Definitely a difference but there is a similarity in vectors of attack: The contact address book can be taken off the phone using the Apple SDK. Then, that data can be anywhere the developer wants to store it.
This is non-issue. Do you really want a mobile OS where third party apps can literally do nothing? No contacts, photos, camera, accelerometer, gps, microphone.
Each one of those explicitly requests the users permission. Facebook would track you across the internet just using Share buttons on webpages.
Are you really arguing developers shouldn’t be allowed to write address book utilities on iOS?