Giving apps access to your contacts may be unsafe, unwise and unethical
When using various apps on our phones, we are often asked to grant them permission to access our contacts. And sadly, too many of us tap “OK” or “Allow” without due care.
Look at it this way: it isn't your contact list. It is a list of other people's personal details. So, morally, you have no right to give that data to other apps without those people's consent.
Even though Apple and Android phones are now requiring explicit permission for apps to access user contacts, the problem with this approach is that there is no involvement in this decision of the people who actually are in the contact list and whose imformation gets shared.
The permission dialog for the access to contacts is shown to the wrong person. Nobody should be legally allowed to consent on behalf of all their friends, family members, colleagues and acquaintances. Ideally, such permissions should be on a per-use basis. For example, if you downloaded a certain app for communicating with a certain person, then the app should ask you to add the contact details only for that particular person. But, unfortunately, each app wants to grab the entire contact list, copy it to its servers, and then figure out at its leisure what to do with all that information.
When someone gives you their phone number or email address, they do not give you their consent to share that information with some app that they may never even heard of. Likewise, when you give someone your contact details, you would not want them to give your information to a multitude of other companies.
And it isn't just email addresses and phone numbers. Phone contact lists contain all sorts of personal information about people, such as birthdays, home and work addresses, social media accounts, portrait photos, family relationship indicators, and more, which gives unscrupulous and data-hungry corporations a perfect opportunity for linking personal identifiers and creating comprehensive dossiers on each individual, even if that person has never been their customer.
So, essentually, each of us is responsible not only for our own privacy and safety, but also for the privacy and safety of everyone we added to our contact list.
What you can do:
- Deny access to your contacts whenever possible.
Once you allow such access, the app can immediately upload the entire contents of your contact list to its servers, and from that moment onwards the owners of that app can store that data as long as they wish, share it with whomever they fancy, and use it for whatever purpose they like. Revoking this permission later will stop the access to the newly added contacts, but the data that has already been taken from your phone may remain at the disposal of the third party forever. So the safest way is not to permit such access in the first place. - Add only the absolute minimum of information to each of your contacts.
Avoid using full names for your contacts, and never add their date of birth, home address or facial photo. All this additional information can be copied by any app that has access to your contacts, and can potentially be used for extensive profiling, surveillance or identity theft. - Delete the contacts and other data that you no longer need.
- Have different email addresses and phone numbers. One for your trusted and responsible contacts, and the other one — for everything else.
- Use communication apps that are truly private, for example Threema.
- Ask your friends, family members and colleagues to be more vigilant about privacy.
Educate other people about the dangers of granting access to their contacts, and let them know that you do not want your contact details to be shared with anyone else. Explain to them why you care. You may need to be brave to be different. There are many naive and irresponsible people who don't care about their own privacy, and with it, compromise the privacy of their contacts too. When someone asks for your phone number, tell them that you would give this number only to them, not to every app they have on their phone.
You become responsible, forever, for what you have
tamedadded to your contacts.
People, please, if you care about the privacy of your loved ones, NEVER EVER add extra information to your phone's Contacts! And abstain from giving other apps access to your Contacts.
The best and most secure way is to use nicknames for people (not real names) and to add as little contact information as possible. For example, only phone number, or only email address. Don't add anything else there.
Many apps will ask for access to your Contacts under benign pretences, such as "to help you connect with your friends easier and better". But the reality could be very dangerous. Because when an app accesses your Contacts, it is not only looking at the phone numbers of our friends and family members. I can gobble up their full names, home addresses, dates of birth, photos (which means biometric data). It can also grab anything you added in the 'Notes' field; for example, account names, passwords, PIN codes, credit card numbers, or any health info that you may have added to your doctor's contact.
When you allow any app access your Contacts, it can send whole associated data to any third party in seconds, and you will have zero control over how, when and by whom in may be used.
So, next time any app asks for access to your Contacts, you should DENY. And only when you are absolutely sure that you trust this app, allow such access.
Danny, 18 March 2024