cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Asteroid

Galaxy Store - have to either give up privacy or give up security?

I cannot access Galaxy Store without providing my contacts to teh app and thereby give up privacy of my data. Samsung are not updated via Google Play Store. Some of the apps cannot be disabled, because Samsung decided to forbid deactivation of some apps by the user.

 

So how can I use my Samsung device without putting either privacy or security at risk?

8 REPLIES 8
Highlighted

Re: Galaxy Store - have to either give up privacy or give up security?

Are you saying before you open Galaxy store the App is asking for permission to access contacts?
Reply
Loading...
Highlighted
Asteroid

Re: Galaxy Store - have to either give up privacy or give up security?

Yes, and if I reject the Galaxy Store app closes.

Reply
Loading...
Highlighted
Comet

Re: Galaxy Store - have to either give up privacy or give up security?

Yes it is mandatory for contacts to use the galaxy store. But you can view how they will use that data in there privacy policy.

 

"Information We Obtain
Information you provide to us
When you purchase a Samsung product, create a Samsung Account or register for or use a Service, you may provide us with personal information such as:

  • • contact information, such as name, email address, postal address and phone number;
  • • payment card information (including name, card number, expiration date and security code);
  • • user coupon or gift card number;
  • • date of birth;
  • • gender;
  • • information stored in or associated with your Samsung Account (including your Samsung Account profile, ID, username and password);
  • • username and password for participating third-party devices, apps, features or services;
  • • information you store on your device, such as photos, contacts, text logs, touch interactions, settings and calendar information;
  • • recordings of your voice when you use voice commands to control a Service or contact our Customer Service team; and
  • • location data, including (1) the precise geolocation of your device if you consent to the collection of this data and (2) information about nearby Wi-Fi access points and cell towers that may be transmitted to us when you use certain Services.

We may obtain certain information about you from publicly or commercially-available sources and from third parties who perform services for us. We also may obtain other information about you, your devices and your use of the Services, in ways we describe at the time we collect the information or otherwise with your consent.
Information we collect automatically
Our Services collect some data automatically when you use the Services. We may obtain information by automated means such as through browser cookies, pixels, web server logs, web beacons, and other technologies. Among other purposes, these technologies help us (1) remember your information so you will not have to re-enter it, (2) track and understand how you use and interact with the Services, (3) tailor the Services around your preferences, (4) manage and measure the usability of the Services, (5) understand the effectiveness of our communications, and (6) otherwise enhance the Services."

 

Source:

http://account.samsung.com/membership/terms/privacypolicy

 

If you really dont feel comfortable/trust Samsung then there are random websites that host the apk files and you could download them online. But I personally use the galaxy store and i dont think they would do anything negative with my information.

Reply
Loading...
Highlighted
Asteroid

Re: Galaxy Store - have to either give up privacy or give up security?

1) What you posted seems to be a general explanation not a specific one regarding Galaxy Store and contacts.

2) As this is not essentially necessary for the service and not optional it violates principles of the EU GDPR such as privacy-by-design and data minimisation.

3) As there is no specific explanaintion that I know of it may violate the principles of purpose limitation and informed consent.

This is an Enterprise device. Like other business users I am not allowed to transmit data of my customers just because Samsung would like me to do it. In my case due to the nature of contracts it is even forbidden by applicable law. I don't care what you/ Samsung wants to do with the data, my customers can sue me for this, so this is reason enough to not do it.

Reply
Loading...
Highlighted
Comet

Re: Galaxy Store - have to either give up privacy or give up security?

This is pulled from that galaxy store.

Galaxy store>(3 lines) settings>about galaxy store>privacy policy

So i would hope it relates, even if its vague as to what exactly they will be doing with the data.

 

And you can go with an untrusted apk mirror site online. But then you run the risk of hackers gaining a backdoor into your system and your contacts would really be at risk.

 

This is the us version of the policy, if you have questions about eu policies i would recommend going to the eu version of this community:

https://eu.community.samsung.com

 

Possible workarounds:

You can choose to store contacts data on your sim card,  then pull your sim card use wifi to update your apps and reblock access to contacts before reinserting your sim card.

Or just back them up to your google account or similar source and delete the account temporarily while you allow access to contacts

 

I agree that this should not be necessarily but there are ways around this and it doesn't affect most normal users

 

Screenshot_20200804-222352_Galaxy Store.jpg

 

 

Reply
Loading...
Highlighted
Asteroid

Re: Galaxy Store - have to either give up privacy or give up security?

First of all, thank you for pointing to the app-specific T&Cs.

relating to workarounds:
SIM cards cannot store most of the contact information and is very limited in length for the ones it can, just for others to keep in mind.
the export-update-reject access-import approach may work and I thought of it before - but it is error-prone. And it it ridiculous how much effort is needed just because Samsung violates GDPR. A also do not understand why a >1GB update does not include updates for stock apps.

relating to affected people:
The violation of customer contracts may not affect so many Samsung users in general, but again: this is an Enterprise Edition device! and even other users including private people may violate GDPR by uploading information about other people without their consent. There are even legal discussions about whether WhatsApp is allowed to upload the list in order to find other WhatsApp users - and in that case it is essential for the design of the app.

Reply
Loading...
Highlighted
Comet

Re: Galaxy Store - have to either give up privacy or give up security?

There is also another post about this topic with alot more information, please refer to this link for further comments or information as it is an older post about this issue.

 

https://us.community.samsung.com/t5/Note-9/Galaxy-Store-Now-Requires-Access-to-Contacts/td-p/646664

Reply
Loading...
Highlighted
Asteroid

Re: Galaxy Store - have to either give up privacy or give up security?

Thank you for pointing me there. I have seen that before and decided to make a new thread, because in that very thread the accepted solution is "there is no solution (now)". This was 14 month ago! - so either responsible persons do not get information from the forum other they just give a sh***t. It is still undocumented afaik why the Galaxy Store wants this permission in the first place and for a developer it would not take a lot of efford to make it optional, if the managers would give privacy a higher priority.

Reply
Loading...