As a longtime Android user with little hands-on time with iOS devices, the discovery that Path was uploading entire iOS device address books to their servers without confirmation or approval was shocking. I had assumed that iOS apps were almost entirely sandboxed, relying on things like Facebook connect style logins to join up with others playing online, not allowing address book access or the like, but apparently I was wrong.
The Android faithful have been thumping their chests over the fact that while nearly every Android application wants some form of your personal information in return for being free or nearly so, at least you have to OK this up-front before it is installed. And while some app developers understand concerns over this by listing why exactly their app needs these permissions, pride in this system of all-or-nothing permissions is for the most part misplaced. Almost nobody pays attention to these permissions just because saying no means saying no to the entire app. Dangle something shiny enough in front of the user, and they will sign all of their personal information away for it.
The Vergecast podcast this week had a flip observation that people shouldn't get so upset about this kind of access, that your personal computer's applications can read each other's data all they want without restriction, so why are you so upset that apps can do it?
Dark humor like this masks an important and fragile distinction between computers and smartphones. The computer is a general computing device that can be audited and analyzed to track traffic and activities to ensure an application is behaving appropriately. Smartphones, for the most part, not only can't be controlled this way but smartphone vendors and app vendors and the carriers themselves have a vested interest in keeping you from doing so.