I'm pretty sure this information is explicitly imported by the user in Adroid/iPhone/BlackBerry apps when he or she allows the apps to use profile pictures as contact photos.
I remember at some point when authorizing the installation of the FB BB App (well over a year ago) it mentioned something about needing access to contacts to work. I presumed this to mean for the local app not for them to suck them up into the cloud.
FB continues to lead the way when it comes to "it's in our TOS but don't go reading it because it won't match our marketing copy"
Same here on Android. The options were to add metadata like photos to contacts already in my phone, or to import my entire FB contact list into my phone (even if I didn't have them in my phone book). I chose the former.
At no point was it mentioned that they would be helping themselves to the rest of my contacts, to whom I have no connection to on Facebook.
I clicked through that same authorization step and it was very clear they were syncing your contacts to their service.
However, this is kind of irrelevant because 99% of users are not going to read this kind of a warning no matter WHAT it says and are just going to click through. They want their Facebook photos on their phone contacts dammit!
What I don't understand here is why everyone is so concerned at all about this. If you have an Android phone, Google has your phone book. If you have an iPhone, Apple does. If you back-up your computer to the cloud, they have it too. As long as none of them share it publicly, why do you care?
If Facebook was sharing your private phone numbers to the world or exposing who you had in your phonebook to people, I'd understand the outrage. But all they did was backup and sync your contacts which seems to me to be a service, not an offense.
