Here's one of two stories we emailed July 26, 2021. Sign up for updates directly in your inbox.
When downloading mobile apps, allowing access to our contacts is almost second nature. Now, the consequences of trusting these products with such access is emerging after a number of Venmo users (including President Biden) found their entire contact lists publicly available on the internet. Unlike sharing location or browsing histories, contacts reveal sensitive information about personal, familial, and professional relationships — one therapist who uses Venmo for payments discovered all her clients’ information online.
Why do these apps need access to our contacts anyways? Companies use birthdays, addresses, or even who your banking contact is to target you with ads, get your friends to sign up for their product, or sell your data altogether (which some did secretly until Apple banned it). And if those companies don’t have the right protections in place, scammers can take advantage of the leaked information. To understand the access level these companies have, the Washington Post reached out to 30 different companies, a third of which didn’t respond. Those who did varied in how much detail they collected from names and emails to birthdays and images while others pointed to privacy policies that didn't actually answer the question.
Privacy experts say it’s time for mobile operating systems to update their practices, such as requiring apps to list exactly which contact fields they take, allowing users to specify which contacts they’re willing to share, or providing the ability to organize our address books into shareable versus non-shareable sections. Until then, there’s a number of ways to start protecting yourself.
- For iPhone users, go to Settings → Privacy → Contacts. You can then turn the slider off for any apps you don’t want accessing your contacts.
- For Android users, go to Settings → Privacy → Permission Manager → Contacts and follow a similar process.
- When apps ask you for contact access moving forward, be sure to evaluate if access is essential to the app’s functionality, such as messaging apps. Otherwise, tread with caution.
- More involved alternatives include getting a burner phone or alternative phone number with Google Voice.
- And if you live in California or Virginia, state law lets you force companies who already have access to your information to delete it (though some companies will still honor the request no matter where you live).
- Extensive coverage: Washington Post
- Apple ends secret sale of contact lists: Seattle Times
- Why apps ask for contact lists: Sydney Morning Herald
- How to protect your contacts: Washington Post