Phones need better features to entirely prevent these things - so apps can't trick the user. I want no application to have access, something like Incognito mode for all apps basically. The permission dialogues are typically not very helpful to make a meaningful decision and apps don't function at all without certain permissions. So why not allow to "fake" contacts,storage,location,etc...
This could be done previously with on custom Android builds with XPrivacy (an XPosed module).
It worked quite well for a long time, but tended to be quite a burden to maintain through OS updates. Starting with Oreo or so it no longer worked, but there was another similar module that had much of its functionality.
It could even go as far as exposing a subset of your address book to an app. So, for example, when I wanted to use WhatsApp I could just show it the 3 contacts that I wanted it to see.
The operating system should sandbox every app and by default provide it fake data for everything. The user should say what they really want to allow the app to access.
I eventually switched to an iPhone and just don't install many apps.
iOS has a prompt before your address book/contacts are shared with any app and apps will always work without it (required by dev guidelines).
However note that this article is not referring to the Facebook mobile app accessing the mobile contacts -- this is about their service logging into a person's email service (like GMail) and downloading their email contacts.
Majority of apps are just spyware anyware.