The problem is - this is a contact list manager - so you would expect to give permission to this app to access your contact list.
Ideally apple has contact information for this developer, and, presuming the Developer violated some license with regards to what they can do with user data, Apple can now take legal steps against this developer.
But this is a contact list management application. It requires access to the address book. Any sandbox that would have been created would have allowed the application access to the contacts, even with the most stringent permissions.
Ideally apple has contact information for this developer, and, presuming the Developer violated some license with regards to what they can do with user data, Apple can now take legal steps against this developer.