At BlackHat DC 2010, I presented a paper called iPhone Privacy.
In this paper, I call the following Apple claim into question:
Applications on the device are "sandboxed" so they cannot access data stored by other applications.
In addition, system files, resources, and the kernel are shielded from the user's application space.
SpyPhone demoes it is not exactly true. It shows the kind of data a rogue application can collect in a non jailbroken iPhone.
These data do certainly interest marketers, spammers, thieves, competitors and law enforcement officials.