Android 17’s New Contacts Picker Protects Your Privacy

The upcoming Android 17 release is poised to introduce a transformative privacy feature: a system-level Contacts Picker that lets users share only specific contacts with applications, rather than granting blanket access to their entire address book. This change directly addresses a long-standing weakness in Android’s permissions model, which has historically forced an all-or-nothing decision for contacts access. Instead of providing an app with every contact stored on a device, users will be able to select individual entries to share, with the granted access being a one-time snapshot that does not update if contact details change later.

Currently, when an app needs to interact with your contacts, it must request the READ_CONTACTS permission, which provides complete visibility into your entire list. While messaging or social platforms may legitimately require this breadth of access, many other applications, such as those for sending invites or splitting bills, only need a handful of contacts. The existing system offers no middle ground, compelling users to either deny the request entirely or accept a significant privacy compromise.

There is an alternative method where apps can call upon the device’s default contacts app to pick a single contact, bypassing the need for the READ_CONTACTS permission. However, this workaround is far from ideal. The experience varies widely across different manufacturers’ devices, it only allows selection of one contact at a time, and it provides no control over which pieces of information are shared. Many developers have reported that this method is unreliable, often forcing them to fall back on requesting the full permission anyway.

Google’s solution, discovered in early Android 17 builds, is a dedicated system tool that functions similarly to the existing Photo Picker for media. This new Contacts Picker is designed to intercept standard contact selection requests but does so with enhanced privacy safeguards. Users can select multiple contacts in one session, and the requesting app will receive all available data for those chosen entries, such as names, phone numbers, and email addresses. Critically, this access is not ongoing; the app receives a static snapshot and will not be notified of any future updates made to the contact information.

Under the hood, Android 17 introduces a new Intent action, ACTIONPICKCONTACTS, which allows apps to directly invoke the new picker. This Intent supports additional parameters that let developers specify exactly what they need. For instance, an app can set a limit on how many contacts a user can select and can request only specific data fields, like just phone numbers, excluding other personal details. This granularity represents a major step forward for user control over personal data.

A key consideration is that adoption of this new method will be optional for developers. Apps can continue to request the broad READ_CONTACTS permission if they choose. For the Contacts Picker to make a substantial impact on privacy, widespread developer uptake is essential. Google will likely need to encourage this by backporting the feature to older Android versions through its AndroidX libraries and potentially updating Google Play policies to favor or require its use for certain types of contact access, mirroring the successful rollout strategy used for the Photo Picker.

If fully realized, the Android 17 Contacts Picker could mark a significant victory for privacy, giving users precise control over what contact information they share and with whom.

(Source: Android Authority)