[panic]

The difference is that the data is on your phone, not Apple's servers (unless you back up with iCloud, but even then I believe it's encrypted). You can decide which apps to run on your device; you have no control over what Facebook does on its servers.

[donbronson]

Definitely a difference but there is a similarity in vectors of attack: The contact address book can be taken off the phone using the Apple SDK. Then, that data can be anywhere the developer wants to store it.

[valuearb]

It can only be taken off the phone if the user explicitly gives you access to it. And it’s just contact info, not an “attack vector”.

Are you really arguing developers shouldn’t be allowed to write address book utilities on iOS?

[jclardy]

This is non-issue. Do you really want a mobile OS where third party apps can literally do nothing? No contacts, photos, camera, accelerometer, gps, microphone.

Each one of those explicitly requests the users permission. Facebook would track you across the internet just using Share buttons on webpages.