Path and Hipster both sent contact data to company servers in order to help users find friends who were also using the apps.
Both companies said they had now updated their apps to fix the problem.
But there is concern the practice may be more widespread. Hipster has called for a "summit" to discuss app privacy.
Path is a social media app which bills itself as "the smart journal that helps you share life with the ones you love".
Arun Thampi, a software developer, first drew attention to the issue with Path in a blog post after he discovered that his phone’s address book was being sent to the company’s servers without his permission.
The company has since apologised. "We made a mistake," Path chief executive David Morin said in a blog post.
"Through the feedback we’ve received from all of you, we now understand that the way we had designed our ‘Add Friends’ feature was wrong," he wrote.
According to the company, contact information was encrypted before being sent to its servers. However, Mr Morin said Path had now "deleted the entire collection of uploaded contact information from our servers".
Path updated its app with a feature which asks users whether they want the service to use personal contact list information.