Apple contacted John Paczkowski of AllThingsD:
“Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines,” Apple spokesman Tom Neumayr told AllThingsD. “We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.”
Again, here is the relevant portion of the App Store guidelines:
17 Privacy
17.1 Apps cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used
17.2 Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected
Enforcement from Apple in the approval process should have caught this long ago. However, I’m glad that developers were called out for violating the policy and that Apple will require explicit permission in the future.