[bri3d]

As I posted on a Facebook note from a communications representative at Facebook linked by veyron [0], Facebook, Flickr, and "others" could mitigate their "poor journalists write poorly-researched stories about us" problem by not contributing to Android permissions creep.

If Facebook asks for the SMS permission but doesn't actively use an end-user's messages, the end user is eventually more likely to accept a malware application that asks for SMS permissions and then silently steals their messages. Requesting feature permissions that aren't used visibly is terrible practice.

I think Apple got this particular policy right: their review process screens apps to make sure that visibly requested information is visibly used for something in the application, preventing every application from asking users for every bit of their personal information just to launch the app. In my experience the actual execution of said policy is spotty and inconsistent like the rest of the review process, but the idea is sound.

0: https://www.facebook.com/note.php?note_id=10151330596285363 via http://news.ycombinator.com/item?id=3637869