I cannot access Galaxy Store without providing my contacts to teh app and thereby give up privacy of my data. Samsung are not updated via Google Play Store. Some of the apps cannot be disabled, because Samsung decided to forbid deactivation of some apps by the user.
So how can I use my Samsung device without putting either privacy or security at risk?
"Information We Obtain
Information you provide to us
When you purchase a Samsung product, create a Samsung Account or register for or use a Service, you may provide us with personal information such as:
We may obtain certain information about you from publicly or commercially-available sources and from third parties who perform services for us. We also may obtain other information about you, your devices and your use of the Services, in ways we describe at the time we collect the information or otherwise with your consent.
Information we collect automatically
Our Services collect some data automatically when you use the Services. We may obtain information by automated means such as through browser cookies, pixels, web server logs, web beacons, and other technologies. Among other purposes, these technologies help us (1) remember your information so you will not have to re-enter it, (2) track and understand how you use and interact with the Services, (3) tailor the Services around your preferences, (4) manage and measure the usability of the Services, (5) understand the effectiveness of our communications, and (6) otherwise enhance the Services."
If you really dont feel comfortable/trust Samsung then there are random websites that host the apk files and you could download them online. But I personally use the galaxy store and i dont think they would do anything negative with my information.
1) What you posted seems to be a general explanation not a specific one regarding Galaxy Store and contacts.
2) As this is not essentially necessary for the service and not optional it violates principles of the EU GDPR such as privacy-by-design and data minimisation.
3) As there is no specific explanaintion that I know of it may violate the principles of purpose limitation and informed consent.
This is an Enterprise device. Like other business users I am not allowed to transmit data of my customers just because Samsung would like me to do it. In my case due to the nature of contracts it is even forbidden by applicable law. I don't care what you/ Samsung wants to do with the data, my customers can sue me for this, so this is reason enough to not do it.
This is pulled from that galaxy store.
So i would hope it relates, even if its vague as to what exactly they will be doing with the data.
And you can go with an untrusted apk mirror site online. But then you run the risk of hackers gaining a backdoor into your system and your contacts would really be at risk.
This is the us version of the policy, if you have questions about eu policies i would recommend going to the eu version of this community:
You can choose to store contacts data on your sim card, then pull your sim card use wifi to update your apps and reblock access to contacts before reinserting your sim card.
Or just back them up to your google account or similar source and delete the account temporarily while you allow access to contacts
I agree that this should not be necessarily but there are ways around this and it doesn't affect most normal users
First of all, thank you for pointing to the app-specific T&Cs.
relating to workarounds:
SIM cards cannot store most of the contact information and is very limited in length for the ones it can, just for others to keep in mind.
the export-update-reject access-import approach may work and I thought of it before - but it is error-prone. And it it ridiculous how much effort is needed just because Samsung violates GDPR. A also do not understand why a >1GB update does not include updates for stock apps.
relating to affected people:
The violation of customer contracts may not affect so many Samsung users in general, but again: this is an Enterprise Edition device! and even other users including private people may violate GDPR by uploading information about other people without their consent. There are even legal discussions about whether WhatsApp is allowed to upload the list in order to find other WhatsApp users - and in that case it is essential for the design of the app.
There is also another post about this topic with alot more information, please refer to this link for further comments or information as it is an older post about this issue.
Thank you for pointing me there. I have seen that before and decided to make a new thread, because in that very thread the accepted solution is "there is no solution (now)". This was 14 month ago! - so either responsible persons do not get information from the forum other they just give a sh***t. It is still undocumented afaik why the Galaxy Store wants this permission in the first place and for a developer it would not take a lot of efford to make it optional, if the managers would give privacy a higher priority.