What’s New in Android 17: A Closer Look at Features

Android 17 introduces a system Contact Picker designed to keep your address book private while still letting apps get exactly what they need. Announced on the Android Developers Blog, the feature replaces broad contacts access with a guided, on-screen selection flow that you control, similar to how the system Photo Picker works for images and videos.

Instead of granting the sweeping READ_CONTACTS permission, apps can invoke the new Intent.ACTION_PICK_CONTACTS flow so you choose specific people and the precise data fields to share. It’s a direct response to years of overbroad permission requests that exposed entire address books to apps that only needed a phone number or email.

Table of Contents

What’s New in Android 17: A Closer Look at Features
Granular Access, Not All or Nothing: Field-Level Control
Works Across Profiles and Private Spaces
Temporary Access with Clear Limits and Expirations
Why It Matters for Users and Apps Across Android
What Developers Should Do Next to Adopt the Picker

A 16:9 aspect ratio image showing two mobile phone screens side-by-side. Both screens display a Collaborators interface with a search bar and a list of contacts. The left screen shows a list of favorite contacts, while the right screen shows a longer list of contacts with some selected. The background is a solid olive green.

Granular Access, Not All or Nothing: Field-Level Control

The Contact Picker enables field-level consent. If a delivery app needs to send an SMS to a single recipient, it can request just that contact’s phone number. If a collaboration app only needs an email address, it can ask for the email field without pulling names, notes, or addresses. You see what’s being requested in the picker and decide what to share, one contact at a time or in batches.

This is privacy by design. Rather than handing over your entire contacts database, you grant a narrow, auditable slice of data. Privacy researchers and groups like the Electronic Frontier Foundation have long advocated this principle of least privilege, and Google is now building it directly into the platform’s user flow.

Works Across Profiles and Private Spaces

Android 17’s picker also understands the realities of multi-profile life. It supports selecting contacts that live in other user profiles on the same device, including cloned profiles and private spaces. That means you can keep a separate work profile or a locked private space and still share a single, intentional contact from those areas without exposing the rest.

This cross-profile awareness closes a long-standing gap. Previously, juggling contacts across personal, work, and private contexts often meant over-permissioned workarounds or duplicated entries. Now the selection happens in one secure interface, with clear boundaries and no silent background scraping.

Temporary Access with Clear Limits and Expirations

Crucially, read access granted via the Contact Picker is temporary. Apps receive time-bound access to only the contacts and fields you selected for the task at hand. Once that window closes, the app cannot continue reading your address book or expand its reach without sending you back through the picker.

A side-by-side comparison of two mobile phone screens displaying a Collaborators feature. The left screen shows a list of contacts with a search bar and a privacy notice. The right screen shows a similar interface with a search bar, privacy notice, and a list of Favorites contacts, some of whom are selected with green checkmarks.

Developers can also set selection caps to prevent excess sharing, and users can select one or multiple contacts in a single pass. That combination of user control and developer guardrails reduces the risk of accidental data oversharing while keeping common workflows—like inviting a few friends to a service—fast and predictable.

Why It Matters for Users and Apps Across Android

Contacts are among the most sensitive data on a phone; they reveal your social graph and can enable phishing, spam, and profiling if mishandled. With Android running on more than 3 billion active devices globally, a platform-level fix has outsized impact. The new picker meaningfully reduces the attack surface by curbing broad permissions that many apps previously requested by default.

There’s a clear precedent, too. When Google rolled out the system Photo Picker, many apps stopped asking for full media library access because the targeted, user-approved flow was simpler and safer. Expect a similar pattern here: as apps adopt the Contact Picker, blanket READ_CONTACTS prompts should decline, improving trust without breaking legitimate features like onboarding, invitations, or account recovery.

What Developers Should Do Next to Adopt the Picker

Google is urging developers to migrate contact flows to the new API and request only the minimum fields necessary. Practical steps include replacing broad permission prompts with the picker intent, limiting selection counts where appropriate, and clearly explaining to users why a given field—such as phone or email—is needed at that moment.

For apps that operate across personal and work contexts or support private spaces, testing cross-profile scenarios is essential. The goal is a consistent, predictable experience where users always see the same trusted picker UI and never have to trade their entire address book for a single feature.

Bottom line: Android 17’s Contact Picker turns contact sharing from an all-or-nothing risk into a precise, user-directed action. It’s a small UI change with big privacy dividends—and a clear signal that platform-level, choice-driven permissions are the new default on Android.