[decisiveness]

I could be wrong, but without a real explanation, it seems more likely Uber is still convinced analyzing customer behavior in the most personally invasive ways is worth the risk, and were testing the waters, hoping a response like the OP's wouldn't gain traction the way it did.

In a company with thousands of employees, already scrutinized for privacy violations, it's hard to believe that a single engineer could ask for the most sensitive of permissions without anyone else reviewing or bumping up the chain first.

[makeramen]

You're right that we have a very strict review process for added permissions, but unfortunately due to the way libraries and Android's manifest merger work, this change managed to slip through our standard review process. We're definitely going to add stricter enforcement to make sure something like this doesn't happen again.