It goes like this: Path and other apps—we don't know which—steal your contacts' information into their corporate servers without telling you about it. These apps use an address book service that Apple provides within iOS, which is similar to the geographic location service also present in the operating system that powers all the iDevices.
The difference is that the iPhone's GPS service requires you to actively approve that the app can access it. Apple's operating system asks you for permission every time an application wants to know for your location, not the app itself. This is a barrier that the app can't bypass. The security system is designed in this way so the app—which could be anything from a game to your typical free flashlight app—can't spy on you without you noticing it.
This works perfectly fine.
The problem is that the address book service doesn't use the same mechanism. It's free for the taking. This is where the privacy clusterfuck ensues. Some app developers—like Path did—are taking advantage of this weakness. The fact is that, at this point, any app can access your address book and steal all your contacts. Just like that. We don't know which apps may be doing this right now. That is a scary thought and Apple should have thought about it.
Source :
http://gizmodo.com/5885245/your-iphones-privacy-sucks-because-of-appleand-even-steve-jobs-agreeshttp://gizmodo.com/5885350/why-you-should-be-pissed-that-apple-lets-developers-take-your-contact-infohttp://www.engadget.com/2012/02/15/iphone-address-book-issue-prompts-response-apple-access-to-cont