Couldn't this be accomplished simply by creating apps that deal with contacts, photos, camera, etc. and then having users download and accept the permissions themselves.
For example, imagine that any one of the contact or calendar management apps where you "Allow xxxxx to access your contacts" was produced by the NSA under the guise of an innovative startup.
Not quite: for example, iOS doesn't allow apps to access the SMS database.
In light of recent leaks, it's still pretty obvious: think a repackaging of OTA jailbreaks (like jailbreakme from the iPhone OS 3 era) plus Foxacid.
You could make jailbreakme not display a dialog or install Cydia, and the user wouldn't notice anything except their phone got warm for awhile and has a newly opened port for SSH.
For example, imagine that any one of the contact or calendar management apps where you "Allow xxxxx to access your contacts" was produced by the NSA under the guise of an innovative startup.