Comment by zzo38computer

Like you mentioned, it is a design decision of Whatsapp which is a problem, but it is a problem that might be avoided if the system is designed better. Furthermore, some things might be detectable regardless of modifying the system, including timing, and also things which have to do with the instruction set itself. A design which requires the permissions even for timing and all other I/O too (I consider timing to also be I/O), would help, I think.

Using proxy capabilities would allow you to make a "permission granted, user has empty address book" (or some subset of the data, or even made up random data) even if you do not have a empty address book, so that is what I think will be better. (Another way to do it might be to use a separate app for the address book, which does not use the address book in the system. This might work if the app cannot detect the presence of other apps.)