Android 17 Testing Privacy-Focused Contacts Picker

Gregory Zuckerman
By Gregory Zuckerman
Technology
8 Min Read

Android is on its way to fixing one of the longest-standing privacy headaches. Evidence in new Android test builds suggests that a new Contacts Picker at the system level built into Android 17 will allow individual contacts and even specific contact fields to be chosen, giving users the option of only allowing an app access to selected ‘graphs’ of their address book instead of blindly opening up every digit and email on file. It’s a deceptively simple change with major implications for data minimization, developer ergonomics, and user trust.

Why Android contacts access permissions needed a rethink

They are the ones with which we go from 0% to 100%. If an app wants to suggest some friends, invite a few coworkers, or autofill a phone number, it must ask for permission to pull in your entire contacts database. Many apps do it for convenience, a trend that has long concerned privacy advocates who say least-privilege access should be the default.

Table of Contents
Android 17 testing privacy-focused contacts picker with selective sharing permissions

Android allows for a “pick a contact” legacy route; however, it’s fragmented across OEMs with inconsistent experiences. For starters, it generally only allows one contact to be selected at once because asking for broader permissions through the API would encourage developers to ask for too much data just in case of edge cases, leaving users without a way to restrict which elements, such as email or phone numbers, are shared.

This is important because contacts are some of the most valuable personal data on any device. Surveys by the Pew Research Center show that more than 70 percent of American adults believe they have little influence over how companies use their data, with address books a particular concern. And non-social apps, from delivery services to productivity tools, often ask for contacts in order to power referrals and sharing flows.

How Android 17’s new system Contacts Picker will work

The Contacts Picker is a new system component in its own right, comparable to Android’s Photo Picker. Rather than giving indefinite access, an app can call the picker and get a single snapshot of exactly what the user is picking. If you later change a contact’s info, the app will not see the updated info — killing passive tracking over time.

From a more technical perspective, Android 17 adds a new intent action specifically for selecting a contact, with the picker given higher priority than various OEM contacts apps. Developers will also be able to ask for multiple contacts in one request and narrow the data they’re asking for: if you just need phone numbers or emails from your contacts list, you can bubble up only that information during setup. That fits with privacy-by-design principles and should cut down on overcollection by default.

Compatibility, however, is part of the plan. Apps that are targeting older versions of Android should continue to reference the default contacts app on a device, ensuring there is no breaking change in user experience. Newly built apps can leverage this scoped picker. This approach makes migration easier and does not break existing integrations that depend on well-known intents/MIME types.

Real examples that demonstrate the difference in practice

Imagine a messaging app onboarding flow. Instead of requesting full contacts access to scan for matches, it can instead request only phone numbers for a few dozen contacts you select. A delivery app’s referral screen may allow you to share with two friends without ever revealing your much more expansive address book. For a handful of clients, a person’s email and name can be pulled in a work setting by anything from a CRM to a calendar app, helping businesses meet data minimization obligations under regulations such as GDPR and state privacy laws.

A smartphone displaying a Truecaller access request, flanked by two Android robot figurines, on a wooden surface.

The one-off snapshot is particularly poignant. It prohibits “quiet creep,” in which apps can learn about new relationships or job titles by frequently re-reading the contacts database. Recall the intention of the snapshot is to capture a moment, not preserve updated shared data unless you decide to explicitly share again.

What developers can take away for building better apps

Given broad permissions, people are a conversion graveyard: they frequently deny or flee during onboarding and churn when presented with privacy warnings. From an acceptance perspective, scoped pickers have historically been an improvement when you are only presented with a clearly bounded choice at the time of need. This was the path Google took with Photo Picker, and that play — much like the backport through AndroidX, clear guidance, and eventually policy nudges in Play (those last two to be filled in on the pragmatic play) — would have sped adoption here.

Field-level requests also help your compliance. If there’s a part in your analytics, retention, and consent models that only ever looks at (a hash of) a phone number for select contacts, audits become easier and your data surface shrinks. This can reduce exposure in a breach and the cost to operate and protect unneeded data.

Adoption across apps will ultimately decide the impact

There’s one caveat: the new picker won’t prevent an app from still asking for READ_CONTACTS the old way. To move the ecosystem, Google would probably have to push the picker as being the right way (with framework tooling and samples that are very strong) and, over time, tighten Play policies so broad contacts access is only given for use cases where there’s a good explanation and legitimate interests lie.

But even absent hard enforcement, the momentum could gather fast. Scoped pickers are simpler to reason about, reduce permission fatigue, and make privacy a first-class UX feature. If Google rolls this feature in with the same focus that it does with media access changes, Android 17’s Contacts Picker is potentially a game-changer for how apps can interact with one of your phone’s most precious sets of data.

Bottom line on Android 17’s privacy-focused Contacts Picker

Contacts Picker with Android 17 is the difference between taking a sledgehammer to a problem and using a surgical instrument. Be it the power of multi-select, field-level scoping, or one-time snapshots in a unified system UI, make people feel their address book is theirs — no longer some black-box thing — while at the same time giving developers a clean, state-compliant API to build social and sharing features. This, for once, is an all-too-rare win-win between privacy and product teams.

Gregory Zuckerman
ByGregory Zuckerman
Gregory Zuckerman is a veteran investigative journalist and financial writer with decades of experience covering global markets, investment strategies, and the business personalities shaping them. His writing blends deep reporting with narrative storytelling to uncover the hidden forces behind financial trends and innovations. Over the years, Gregory’s work has earned industry recognition for bringing clarity to complex financial topics, and he continues to focus on long-form journalism that explores hedge funds, private equity, and high-stakes investing.
Latest News