Information from KDDI CORPORATION

Vulnerability ID:JVN#06212291
Title:Android OS Contacts app fails to restrict access permissions
Status:Vulnerable, investigating

This is a statement from the vendor itself with no modification by JPCERT/CC.