"Oh, it's reasonable that this app wants access to my text messages, that way when it sends me a confirmation code it can automatically read it."
"Oh, it's reasonable that this app wants access to my mic, maybe it will implement voice chat in a coming update."
"Oh, it's reasonable that this app wants access to my call history and whatnot, that way it can mute itself or pause itself when I get a phone call."
... oh, I guess it's reasonable that if I text, or talk with my phone nearby, about walnuts I'll start seeing targeted ads for walnuts.
It's getting better, too: Android's new permission model is more granular, like iOS's.
Oh, and one of the most invasive, the "Phone state", which includes unique IDs and called/calling numbers, is required by nearly everyone under the guise of "Needed to pause when phone call comes in". Which is either completely moronic (what, Android couldn't have a "getIsUserInCall" function) or just shows how busted it is.
It's the same on the web, most web sites aren't exactly malicious, they're just (maybe willingly) oblivious about what badness is in their ads.
But yep I garee it's all pretty busted.
It's not about "us" the HN readers. It's about everyone else, and that's what's scary.
Just because I'm a really good driver doesn't mean I won't get into a car crash.
I think it should have been that way from the beginning forcing app developers to handle cases where some permissions aren't granted. It makes for much better visibility when some data is used and to some degree for what.
One massive concern is the 'secret' second operating system that every phone carries on the baseband modem: http://www.extremetech.com/computing/170874-the-secret-secon...