This issue is intrinsic to the security model of Android before Marshmallow.
If an app is going to be able to send a contact, share a location, make a phone call ... all these permissions need to be demanded upfront, which I understand can be scary.
You also need to keep in mind that nobody is going to use "secure messaging" if it's a pain to use. You obviously don't want to be copy pasting contact information in the app for instance.
I'm glad to see that Android is following iOS's permission model where permissions are only asked at run time.
If an app is going to be able to send a contact, share a location, make a phone call ... all these permissions need to be demanded upfront, which I understand can be scary.
You also need to keep in mind that nobody is going to use "secure messaging" if it's a pain to use. You obviously don't want to be copy pasting contact information in the app for instance.
I'm glad to see that Android is following iOS's permission model where permissions are only asked at run time.