[tjoff]

Not that I think they do read their users text messages but they so deserve the backlash for requiring that permission.

And android needs some blame for not allowing their users to opt out of granting that permission (alt. forcing the app to ask for them every time they are used).

Apps that require too many/creepy permissions needs to be distrusted and this is the only way that is going to happen.

No. I'd never install the facebook, flicker, whatever app if they require access to contacts or sms and internet at the same time. I have sensitive information in my contact-list and I don't trust anyone that is foolish enough to actually ask for permission to read any of those, at install-time, with my data. Simple as that.

Make a "private" version of the app that doesn't require those permissions or no deal.

[snupples]

Why is Android to blame? The SMS permissions are clearly spelled out on the install screen. As you said, you can opt out by not installing the app (or not updating, in the case where a permission changes between versions). That said, there's quite a few apps I was interested in that I chose not to install after all once I got to the permissions screen.

If you think you should be able to line item veto app permissions, that's a different subject matter.

[tjoff]

Because apps stealing user data is a real concern and the contact list as well as sms can have sensitive data.

There are, after all, many legitimate reasons for having access to the contact list and there are many legitimate reasons for not wanting to share it. In android, as a developer, you have to decide whether you want a fully featured app or an app that respects their users privacy. You can not have both in a single app.

There is nothing that says you can't have both and doing so would be very simple. Android doesn't do anything to help so that's why android needs some serious blame for this.

Now people are getting used to ignoring the permissions (if all apps require everything, why bother?) making them quite useless. If this continues they could just as well just remove them (since the typical user wouldn't care anyway).

[snupples]

Well it's not exactly "stealing" when the app is forced to tell you upfront what it's going to "Edit SMS or MMS, read SMS or MMS, receive SMS". How more explicit can you be?

[tjoff]

As much stealing as if the waiter borrowing your credit-card at a restaurant decided to clean your bank account instead of charging for your meal.

But anyway, that is besides the point. The point is that google forces me to trust the waiter when there is no reason for it.

[snupples]

In Facebook's case I absolutely do not trust the waiter. I'm glad Google tells me what the waiter has access to.

[wladimir]

And android needs some blame for not allowing their users to opt out of granting that permission

I also wonder why this is not possible. The user should be the one to have the final say on the permissions an application gets, not the application.