[cludwin]

Again since the article doesn't mention which app was malicious it's hard to say but when I looked up the wallpaper apps developed by "jackeey,wallpaper" I see the apps requiring the following permissions:

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_NETWORK_STATE

android.permission.INTERNET

android.permission.READ_PHONE_STATE

android.permission.SET_WALLPAPER

android.permission.WRITE_EXTERNAL_STORAGE

It seems strange for a wallpaper app to require internet access.

[Zak]

A wallpaper app is likely to need the ability to download new wallpapers. I'm not sure why it would need your location though.

[tvon]

It wouldn't need it, but it could be used to find wallpapers relevant to your location (photos).

[Tichy]

I must admit I didn't know that READ_PHONE_STATE includes browsing history. But I don't know what is the message shown to the user.

I have decided to not install apps that ask for too much several times.

Maybe another way to categorize the security rights is needed.