On iOS, we can have a "Private Dialer" experience, but we cannot 
currently have a "Private Texter" experience while using the native
Messages app. To keep our identity safe in texts, we have to use an 
entirely different app like Signal, which maintains its own internal 
(and private) contact list.
-- 
Of a million things people should know about privacy, most know 3.	.

Back to comp.mobile.android | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

PSA: Fossify Simple Mobile Tools FOSS replacement apps Maria Sophia <mariasophia@comprehension.com> - 2026-04-30 21:07 -0600
  Re: PSA: Fossify Simple Mobile Tools FOSS replacement apps Maria Sophia <mariasophia@comprehension.com> - 2026-05-02 00:04 -0600
    Re: PSA: Fossify Simple Mobile Tools FOSS replacement apps Maria Sophia <mariasophia@comprehension.com> - 2026-05-02 17:49 -0600
      Re: PSA: Fossify Simple Mobile Tools FOSS replacement apps Maria Sophia <mariasophia@comprehension.com> - 2026-05-03 23:56 -0600
    Re: PSA: Fossify Simple Mobile Tools FOSS replacement apps Arno Welzel <usenet@arnowelzel.de> - 2026-05-03 14:40 +0200
      Re: PSA: Fossify Simple Mobile Tools FOSS replacement apps Maria Sophia <mariasophia@comprehension.com> - 2026-05-03 14:16 -0600
        Re: PSA: Fossify Simple Mobile Tools FOSS replacement apps Arno Welzel <usenet@arnowelzel.de> - 2026-05-04 09:12 +0200
          Re: PSA: Fossify Simple Mobile Tools FOSS replacement apps Theo <theom+news@chiark.greenend.org.uk> - 2026-05-04 11:56 +0100
            Re: PSA: Fossify Simple Mobile Tools FOSS replacement apps Arno Welzel <usenet@arnowelzel.de> - 2026-05-04 17:02 +0200
            Re: PSA: Fossify Simple Mobile Tools FOSS replacement apps Maria Sophia <mariasophia@comprehension.com> - 2026-05-04 11:08 -0600
  Re: PSA: Fossify Simple Mobile Tools FOSS replacement apps Arno Welzel <usenet@arnowelzel.de> - 2026-05-03 14:37 +0200
    Re: PSA: Fossify Simple Mobile Tools FOSS replacement apps Maria Sophia <mariasophia@comprehension.com> - 2026-05-03 13:57 -0600

csiph-web