I really think Android should add another layer of protection here, similar to the "This app wants to use your location" prompt in iOS. I'd like to be able to install an app that might need to access my phonebook in some use case but be able to deny it when it attempts to access that information when I don't want it to.
For example, I'd want to be able to use the facebook app and many users might even want to have it scan their address books in order to find friends. However, if the app attempts to read my address book when I'm just checking someone's status update that is clearly not okay and I want to be able to block it.
The free pass to pillage my phone upon installation doesn't sit well with me.
> I really think Android should add another layer of protection here, similar to the "This app wants to use your location" prompt in iOS
Most definitely. This has always been my argument against the whole system: installing apps that need excessive permissions is basically blackmail. Just like "Do you agree to the terms of service?", you hardly have a choice. I was very surprised to see people not even glance at the permissions before clicking Accept.
But as I said, it's blackmail anyway whether you look or not. You don't want them to have all your contacts, your exact location, all data on your sdcard, and full network access? Fine then, you won't get [whatsapp] (or pretty much any other app), that what everyone else has and that you're almost socially obliged to have (at least in my age category).
It even goes so far that the android user has no permissions to use the permission manager to deny or allow permissions for apps. There are commands ("pm grant x" and "pm revoke y") that lets you change apps' permissions... but you can't use it by default, even as root ("java.lang.SecurityException: Neither user [your uid] nor current process has android.permission.GRANT_REVOKE_PERMISSIONS"). It's totally messed up.
On a rooted android phone, it is possible to install apps but not give the the permission. Of course, that usually means they will crash then they try to do something, but it gives you a layer of protection if you want to try the app out or something.
For example, I'd want to be able to use the facebook app and many users might even want to have it scan their address books in order to find friends. However, if the app attempts to read my address book when I'm just checking someone's status update that is clearly not okay and I want to be able to block it.
The free pass to pillage my phone upon installation doesn't sit well with me.