Back in February, Apple got in trouble for hugely lax privacy restrictions that let apps steal your personal data, like contacts. In iOS 6, it looks like Apple's slammed the door on that behaviour, requiring apps to get explicit user permission before accessing your personal information.
Here's the exact language from the security section of the iOS 6 release notes:
In iOS 6, the system now protects Calendars, Reminders, Contacts, and Photos as part of Apple's data isolation privacy initiative.
Users will see access dialogs when an app tries to access any of those data types. The user can switch access on and off in Settings > Privacy.
There are APIs available to allow developers to set a "purpose" string that is displayed to users to help them understand why their data is being requested.
There are changes to the EventKit and Address Book frameworks to help developers with this feature.
What that means, basically, is that nothing you download will be able to, say, surreptitiously upload your whole photo album to its servers, or dig through every email address on your phone without asking you. You'll always be asked, just like Steve wanted. [9tomac]