Thanks for the background; there's usually (not always, but usually:) details and sides and perspectives; it's scary how quickly we can all come to judgment based on single factoid which we integrate into our worldview and spin into something larger. Not to say I don't understand emotions and perception of unfair demands; but I'm grateful to know a slightly bigger picture.
Well read further about the background, in this case, that specific feature doesn't share the contact list, it just queries domain name. it's optional and anyone asking to show favicon for domain names in contact should expect to know that it's going to be queried in this way?
Also, Google didn't give that as the reason for the app being classified as spyware. So it's just the OP being contrarian by taking an optional feature, claiming it shares contact details when it in fact doesn't and everyone voting it up because it sounds reasonable.
Google may not have given the specific reason but isn't it a reasonable guess based on what they told the dev? It seems like it's what the developer thinks the culprit is too. His commit yesterday was to disable it for the Play Store version, and it included the comment of "Google doesn't allow favicons for privacy reasons".
Well, he's been stumbling in the dark and decided to try this but I don't think it's necessarily a reasonable guess. In hindsight, it's easy to look at this commit and see that as being the reason, but if I were the dev, it wouldn't be my first idea, especially since this feature has been there for a while and since it doesn't actually share contact details at any point, it's just a feature related to contacts that optionally retrieves the favicon.
Of course, if I were the dev, I'd eventually try and go through anything that touches contact and disables that to try and see if that solves the problem, but again that shows that Google doesn't communicate at all.
I think part of the issue is it isn't even clear to developers when (or if) the issue is fixed.
It seems that there is firstly no reason or clarification given. Then, it seems the process of reviewing an update can happen out of phase or sync.
That means there's a very weak "compliance oracle" to see if you've correctly identified the right issue or not. And with high latency, likely it will be difficult to find the right issue quickly.
Disabling everything isn't really a good solution in the longer term as a developer - Google needs to learn to communicate with developers via intelligent humans that actually understand what they're doing, and can have a discussion and help get the issue addressed.
Ah well, it seemed reasonable to me because that was one of M66B's first guesses too. His first comments about this publicly mention guessing that it's favicons, but I suppose he could have eliminated several other possibilities first.
I think almost everyone would be agreement that Google can communicate better.
