Yeah, but then using apps would quickly descend into a horrible mess of deny/accept, confusing and scaring the user. The pop-up hell of windows would pale in comparison.

You'd have solved the problem, but created a horrible user experience instead.

Maybe I wasn't clear enough. I wanted to say that it's not possible to solve the problem by asking the user's permission because API does not allow you to ask for a permission to upload specific data (address book). So there is no way to prevent an app to upload your address book without totally preventing it to upload anything.