Unless I'm mistaken, nothing would prevent a non-appstore app from reading the content of the address book directly without using Apple's APIs and thus going around this dialog box pretty easily.
So this protection would only be useful if you activate the more restrictive "Run Mac app store apps only" setting in Gatekeeper.
If what you are saying is correct, Apple would hopefully invalidate any developer signatures for those applications which are found to be maliciously accessing the address book. At least this would lessen the problem.