Following a full week of drama about the unfettered access all apps have to iOS contacts, Apple has finally weighed in. Apple first reiterated its already-existing policy that apps weren't supposed to be accessing or uploading contact data without explicit user permission, "apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines." However, that policy clearly hasn't prevented a large number of apps from accessing that information, so Apple added that it intends to update iOS to require "user approval" for getting contact information:
We're working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.
The decision is a fairly obvious one and a good move to protect users private data. Apple already does a similar thing with location data, requiring apps to present an iOS system-level pop-up dialog box when they want to know your location. Unfortunately, Apple didn't directly speak to other private data on iOS like calendar information.