
Why has WhatsApp accessed my contacts 23,709 times? - kevindeasis
http://thenextweb.com/apps/2015/11/19/why-has-whatsapp-accessed-my-contacts-23709-times-in-the-last-7-days/
======
jc4p
Like others said, it's most likely using the phone's contacts as its primary
data source (which makes sense, you're encouraged to do this on Android so you
don't have segmented contacts in every app) -- This definitely reads like a
clickbait article from someone who has just enough rope to hang themselves.

The author's validity comes into question with how alarming the tone of this
post is, and how he gave the company a week to respond to a non-important
question then flamed them for not responding. His article on the Priv titled
"BlackBerry Priv review: One of the best Android handsets I’ve ever used" vs
Ars's post[0] on the same model from one of the more respected Android writers
which is titled "BlackBerry Priv review: Android fixes the OS, but the
hardware can’t compete" tells me all I need to know about this.

[0] [http://arstechnica.com/gadgets/2015/11/blackberry-priv-
revie...](http://arstechnica.com/gadgets/2015/11/blackberry-priv-review-
android-fixes-the-os-but-the-hardware-cant-compete/)

~~~
forgetsusername
> _The author 's validity comes into question with how alarming the tone of
> this post is_

What, exactly, is so alarming about the tone? I'd also be curious as to why an
app is accessing my contacts so often. There might even be valid battery-life
concerns.

> _and how he gave the company a week to respond to a non-important question_

It's important to the customer. I guess this is lost on the SV people who no
longer believe that people from the company selling you a service should
actually be accessible. But there was a time when if you had a question, like
"why is your product using so many of my phone's resources?" you could have it
answered. A week certainly isn't unreasonable, especially for a journalist.

> _tells me all I need to know about this._

Disagree with review; dismiss article? Do you think there's some kind of
agenda?

~~~
AndrewKemendo
I think the OP was insinuating that the writer is not technically competent
enough to be authoritatively evaluating technology to such a degree.

------
valverde
Because WhatsApp uses your phone book as the only way to interact with its
contact list. You can't add someone to directly to your WhatsApp contact list.

It could probably access it less often by only sending deltas, but that would
mean their servers would have to store your whole phone book. I don't think
that's any better from a privacy perspective.

Of course Facebook Messenger doesn't do the same, it has its own contact list
coming from Facebook.

~~~
tracker1
Yeah, but roughly every 30 seconds is a bit too much to access... it's one
thing to do so while actively using the application... it's another to run
these queries all the time, and that is simply ridiculous.

~~~
untog
Sure - but it sounds like programmer error, not the privacy violation that the
article makes it out to be.

~~~
aselzer
Wouldn't even call it a programmer error. Someone probably just implemented a
getContacts() function that gets called often in the background without saving
the data in a local database or caching - and why would you do anything other
than this for very marginal performance benefits, a rise in complexity, and
possible data sync issues?

Another app might access your contacts rarely but store them on their server
(Facebook!?). I definitely prefer the previous scenario.

~~~
NegativeK
I'm sitting at a desk, working on an app that uses the contacts book like
you're describing.

Your reasoning is spot on.

------
martinml
This seems a bit clickbaity to me. WhatsApp works directly on your contacts,
there isn't a remote roster like Facebook Messenger or Telegram.

So if any app were to access my contacts 23k times, I'd say WhatsApp is the
one app which could justify that.

~~~
joelthelion
23k means it's polling all the time, not just when you are using it. I think
there's no technical justification for this whatsoever.

~~~
SuperKlaus
Doesn't mean it's sending the address book to their servers 23k times, just
that the app needs to resolve phone number --> name.

------
SuperKlaus
I turned off "Contacts" permission for Whatsapp to see what happens and
immediately all new messages show up with numbers only, no names so it looks
like contacts are used for number to name resolution and not necessarily
uploaded to their servers.

~~~
morganvachon
And since it immediately switched them to numbers-only, it's not caching,
which explains why it polls so much. It's likely they didn't want any sort of
delay when opening the app, so they found a way to poll regularly without
impacting battery life significantly.

Sounds pretty straightforward to me, if that's the case.

------
terminado
Question: Is the app traversing the permissions boundary, AND uploading over
the network twice a minute?

or...

Is the app traversing the permissions boundary, and CACHING deltas on the
device, for a deferred, less frequent upload of detected differences within a
longer time period, perhaps phoning home once every 24 hours, to pass a
message that indicates no changes, or only the current diff, OR the complete
series of changes, even if there's no net difference, since the last upload?

Traversing the permissions boundary can trigger a counter, while traversing
the network boundary might be an independent permissions request.

It's not clear if the author of the article has insight into these
differences.

Both scenarios still have the same net effect on privacy, reducing the privacy
of the user.

The difference here, being a tradeoff in possibly some low-watt brief
increases in CPU load, and more expensive network/radio traffic, possibly also
affecting mobile data/bandwidth caps.

~~~
SapphireSun
I don't really understand how the privacy implications of the 23,000th access
are much different from the 1st except for grabbing the info of new contacts.
If you gave them permission to grab it from time to time, any access rate
above once a year is about the same.

~~~
OJFord
Completely agree. The access at the point when your directory is at it's
maximum (or multiple if you remove some) is just as intrusive as itself and a
million others.

And it's WhatsApp ffs, if you're concerned about it having your contacts what
on Earth are you doing with it.

------
webaholic
Is there any way to find this out in other versions of Android? I've been
experiencing severe battery drain recently and am unable to pinpoint to the
app causing it.

~~~
drdaeman
Xposed Framework + XPrivacy allows quite granular access controls and history
track of those

[https://github.com/M66B/XPrivacy#xprivacy](https://github.com/M66B/XPrivacy#xprivacy)

[http://i.imgur.com/mZC4RjE.png](http://i.imgur.com/mZC4RjE.png) (random
picture of usage history, found on net)

~~~
privacy101
Google should be required to give root to any user that request it for their
own device... (anyone should be able to get better control of their own
device). It would be easier to control crazy permissions.

~~~
bitmapbrother
They do. It's called the Nexus.

~~~
viewer5
Is my Nexus 5 pre-rooted?

edit: I don't really know a lot about this stuff, I was just trying to
understand the comment I was responding to. I think I maybe misunderstand
something fundamentally.

~~~
simoncion
> Is my Nexus 5 pre-rooted?

No, but Google has made sure that doing so is pretty trivial:
[https://wiki.cyanogenmod.org/w/Install_CM_for_hammerhead](https://wiki.cyanogenmod.org/w/Install_CM_for_hammerhead)

------
will_pseudonym
In an alternate universe: "Why isn't WhatsApp refreshing my contact list? I
updated the contact 30 seconds ago!"

~~~
kevindeasis
I actually have this problem. It's very annoying and the main reason why I try
to avoid whatsapp for talking to new contacts.

------
anotheryou
if you got a new contact in your address book you might want to send him the
first whatsapp message 30s later, so it better checks for new contacts all the
time...

If there is no listener for of some kind in the api (android system telling
all apps who want to know once there is an update), it will have to ask the
system over and over again.

~~~
diggan
Wouldn't it be simpler to just check for new contacts once you open the
application?

------
DominikR
The author of the article has every right to know what some company is doing
with the private information of the customer, but this doesn't mean he is
entitled to being explained the (technical) inner workings of the application.

If Whatsapp was a bad citizen in respect to battery life I would at least
understand why he is asking, but this is not the case.

What I am sure of: Whatsapp maps E.164 normalized telephone numbers from your
contact list to every contact in the phones address book.

The app probably queries you phones contact database just like the standard
phone or SMS app would do for every bit of information it shows.

------
jo909
Privacy wise it makes no difference if they read your contacts once a day or
once a minute. If the want, they have your contacts either way.

Actually this is a hint that they actually might not store your contacts
names, pictures, addresses etc in their own app, but only retrieve that
information to display it.

The way their web client works (it communicates with the smartphone app, not
with the whatsapp servers) is another hint that they might not even store your
full contacts on their own servers.

------
hoare
Would be an intetesting article if network traffic would`ve been tracked. The
difference between accessing the contact list in a 30sec intervall vs
additonally sending the gathered information to their servers is a huge
difference. Be it power consumption or traffic wise. Maybe its a mechanism to
prevent stand by mode? I made the experience that, if i turn on power save
mode i only recieve messages if i actively open whatsapp.

------
OJFord
This is stupid. Why am I more concerned about my privacy if WhatsApp reads my
contacts 23,709 times in 7 days, or just once? It's still got the same data
from me.

It does seem excessive; perhaps sub-optimal or even an accidental bug. But
certainly nothing for the media to freak out about..

Author's fear mongering is unwarranted.

------
gregcrv
But I remember paying for WhatsApp like $1/year, is it free now ?

~~~
koenigdavidmj
Free for the first year.

------
jgalt212
There's only really a story here if WhatsApp's access rate your contact list
demonstrably different pre and post the Facebook acquisition.

------
lucb1e
Not quite sure what the difference is between 1 access and 23 709 accesses.

~~~
cwilkes
Speculating here: by polling this often they will know exactly when you added
a contact. Because they are owned by Facebook they can then message back
saying that these two people are connected and then maybe show better ads.

They can also use it as a gauge to see how their advertising for whatsapp gets
used.

------
bitmapbrother
This number seems extremely suspicious and artificially high. It's almost as
if the BB DTEC application has no idea what data it's diagnosing. Given their
dubious claims regarding the implementation of grSecurity I'm inclined to not
believe these findings.

------
rasz_pl
thenextweb.com keeps auto scrolling up, and served me fullscreen javascript
popup, quality place.

------
hackaflocka
Because Facebook.

------
purans
Because it's owned by facebook :) I am sure they need to know your contact to
serve you ads!

------
teen
What a dumb article. That's like complaining your Caller app has accessed your
Contacts list too many times.

~~~
igorgue
Why dumb? I think the dumb one is you, see, 23K times, every 2 minutes access,
in what mind is that reasonable? Do you add somebody new to the contacts ever
2 minutes?

