Why You Should Stop Sharing Your Private Address Book Data to Social Apps

It’s not even your data anyway

  • You should think twice before uploading your address book to any app that asks for it. 
  • Almost none of the data in your contact list is yours to give away.
  • Apple, Microsoft, and Google should offer finer-grained access to your contacts database.
Transferring contacts between a person holding a device and a virtual entity holding a virtual device.

pixtawan / Getty Images

Have you ever considered the privacy and security risks of uploading your contacts to any app that asks for them?

Next time an app like the new Artifact news app asks you for access to your phone's contact list, deny it. And if that app doesn't work without ongoing access to all that sweet personalized data (like Facebook's WhatsApp), then you should probably delete it and delete your account. Imagine that some stranger comes knocking on my door, and I tell them where you live, how old you are, your email, and so on. It's the same thing. 

"Apps and tech companies want access to our Address Book because it holds lots of valuable information, including the names of the people we interact with, their phone numbers, their birthdays, their address, their work phone number, their home phone number, any social media accounts they have, any websites that have, and other notes about them," Andrew Selepak, a social media professor at the University of Florida, told Lifewire via email. 

Treasure Trove

Your phone or computer's address book might be one of the most valuable data collections you own. At the very least, it will have a list of names with email addresses and phone numbers. For many people, you might have a home address, birthdays, and nicknames.

You might even have added their relationship to you for family members, so you can use Siri or Google to "remind me never to lend my car to my brother ever again" or similar. 

Two people standing together transferring contact information via their smartphones.

golubovy / Getty Images

And then there is the metadata that can be pulled from this set of contacts. First, it can be assumed that you know all of these people. If you're organized, you may even have them in groups for work colleagues, sports team members, etc. A company like Facebook can cross-reference your contacts database with all the other contacts lists it holds, creating a vast web of interconnected relationships. 

This is also what helps Facebook to build its shadow profiles. Even if a person never visited Facebook or signed up for an account, they will probably appear in the address books of many Facebook users, allowing the privacy-exploiting social media giant to build a profile anyway.

And none of the data in your contacts list—except for your own entry—is yours. That's all private information that others have trusted you with, and you're just giving it away. 

"You should stop sharing your address book with WhatsApp, Facebook, and other app platforms for two main reasons: first, because sharing your address book with these platforms makes it easier for them to collect and store your personal data; and second, because by sharing your address book information, you may be exposing yourself to potential security risks," Harmandeep Singh a cybersecurity expert at Westpac New Zealand told Lifewire via email. 


It's one thing for a company to use that freshly-harvested persona data to spam potential customers. But what about when that company enjoys its first data breach? If the address book data isn't properly secured, then every entry is a potential goldmine of data that can be used for targeted phishing, identity theft, and so on. 

Rotary contact organizer.

fortise / Getty Images

So, what can you do about it? The first thing is to never give any app access to your address book. The next is to let other people know about the risks because they have the power to upload your data. 

Perhaps you might ask people if they allow Facebook, Instagram, or another app to access their contact lists before giving them your contact information. 

But really, this problem won't go away until the platform vendors—Microsoft, Apple, and Google's Android—build it into their operating systems. 

"Apple and Android could shut this security hole by implementing stricter data sharing rules and regulations. They could require app developers to obtain user consent before collecting their address book information, and they could also require app developers to delete this information after a certain period of time," says Singh.

Instead of granting full access to all contacts, iOS, Android, macOS, and Windows should allow you to supply just one address book entry—your own—just like it can do with photos in your photo library. This alone would put up a barrier and raise awareness enough that people might stop giving away data that isn't theirs to give. Until then, you just have to keep your fingers crossed that nothing goes wrong.

Was this page helpful?