But this is a contact list management application. It requires access to the address book. Any sandbox that would have been created would have allowed the application access to the contacts, even with the most stringent permissions.