So instead of finding someway to block or spoof a developer telling you they need different permissions, you'll wait around until some hacker breaks into your shit feeling like you beat the system?
In an imperfect system, you end up with imperfect solutions.
This is a tradeoff. Do I accept the developer demanding access they do not truly need, or do I accept the risk of a hacker gaining access to my phone through the developer's application?
If a hacker gains access to my phone through the developer's application, what do they gain access to? At the maximum (hopefully! unless they springboard to another hack and pwn your whole phone or other applications) they have what the application has access to.
Attack surface management is a lot more complex than just "always stay on the most latest shitware that the developer can shove down your throat"
This is a tradeoff. Do I accept the developer demanding access they do not truly need, or do I accept the risk of a hacker gaining access to my phone through the developer's application?
If a hacker gains access to my phone through the developer's application, what do they gain access to? At the maximum (hopefully! unless they springboard to another hack and pwn your whole phone or other applications) they have what the application has access to.
Attack surface management is a lot more complex than just "always stay on the most latest shitware that the developer can shove down your throat"