Skype, WhatsApp, and Yelp have accessed my contacts list data thousands and times, and none of the companies are sure why.
The companies -- Microsoft, which owns Skype; and Facebook, which owns WhatsApp; and Yelp -- were all unable to explain why their apps had accessed the contacts list in my Android phone so often.
BlackBerry's Priv, the smartphone maker's debut Android phone running "Lollipop" 5.1.1, comes with an app, dubbed DTEK, which monitors and notifies users when data has been accessed, when, and for how long, including a user's location, contacts, text messages, camera, and microphone. It doesn't, however, actively mitigate an app from accessing the data in the first place. Out of the various common, widely-used apps on the phone, Skype is the worst offender, reading hundreds of contacts at a time every few hours, according to the app.
Over three days, Skype accessed my contacts list 3,484 times. WhatsApp wasn't much better, accessing my contacts list a total of 2,449 times. (Both figures were accurate at the time of writing.) Yelp, on the other hand, was far lower, yet still significantly higher than any other app, accessing my contacts list 165 times.
Skype, WhatsApp, and Yelp all have wide access to the Android devices they're installed on, as well as iPhones and iPads -- including cameras, microphones, and more -- but also crucially, contacts. But don't be surprised: both Skype and WhatsApp require access to your contacts list so they can call and message people. Yelp also accesses your contacts list to see who else uses the app, and to see who is nearby. Uber, for example, accesses a user's location hundreds of times in a single trip, but at least you know why -- it's mapping your location in real-time on your mobile screen.
That's not the problem. Your contacts list isn't just sensitive to you, but it's also personal information for everyone else on that list. Uploading that data literally thousands of times in just a few days seems more than excessive. By comparison, Facebook Messenger accessed my contacts list 78 times, Pinterest accessed it 11 times, Dropbox accessed it 8 times. Instagram, which is also owned by Facebook, accessed my contacts list just 3 times.
It's not clear if the apps simply access the data, or if they upload the data to its servers. Skype and WhatsApp upload data to their servers to match users of the service, but also to periodically check another user's data, such as if they are online. In fact, a Skype spokesperson said (moments after this story was first published) said almost exactly that.
"Skype will update your phone book frequently to maintain an up-to-date list of Skype buddies as well as information about their status. Skype will keep checking throughout the day to update the phone book as each buddy's status changes," the spokesperson said. Yelp also uploads contact list data, too -- though, it now warns users after it was found to have uploaded users' contacts data to its servers without their permission.
On the bright side, the uploaded data barely touches a phone owner's data plan -- amounting to just a few kilobytes of data, according to the DTEK app. After numerous requests for comment to Facebook, the company did not return any emails or calls. A Yelp spokesperson confirmed that its Android engineering team was looking into the situation, but had no firm answers at the time of writing.
Yelp said that its app "does access people's contacts to find their friends using Yelp, but we only do so with explicit permission from the user to access the contacts -- and we don't store that contact information." Clear as mud, then. What's probably a benign reason -- bad coding, for example -- it looks sinister without a valid explanation. But for the fact that particularly since some of these companies -- notably Facebook and Microsoft -- have come out in favor of privacy in the wake of revelations about government surveillance, you would hope that they would be a bit more willing to explain what's going on.
Nowadays one of the most popular tech phrases is Big Data. Data collection and its further processing open new possibilities to third parties: from intelligence services to hackers. The collection of users’ contacts list leads to de-anonymization (at this some apps don’t even give users choice!). Collected contacts’ network is merged with data from social networks and Internet, and here you go – user’s personality is identified. Then it is possible to track communication activities of the person.
We are responsible for protecting our private information and no one else. SafeUM messenger is a solution that keeps your communication private. Your steps:
1) sign up using only login and password (without mobile phone number or email; stay anonymous);
2) disable “Send phone contacts” option on the second screen of SafeUM settings.
That’s it. Your data is yours. We won’t share your data with third parties. We just don’t have your data.