Interesting. What else can an iOS app get access to without permission? location? browser history? other installed apps list? emails? notes? pics? vids? music list? podcast list? itunes username?
Browser History: There is no way to communicate directly with what Mobile Safari stores.
Other installed apps list: Apps are sandboxed so it is impossible to know what else is installed. If you've developed one of the other apps you can share the same App ID which gives you access to the same storage space so you could create a flag to indicate one of your apps has been installed. Some apps respond to certain protocols so you can ask iOS if a given protocol will be handled and if it returns yes then you know the app is installed. Again because they are sandboxed you really can't do anything harmful and responding to the protocol only allows the other app to receive information, not expose it.
Emails: No, the only way you can do anything with email is prompt the user to compose an email.
Notes: Same as Mobile Safari.
Pics: You can display a popup to the user that asks them to select an image from their camera roll/iPhoto and if they select a photo you then get a reference to an object that represents the photo. You can't just search their camera roll.
EDIT: rbritton points out that with the AssetLibrary framework you can actually search through all pics/videos and for some reason it gives a location access prompt when you do. http://news.ycombinator.com/item?id=3563336
Vids: Same as pics.
Music List: You can get a list of every song in the users library without asking for permission:
Podcast list: Same as music list.
iTunes Username: To my knowledge there is no way to access this but I've never been asked to so I really haven't spent time looking. In theory because you can access the Address Book you could make a best guess at which contact is the user and then assume one of their emails is their iTunes username.
You can access the Picture/Video library since iOS 4. It does prompt at least once for location access (apparently since they can contain GPS metadata), but it does not mention anything about why it's asking for that location access.
Ah that would make sense. So that would mean that if you turn off location services any app could access your asset library without any prompt then. Good to know.
I can say for sure that iTunes username is not exposed. In fact, they won't even provide an opaque user ID, which makes correlating purchases through in-app purchase with server-side user accounts very frustrating. You can sort of fake it by correlating with a device UDID, but that is leaky and has a lot of edge cases.
