I have the following code below that reveals me the entire email list of a Android phone.
val emailPickerIntent = Intent(Intent.ACTION_PICK, ContactsContract.CommonDataKinds.Email.CONTENT_URI)
startActivityForResult(emailPickerIntent, REQUEST_CONTACTS_CODE)
I understand that Android requires a user to explicitly give permission if we want to read/write to Contacts. However, in this case it seems that no permission needs to be given for the email list. Did google decide emails were not considered sensitive information?
reveals me the entire email list of a Android phone
No, it reveals to the user the entire email list. Your application code does not have access to the list.
If the user picks a contact, the Uri
delivered to you (via onActivityResult()
for REQUEST_CONTACTS_CODE
in your case) will allow you to get details of that individual contact. The user, by selecting the contact, is granting you short-term access to that one contact, and only that one contact.
Did google decide emails were not considered sensitive information?
They do. That's why you need READ_CONTACTS
to be able to query the ContactsContract
provider directly. If the user is involved in the contact selection, though, that permission is not needed for whatever contact the user selects.