Yelp is a primary culprit. A lawyer for the company argued in a San Francisco court that the location and review service needed to access users' contact lists to identify other customers. The judge obviously disagreed, but noted that Apple allowed the privacy violation on its iOS devices in the first place:
“Fundamentally, this case is about whether Apple’s conduct and that of application developers violated community norms of privacy. A ‘reasonable’ expectation of privacy is an objective entitlement founded on broadly based and widely accepted community norms.”
The abuse of the “Find My Friends” feature occurred between a three year period, so there are lots of people -- ostensibly millions -- eligible for some kind of payout. However, no one should expect a windfall, since the companies have only agreed to amend the damage with a $5.3 million settlement to be dispersed in a customer pool. If you’ve been affected and are interested in compensation, you can check this unofficial claim Q&A.