Adamya Sharma / Android Authority
TL;DR Google is developing a new Contacts Picker tool for Android 17 to fix the current all-or-nothing contacts permission.
This tool will allow you to share specific contacts with an app, rather than your entire contacts list.
Access will be a one-time snapshot, and apps can request only the specific data fields they need.
Your device’s contacts list holds a treasure trove of sensitive data that many apps want to get their hands on. Fortunately, Android’s permissions system prevents apps from accessing your contacts without your knowledge. Unfortunately, it’s an all-or-nothing system: You either grant an app access to all your contacts or none of them. This is highly problematic because it forces you to grant many apps full access to your contacts even if they don’t need it. Next year’s Android 17 update could tackle this problem by introducing a system Contacts Picker tool that allows you to select specific contacts to share with an app, rather than giving it access to your entire contacts list.
How Android apps currently read your device’s contacts Every Android phone has a centralized, local database of contacts. The operating system guards access to this database to prevent apps from reading it directly. Instead, apps must interact with the Contacts Provider, a system component that provides APIs for retrieving or modifying information in the contacts database. To use these APIs, applications must hold the READ_CONTACTS permission to read data and the WRITE_CONTACTS permission to write it.
The problem with this approach, as I mentioned, is that it’s all-or-nothing. An app either gets full read or write access to your entire contacts list, or it gets no access at all. While messaging and social media apps might have a legitimate need to see all your contacts, many other apps only need to access one, two, or just a handful. However, because of how Android currently manages contacts access, these apps have no choice but to request broad permissions.
Mishaal Rahman / Android Authority
While the permission model is the most common method, there is technically another way for an app to access contacts. Instead of interfacing with the Contacts Provider directly, an app can use an intermediary — the system’s default contacts app — to read information about a contact. Since the contacts app already has full access to the contacts database, it can safely retrieve this information on behalf of other apps without requiring a new permission prompt.
However, this approach is riddled with flaws. First, there isn’t a single, unified contacts app across all Android devices. Although Google provides a reference app in the Android Open Source Project (AOSP), most manufacturers either create their own (like Samsung) or use Google’s Contacts app. This fragmentation means the contact-picking experience can be inconsistent, creating complications for developers.
... continue reading