Yesterday Arun Thampi who is a developer in Singapore, discovered that the iPhone app Path had uploaded his address book to it's servers without his permission. You can read about his discovery here. Path has apologized and they released a new version which asks for your permission before they upload your contacts.
Path uses contact information to facilitate connections between Path users. Lots of people would not object to that use of their information, but they do object to the secrecy. Dustin Curtis wrote about this topic today.
I did a quick survey of 15 developers of popular iOS apps, and 13 of them told me they have a contacts database with millons of records. One company's database has Mark Zuckerberg's cell phone number, Larry Ellison's home phone number and Bill Gates' cell phone number. This data is not meant to be public, and people have an expectation of privacy with respect to their contacts.
He puts the blame squarely on the shoulders of Apple for allowing IOS apps to access a user's entire contact list without requesting permission. The Android requires user permission.
I don't want to start a panic situation. But I agree with others that this is a conversation Apple users need to be having with Apple. Apparently this came up last year with a chat application called Kik. Kik never changed the terms of service in that dispute, and in the article I linked, they state that harvesting the contact information was "probably against Apple's Terms of Service". Now we see that it isn't, and since Dustin Curtis points out that the developers are keeping secret about this situation, I think we need to shed light on it.
This is Apple's product feedback page. In order to keep the light shining though, it might be useful to ask the questions in a public forum like Twitter (@apple) or Facebook.