"Shouldn't that be the approval of the person using it?"
I think there may be a misunderstanding here. I think what FB is saying is that if you submit an app to Facebook for use by Facebook members, then, if that app has a requirement for more data than name, photo and email, it will need further approval by Facebook before launch. Of course the end user can always refuse privileges to an app at the point of installation/use (at least in theory, eh?).