Convenience. That is, Facebook - and others, like Skype - tells new users that the easiest and quickest way to find your friends is to send them your contacts so they can cross-reference the users.
And that, including me not paying attention, is how all my e-mail contacts got an email from facebook where I invited them to FB. That wasn't the intent!
Interestingly, WhatsApp (and Telegram, and Signal) don't even ask and just upload all your contacts' phone numbers (this is before Android had the prompt "Allow this app access to your contacts?). It's very convenient, and also very sad.
Also sad is the fact that BlackBerry already had a fine-grained permissions systems pre-iPhone days, but it took iPhone and Android many many versions and years before they built such privacy controls (but yeah "We care about our costumer's privacy"
- Apple). And Google didn't even care about privacy back then I remember the Google Maps app for BlackBerry just prompts you "Please give us all the permissions we want or this app will just exit now." on startup, when you've denied it a permission or two.
Signal doesn't upload your contact's details anywhere. It hashes your phone number and sends that to a central service that knows which hashed numbers have Signal. Then it periodically asks that service whether hashes of contact numbers are in the list in order to decide whether to suggest Signal for them instead of unencrypted messages.
It turns out that some people genuinely are forgetful enough that if they told their iPhone Bob's number, email address and shoe size in 2016 and then in 2019 their phone finds out that phone number is registered for Signal, they will conclude that the phone must have learned Bob's details from Signal, which in turn stole them from Bob as part of some nefarious plan.
You can't do anything about this, it's like the Spam problem. If you send ten million very, very useful emails that are genuinely valued by every human recipient, hundreds of them will be flagged "spam" because Humans aren't very good at this sort of thing. They press the wrong button or they've been using "mark as spam" because they thought it's "mark as read" or they meant to mark the one below it, or above it.
Permissions to read text messages is another one that gets me. I know not many people use SMS as their primary communication but how can you be so astonishingly blasé about your data to save typing in a code?
Thankfully there is now the SMS Retriever API that lets you do this without having access to all messages, and the Play Store no longer allows apps that require this permission without SMS handling being a core functionality of the app.
And that, including me not paying attention, is how all my e-mail contacts got an email from facebook where I invited them to FB. That wasn't the intent!