I have read about the Contacts Provider API, but it is not clear to me how applications interactions are regulated. If an application stores contacts in an account specific to that application, can any other application given permission to access contacts still read the information of those contacts (i.e., of the other application)? Or does each application have access only to its own accounts and any contacts manually entered via the (default) Contacts application?
Yes, all data stored in Contacts Provider is visible to all apps with READ_CONTACTS permission and if the user has given the permission. From the official documentation of Android Developers - Retrieve a list of contacts,
Request permission to read the provider
To do any type of search of the Contacts Provider, your app must have
READ_CONTACTSpermission. [...]
This is why contacts apps can generally show multiple account types for the same person (e.g. Google, WhatsApp, Microsoft), and also why social messaging apps (e.g. WhatsApp) and social media apps (e.g. Facebook, Twitter, Instagram) can detect registered accounts based on phone numbers and/or emails stored in the Contacts Provider.
Q & A