The phone number and address book information is not stored by Maiar, it is processed locally and never leaves the user's phone. A one way hashing mechanism is being used when interacting with the user's phone number, as well as during the contacts matching process, therefore the user's privacy is protected.

To protect user privacy by preventing mass harvesting of phone numbers, the Maiar platform includes a service that obfuscates the information saved on the Elrond blockchain. The service is enabled by default for all Maiar wallet users.

If cleartext phone numbers were used as network identifiers directly, then anyone would be able to associate all phone numbers with blockchain accounts and balances. If instead, the identifier was the hash of the recipient's phone number, attackers would still be able to associate phone numbers with accounts and balances via a rainbow table attack.

The basis of the solution is to derive a user's identifier from both their phone number and a secret salt that is provided by the Maiar API. For each phone number a unique salt is generated by Maiar API. In order to associate a phone number with an Elrond blockchain address, the mobile wallet first queries Maiar API for the secret salt of that specific phone number. It then uses the salt to compute the unique identifier that is used on-chain.

Note: If you don't want those having your phone number on their address book to see your Maiar account and your wallet address you can toggle OFF: "Friends visibility" from Profile Info screen (Settings -> Privacy).

Did this answer your question?