Table of Contents
Get our free local reporting delivered straight to your inbox. No noise, no spam — just clear, independent coverage of Marblehead. Sign up for our once-a-week newsletter.
Or, how not to share your friends' private information.
You've seen the prompt. You download a new app like WhatsApp, or a restaurant finder, or even a flashlight, and within seconds it asks: "Allow this app to access your contacts?"
I am embarrassed to admit that even I have tapped on "Allow" without hesitating. For many years, I thought it was making the app more useful, and more efficient, ie, allowing access to my contacts would make it easier to find that person, or share things with that person, from within the app.
But here's what that prompt is really asking: "May we collect the names, phone numbers, email addresses, and sometimes birthdays and home addresses of every person you've ever saved in your phone? Yes, these are people who have never heard of this app and have no idea this is happening, but please allow us to view their details!"
When you say yes, that's exactly what is happening.
Why apps ask for your contacts
Sometimes apps ask to access your contacts for a legitimate reason. A messaging app like WhatsApp genuinely needs your contacts to show you which of your friends are already using it. That makes sense.
But many apps ask for contacts for reasons that have nothing to do with your convenience. They want the data. Your contact list is a remarkably rich set of information. It's a ready-made map of your social network, your family members, your doctors, your coworkers. For companies that build advertising profiles, do market research, or simply sell data to third parties, your address book is valuable in ways that have nothing to do with helping you order a pizza or find a parking spot.
And they don't just look at it once. In most cases, granting access means the app can read your contacts any time it runs in the background without any further notification to you.
The part most people never think about
Here's where it gets uncomfortable. When you hand over your contacts, you're not just making a decision about your own privacy. You're making it for everyone in your phone.
Your neighbor who's very careful about what she shares online; your doctor; your massage therapist; your adult child who uses a different name on the internet for safety reasons; your friend going through a divorce who is cautious about who knows her new number: None of them agreed to share their information with this app. None of them were asked. But now, their data--name, number, email, home address, birthday, the door code they programmed for you--just got swept up anyway because you innocently tapped "Allow full access."
Privacy researchers have a term for this: "the contact upload problem." It's one of the reasons regulators in Europe have pushed back hard on certain apps. In Europe, if an app asks for your contacts, the prompt must clearly state why they need it. If the app is irrelevant to the data being requested (e.g., a simple calculator or game asking for your address book), it violates European data minimization principles. In 2021, WhatsApp was fined €225 million (roughly $267 million) by the EU partly over how it handled contact data. Currently, there are no federal laws here in the US with regard to this problem. The burden falls on the consumer to both understand and manage what information one shares about their contacts.
What are the actual risks?
The risks aren't always dramatic, but they're real. Contact lists that get swept up by a company can be:
- Sold to data brokers, who aggregate information about people from dozens of sources
- Used to build "shadow profiles" of people who have never even signed up for the app
- Exposed in data breaches (which happen constantly, including at companies that seem trustworthy)
- Used to target your contacts with ads or scams based on the fact that they know you
That last one is subtler but worth knowing. If an app knows I'm in your contacts, it can infer things about me--who I might know, what I might be interested in, where I might live--even if I've never used that app myself.
What to do when the prompt appears
The default answer to this prompt should be: no, unless you have a specific reason to say yes.
Ask yourself: does this app actually need my contacts to do what I downloaded it for? A navigation app doesn't. A recipe app doesn't. A game definitely doesn't. A messaging app might, but even then, you can often add contacts manually.
If you've already said yes to apps you're not sure about, you can review and revoke those permissions anytime:
On an iPhone, go to Settings → Privacy & Security → Contacts. You'll see every app that has access. Tap any one and turn it off.
On Android, go to Settings → Privacy → Permission Manager → Contacts. Same idea.
Go through that list sometime. You may be surprised what's on it.
A different way to think about it
We tend to think of privacy as a personal choice, ie, something we manage for ourselves. But your contact list is a reminder that privacy is also something we hold in trust for other people. When someone gives you their phone number, they're trusting you, not every app you'll ever download.
Next up...
Using AI to your advantage, or, "How to keep your new AI friend in check."
