[Zarel]

But what's the real answer?

Imagine my friend writes down my phone number in his iPhone's contacts list, and then installs an app – let's say some random game. The game asks for permission to access contact info, which my friend grants because he's careless. The game steals contact info and does various nefarious things with it.

In this analogy, Facebook is Apple, and Cambridge Analytica's app is the phone game. I don't think there's a good solution to this problem, except to make it harder for third-party apps to access contact information, which both Facebook and Apple have been doing.

[jschwartzi]

Or make it illegal to harvest this type of information without express consent from the first party. Meaning that in order for the game to gather the contact info it must ask everyone in your contacts list if it's okay.

It doesn't stop your friends from oversharing but it creates a contract between you and the party requesting your information so there's now some legal recourse for how they use your data. And if the law creates liability for app distributors to ensure apps follow the law then Google and Apple are now on the hook for allowing violations.

[Zarel]

So then would it be impossible for me to write down your phone number in my phone, without my phone's contact list app asking you for permission first? That seems kind of excessive.

[jschwartzi]

In my first post above I am arguing against this. So no.

What I am arguing for is that it should be against the law for third party apps to copy your contact details from someone else's phone without your permission.