Re: Ouch
So back to the original point - any downloadable apps should be sandboxed and have no access to anything like contacts
.. which is why I would very much like to see the iOS approach to permissions come to Android. In iOS, access to user data such as contacts, calendar, location, microphone etc is by default off and users have to give permission for each such resource the first time it's used before a new app has access. In addition, apps are not permitted automatic access to resources that could be abused to create costs such as making phone calls or the whole SMS subsystem, but that is a two-edged sword because that also makes it impossible to create secure SMS apps for iOS (in case you'd want to).
In addition, you remain in control over those permissions - you can still switch them off again later. Of course, apps such WhatsApp will then refuse to start up because I assume their main job is to export personal data such as your address book, but then you know at least what it's doing.
If Android would take over that approach it would go some way towards making it safer.
Biting the hand that feeds IT
