diff --git a/apps/contacts/ajax/addcard.php b/apps/contacts/ajax/addcard.php
index f15a1685840c541cbbc110b4e5ab8b3071228542..fbf5b57ae7cf6d20414ce1070f356653f7a0c1b3 100644
--- a/apps/contacts/ajax/addcard.php
+++ b/apps/contacts/ajax/addcard.php
@@ -34,7 +34,7 @@ OC_JSON::checkAppEnabled('contacts');
 $l=new OC_L10N('contacts');
 
 $aid = $_POST['id'];
-$addressbook = OC_Contacts_App::getAddressbook( $aid );
+OC_Contacts_App::getAddressbook( $aid ); // is owner access check
 
 $fn = trim($_POST['fn']);
 $values = $_POST['value'];
diff --git a/apps/contacts/ajax/addcontact.php b/apps/contacts/ajax/addcontact.php
index c39d75eff884c72e55ca036c89fc5b7d41c4fcef..9b4e68ac272b583aa37b4d53454329acf6d9afba 100644
--- a/apps/contacts/ajax/addcontact.php
+++ b/apps/contacts/ajax/addcontact.php
@@ -40,7 +40,7 @@ OC_JSON::checkAppEnabled('contacts');
 $l=new OC_L10N('contacts');
 
 $aid = $_POST['aid'];
-$addressbook = OC_Contacts_App::getAddressbook( $aid );
+OC_Contacts_App::getAddressbook( $aid ); // is owner access check
 
 $fn = trim($_POST['fn']);
 $n = trim($_POST['n']);
diff --git a/apps/contacts/ajax/deletebook.php b/apps/contacts/ajax/deletebook.php
index a89c00575e9fc8f15119b76080b9522bc6b2e867..d782c9dfb8d0bfc1a8698623d8d7f2c6625bfbfe 100644
--- a/apps/contacts/ajax/deletebook.php
+++ b/apps/contacts/ajax/deletebook.php
@@ -30,7 +30,7 @@ OC_JSON::checkAppEnabled('contacts');
 
 //$id = $_GET['id'];
 $id = $_POST['id'];
-$addressbook = OC_Contacts_App::getAddressbook( $id );
+OC_Contacts_App::getAddressbook( $id ); // is owner access check
 
 OC_Contacts_Addressbook::delete($id);
 OC_JSON::success(array('data' => array( 'id' => $id )));
diff --git a/apps/contacts/ajax/updateaddressbook.php b/apps/contacts/ajax/updateaddressbook.php
index 7d9e2aea917bc98d693fad7c4b33bec64cd2111b..d6c1ad179bb55a68002fd19f3cf1eb4954becf74 100644
--- a/apps/contacts/ajax/updateaddressbook.php
+++ b/apps/contacts/ajax/updateaddressbook.php
@@ -15,6 +15,7 @@ OC_JSON::checkLoggedIn();
 OC_JSON::checkAppEnabled('contacts');
 
 $bookid = $_POST['id'];
+OC_Contacts_App::getAddressbook($bookid); // is owner access check
 
 if(!OC_Contacts_Addressbook::edit($bookid, $_POST['name'], null)) {
 	OC_JSON::error(array('data' => array('message' => $l->t('Error updating addressbook.'))));
diff --git a/apps/contacts/export.php b/apps/contacts/export.php
index fc2aa86500fbd7c310b1227506eda25368063006..750d77bcac832d30b6cc65d8d0445959567d9b16 100644
--- a/apps/contacts/export.php
+++ b/apps/contacts/export.php
@@ -14,10 +14,6 @@ $contact = isset($_GET['contactid']) ? $_GET['contactid'] : NULL;
 $nl = "\n";
 if(isset($book)){
 	$addressbook = OC_Contacts_App::getAddressbook($book);
-	if($addressbook['userid'] != OC_User::getUser()){
-		OC_JSON::error();
-		exit;
-	}
 	$cardobjects = OC_Contacts_VCard::all($book);
 	header('Content-Type: text/directory');
 	header('Content-Disposition: inline; filename=' . str_replace(' ', '_', $addressbook['displayname']) . '.vcf'); 
@@ -27,12 +23,6 @@ if(isset($book)){
 	}
 }elseif(isset($contact)){	
 	$data = OC_Contacts_App::getContactObject($contact);
-	$addressbookid = $data['addressbookid'];
-	$addressbook = OC_Contacts_App::getAddressbook($addressbookid);
-	if($addressbook['userid'] != OC_User::getUser()){
-		OC_JSON::error();
-		exit;
-	}
 	header('Content-Type: text/directory');
 	header('Content-Disposition: inline; filename=' . str_replace(' ', '_', $data['fullname']) . '.vcf'); 
 	echo $data['carddata'];