Apple spokesman Tom Neumayr said, "Apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines.
"We're working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."
While Path was the first major app to be spotlighted with this behavior, on Tuesday, a number of reports profiled other apps with this type of behavior, including Foursquare. Path has since released an update requiring users to opt-in to sharing their address book with Path's servers.
Another well-known iOS app, Twitter, does ask for the permission of users before uploading their address books. That's all well and good, but then it stores that contact info for up to 18 months.
It's not the first such privacy furball on iOS. Last spring, a location-tracking file was discovered on iOS devices. After remaining mum for quite some time on the issue, Apple called it a "bug" and removed it with a software update.
Now it appears to be "fixing" yet another privacy bug. In this case, Apple had a long-standing policy against the behavior, but the company is finally doing what it should have done long ago: enforcing it in its APIs.