Your contacts data is one of the most sought-after pieces of information about you. Not to mention, it’s not just your data, you are retaining the private data of your friends, family, and business partners which comes with an ethical obligation to protect that information. Are you keeping your contacts data secure? Together, let’s discuss who’s after your contacts data and how you can best protect it.
Who Would Want Your Contacts Data?
Do you think that you’re not interesting enough for someone to want your data? Well, let me introduce you to the concept of data brokers. These are companies that compile data about everyone they can and resell it to anyone willing to pay. Data brokers are widely unregulated with little oversight about how they store and share the personal data they collect.
When thinking of data brokers, think of the typical “people search sites” you may have found yourself in if you ever searched your name online. However, data brokers also encompass companies providing information for background checks, tenant screening for landlords, credit checks for mortgages, targeted marketing leads, risk assessment for insurance, and more. This data is available to just about anyone willing to pay, so it can also be a boon for law enforcement, private investigators, lawyers, or stalkers.
Unfortunately, data brokers aren’t the only threat we have to worry about, there is also Big Tech. Giants like Google and Facebook aim to map out the social connections of everyone on the planet. Your personal contacts information may not be that interesting, but imagine the power of knowing everyone’s contact data. With this frame, it’s easy to see how massive scandals like Cambridge Analytica came to be.
Maybe you trust Google. You may think that they’re not really doing anything bad with our data and it’s all just a conspiracy theory. Ask yourself, do all of your contacts feel the same way? If not, then you still have a moral obligation to store their data securely. To learn more about why some people don’t trust Google, read my article here on the top real reasons you should care about Google tracking.
Limit Contact Permissions For Your Apps
The first, and often discussed, topic we should cover is the app permissions settings on your device. On Android, you should find this under “Privacy” > “Permission Manager” then find “Contacts” to see which of your apps have access to your contacts data.
Make sure the apps that are allowed to view your contacts all make sense. Do you see your messenger and your phone/dialer app? Good. Do you see your calculator or a random game? Big red flag, revoke the permission.
Also, look for anywhere you can reduce permissions to the bare minimum. Be a permissions minimalist. Instead of sharing your contacts with Facebook (or any app that shares data with 3rd parties) can you search for your friends manually?
Beware Of Proprietary Contacts/Dialer Apps
You may have seen a number of proprietary contacts apps popping up on iOS and Android app stores. There is Contacts+, Contacts Optimizer, Covve, Sync.Me, Truecaller, Drupe, and more. These apps offer various features such as finding duplicate contacts, warning you about spam callers, contacts syncing, etc.
Do not use these apps until you have thoroughly read their privacy policies. Many share your personal data with third parties and aim to map out contact networks just like Facebook and Google. Pay attention to what data they collect, who they share it with, and where /how it is stored.
Proprietary software, in general, lacks transparency. You have to trust the developers on their word of what happens to your personal data because we can’t verify it by looking at the code. This is why I prefer to use open source software and focus on open source solutions to protect your privacy throughout this site. With open source software, we don’t have to trust, we can verify.
Even if using one of these apps falls within your own threat model, think of your contacts. Do any of your contacts have heightened threat models? Would they be okay with you sharing their personal information with these companies? To learn more about threat modeling for personal privacy, check out my article here where I offer a ton of examples to help you determine your own threat model.
The Default Contacts App
I do think it’s possible to store your contacts securely using the default contacts app that comes with your phone by keeping the contacts locally on your device. This is good news for those app minimalists and those who could use those extra bytes of storage.
Now, most people don’t store them securely, they hand their contacts over to the Big Tech king that is Google. The biggest reason I find that people choose to do this is because they don’t want to lose their contacts if their device breaks or is lost, which is understandable.
There is a simple solution, however, which is to just keep backups. It’s easy to export a file with all your contacts and save it in a safe location. It’s less convenient, sure, but I honestly don’t think it’s much to ask.
I don’t recommend sending your backup file over email or any other insecure method to get it off your phone. Instead, get a micro-USB (or USB-C/Lightning) to USB adapter (one of these may have come with your phone when you purchased it) and transfer the file on a thumb drive, keeping it off the internet.
While the rest of this article is focused on Android, I wanted to briefly touch on keeping contacts safe on an Apple device for my readers that are iOS users. If you use an iPhone, I recommend that you stick with the default contacts app, but make sure that the data is stored locally on your device.
You’ll have to make sure that your contacts are not synced to iCloud. Go into settings and tap the panel showing your Apple ID, then tap on “iCloud” and you should be presented with a list of data that you can sync to iCloud. Hit the switch next to “Contacts” to turn off contacts syncing.
Apple’s default contacts app is proprietary, so we have to trust Apple a bit. However, I haven’t found any good, open source contacts solutions for iOS. I’ll be sure to update this article if I ever do.
If you want to use the default contacts app on Android, make sure that your contacts are saved to the device and not to your Google account. This means that only a local copy is kept, so again, make sure to create backups occasionally by exporting your contacts to a “.vcf” file and saving it in a safe place.
Where each contact is saved is controlled on an individual basis on Android, so go to each contact and select the pencil icon to enter edit mode. Here you can control which “Account” the contact is saved to. Select “Device” to keep it saved locally on your phone. In the main settings for the contacts app, look for “Default account for new contacts” and select “Device” to save new contacts locally by default.
- Already installed with Android
- Easily share contacts with other apps
- No dark theme
- Storage location managed by individual contact
Simple Contacts For Android
Simple Contacts (Google Play link, F-Droid link, source code) is part of a larger series of 16 apps by Simple Mobile Tools designed to replace the default apps providing the base functions for your phone. All the apps are privacy-friendly, open source, and provide matching, classic Android design with customizable colors. In addition to the contacts app, they offer a photo gallery app, calendar app, file manager app, notes app, and more.
Simple Contacts Pro is available on Google Play for $1. The free version is deprecated and is not recommended. If you use F-Droid, the pro version is available for free and still gets updates there. Consider donating to the developer if you go this route.
Check out my article all about F-Droid here if you haven't yet heard about this alternative Android app store for free and open source software.
- Keeps contacts in a separate database
- Customizable interface and dark theme
- Integrates with other Simple Mobile Tools apps
- Cannot share contacts with other apps
Open Contacts For Android
Open Contacts (F-Droid link, source code) is another open source, private contacts app that will let you keep your contacts locally on your device. With this app, your contacts will be saved in a separate database from the typical Android contacts, so other apps won’t be able to access them. It also includes a dialer and call log since your contacts will be limited to this app.
- Keeps contacts in a separate database
- Call log lets you see call history with contact labels
- Dark theme
- Cannot share contacts with other apps
Sync A CardDAV Server With DAVx5
DAVx5 (Google Play link, F-Droid link, source code) is not actually a contacts app, but an app that will sync contacts on a CardDAV server to your Android device. One of the easiest ways to set up a CardDAV server is to use Nextcloud. This is a great option if you need device-to-device syncing of your contacts and want to do it in a way that is still secure and private.
While setting up a CardDAV server through software like Nextcloud is pretty easy on the spectrum of self-hosting, it takes someone who is a bit more tech-oriented to set-up and maintain. Let’s just say I wouldn’t recommend this solution to my mother.
- Syncs any CardDAV server
- Not a contacts app
- Confusing for beginners or those who aren’t technically-inclined
Is It Safe To Save Contacts On Your SIM Card?
Before phones had substantial data storage, contacts were always saved on a small memory chip in your SIM card. This is the chip you insert into your phone to get cellular service. Its primary purpose is to contain the unique subscriber identity data given by your cellular provider which is used to interface with cell towers. Your phone may still give you the option to save your contacts onto your SIM card, though this is mostly a relic of the past.
Storing your contacts onto a SIM card just keeps a local copy, but I still recommend that you save contacts to your device instead. This is not for security reasons, but convenience. Contacts saved this way are limited in the number and types of information that can be saved. Unless you switch phones very frequently and want to use your SIM card to transfer your contacts to the new device I don’t see the benefit. Even then, it’s easy to import a local backup of your contacts data.
Write Down Your Contacts On Paper
In this digital age, sometimes we can easily forget how the world used to run without technology. When it comes to privacy, doing things the old way can often offer the simplest and most private solutions. In the case of contacts, we used to keep them on a piece of paper or in a small notebook.
Keeping your contacts on paper could be an ideal private solution for someone who isn’t comfortable using technology. It’s much more straightforward to keep a piece of paper physically secure in your home or on your person than securely saved on the internet. As with anything important to you, keep a copy in a safe place.
If you take away anything from this article, let it be to keep your important data stored locally where only you can access and control it. Once we start trusting third parties with our personal data, we often run into trouble from a privacy and security perspective. These third parties that hold lots of private data are constantly targeted by hackers and data breaches happen every single day.
Now that you’ve secured your contacts data, check out my article here on how to keep your private calendar data secure next.