We’ve all been there: How many times have we downloaded a new social media app, only to have one of the sign-up steps ask for access to our contacts or address book? While on the surface the request seems innocent enough – the whole point of social media is to be social and connect with others – some apps may take that access too far, raising questions and both legal and ethical issues around personal data privacy and security.

Take, for example, the new, wildly popular, invitation-only audio chat app Clubhouse. One of the first steps the app requests of the user is access to her or his contacts. While not a required step, not granting access to contacts defeats the purpose of signing up for the service in the first place, as the app won’t allow the user to invite others to join in.

Many apps require access to features on one’s device to work properly: for example, without location access, ride-share services, such as Lyft and Uber, won’t work.

But granting access to one’s entire contacts address book – both past and present – provides the app platform usage rights in ways that the user may not always want to grant either willingly or unwillingly.

A recent article from One Zero unpacked the issues surrounding data-handling practices and provided several useful – and sometimes disturbing – examples of Clubhouse members who unwillingly offered access to their contacts, only to witness uncomfortable and sometimes embarrassing connections for the invitation-only app.

Many other social connection apps that have proliferated in the last year or two (especially in the light of the COVID-19 pandemic) use similar methods. Apps, such as House Party, GroupMe, Yubo, Hoop, Telegram, Discord, and Line, all use connection algorithms to suggest friends and contacts from the user’s address books.

The proliferation of these social apps presents tremendous business opportunities to platform developers. With those opportunities come responsibilities to develop a robust and transparent set of disclosures and disclaimers to ensure these apps maintain high levels and standards of data privacy for subscribers and those subscribers’ contacts, be they direct or indirect users.