It’s not really a secret, per se, but there’s a quiet understanding among many iOS app developers that it is acceptable to send a user’s entire address book, without their permission, to remote servers and then store it for future reference.
(Via Matt Gemmell.)
I know a ton of developers, and I’ve never, ever heard this. I wouldn’t do it. I’d be shocked if any of my friends would do it. If I had to quit a job over this, I would.