Out of principle, an app must not collect what it doesn't need. If the programmer thinks nothing sensitive should be in there, it's still not ok. Unrelated example because you mention the contact list - people who put passwords in there as phone numbers.

What really got to me though are notes. Notes! Of course no user should write "make that fat ass invest in us" in their appointment notes, but that is not how privacy works.