Allowing Apps to Access Your Contacts Remains a Glaring Privacy Violation

Will Oremus, OneZero:

When you join the fast-growing, invite-only social media app Clubhouse — lucky you! — one of the first things the app will ask you to do is grant it access to your iPhone’s contacts. A finger icon points to the “OK” button, which is also in a bolder font and more enticing than the adjacent “Don’t Allow” option. You don’t have to do it, but if you don’t, you lose the ability to invite anyone else to Clubhouse.

[…]

Granting an app access to your contacts is ethically dicey, even if it’s an app you trust. If you’re like most people, the contacts in your phone include not just your real-life friends, but also old acquaintances, business associates, doctors, bosses, and people you once went on a bad date with. For journalists, they might also include confidential sources (although careful journalists will avoid this). When you upload those numbers, not only are you telling the app developer that you’re connected to those people, but you’re also telling it that those people are connected to you — which they might or might not have wanted the app to know. For example, say you have an ex or even a harasser you’ve tried to block from your life, but they still have your number in their phone; if they upload their contacts, Clubhouse will know you’re connected to them and make recommendations on that basis.

I have previously written in passing about how invasive it is for apps and services to be able to vacuum up contacts. But I am not sure I have fully expressed how much of a catastrophe it is for privacy and consent.

In 2012, Apple began requiring explicit permission for apps to access a user’s contacts, after many apps — including Path and Foursquare — were shown to be uploading contact lists without users’ explicit knowledge or consent. The thing that has always bugged me about this arrangement is that there is no involvement in this decision from the people in the contact list.

Just because I have someone’s phone number or email address, that does not make it right to push that information into some app’s database. Likewise, when I give someone my contact details, it is not immediately apparent that they will likely, at some point, pass that along to a company that I would not elect to share that information with. And it isn’t just email addresses and phone numbers: contact directories contain all sorts of unique information about people, and it is trivial to merge identifiers to produce more comprehensive dossiers about individuals. This is not hypothetical; it is often marketed as a feature.

The permission dialog iOS presents users before an app is able to access their contacts is, in a sense, being presented to the wrong person: can you really consent on behalf of hundreds of friends, family members, and acquaintances? From a purely ethical perspective, the request ought to be pushed to every contact in the directory for approval, but that would obviously be a nightmare for everyone.

There are clearly legitimate uses for doing this. Allowing people to find contacts already using a service, as Clubhouse is doing, is a reasonable feature. It does not seem like something that can be done on-device, so the best solution that we have is, apparently, to grant apps permission to collect every contact on our phones. But that is a ludicrous tradeoff.

This is why it is so important for there to be strict privacy regulations — particularly in the United States. It should not be left up to individuals or businesses to decide to what extent they are comfortable allowing their users to violate the privacy of others. I do not think legitimate uses of contact matching should be banned; I think these features should be made safer.