In Xposed Framework of Android, I can give a fake permission that allow to read empty contact list. Do we (or manufacturer) need to maintain the trust between APP and OS?