You don't even need wireshark for that. When you install an app on Android, it displays the list of permissions that the application is requesting. One of the possible permissions is "Read Contacts". If you've installed an app that has "Read Contacts" permission, then ...err.. it can read your contacts db. If the app also has "Internet" permission, then yeah, it probably could zip up your contacts DB and push it out somewhere.
However, if the app doesn't have "Read Contacts" permission then there is no way for the app to access your contacts db, and so reason to worry about it sending your contacts db to someone.
Or course, most apps do request "Internet" permission, so I suppose those apps could be scraping up some info they do have info to and sending that out to a 3rd party. :-(
I don't want to know if my apps read my contact db, I want to know when and how much they read it. I do not trust them to tell me this. So, wireshark it is.
Also why would you ever criticize recreational protocol analysis? Especially on here.
However, if the app doesn't have "Read Contacts" permission then there is no way for the app to access your contacts db, and so reason to worry about it sending your contacts db to someone.
Or course, most apps do request "Internet" permission, so I suppose those apps could be scraping up some info they do have info to and sending that out to a 3rd party. :-(