I’m late on this. But from All Things D last week:
[..] soon, apps that use address book data will require explicit user permission to do so.
This doesn’t fix the Thing That Actually Happened, it’s just a sop to people who want to see more gratuitous security. Merely gating access to the Address book doesn’t distinguish properly between Path’s “We’re going to send your entire address book to our servers and store it forever” friend finder, and Marco’s “I just want to make sure a particular contact isn’t already in your address book, and wouldn’t dream of sending anything to my server” Read Later contact install process. Even post-fix, the Path blog post doesn’t make it clear if they’re still going to store my address book (assuming I send it to them again) for all time or not, or how much contact information they’re sending.
This fix might even make things worse. The new version of Path shows a dialog box explaining roughly what they’re going to do with your data before requesting address book access. Once Apple have a gate in the way, are they going to put up two redundant dialog boxes? Or will they drop the helpful one and leave up a single “Path wants access to your address book but I won’t tell you why” confirmation?
It’s not access to the data that needs guarding. It’s what the apps do with the data. Of course, a technical solution to this problem is probably impossible. I’m just bitching.