Why apps want access more than they need?

[Guest BrandonMarkley]

In Android there are many apps that want more permissions than they need. I don't get that point.

For example, Google Play wants access to almost everything in my phone

This app has access to:
Device & app history
read sensitive log data
retrieve system internal state
retrieve running apps
Identity
find accounts on the device
add or remove accounts
modify your own contact card
read your own contact card
Contacts/Calendar
read your contacts
modify your contacts
Location
precise location (GPS and network-based)
approximate location (network-based)
SMS
receive text messages (SMS)
read your text messages (SMS or MMS)
Phone
directly call phone numbers
modify phone state
directly call any phone numbers
read call log
Photos/Media/Files
test access to protected storage
modify or delete the contents of your USB storage
Camera/Microphone
take pictures and videos
record audio
Wi-Fi connection information
view Wi-Fi connections
Device ID & call information
read phone status and identity
Other
read your social stream
read subscribed feeds
modify app ops statistics
force stop other apps
receive data from Internet
download files without notification
Read Google settings
read frame buffer
Modify Google settings
manage preferences and permissions for USB devices
Send broadcasts to Google Play.
retrieve app ops statistics
interact across users
write to your social stream
write subscribed feeds
create accounts and set passwords
run at startup
control flashlight
prevent device from sleeping
view network connections
use accounts on the device
close other apps
disable your screen lock
read Google service configuration
toggle sync on and off
draw over other apps
modify system settings
full network access
pair with Bluetooth devices
change network connectivity
access Bluetooth settings
send sticky broadcast
control Near Field Communication
connect and disconnect from Wi-Fi
read sync settings
control vibration

Why Google Play requires permission to things like Bluetooth settings, camera etc?

[Guest JamesSchneider]

You are right, but there are few things here

Google Play is the service that gives permissions to other applications. Hence, it requires all permissions so that it may give it to others. This list is actually the union of all permissions used by all vendor apps. For example: If I download Twitter from Google Play, Twitter needs permissions to many things including camera, so it is necessary for Google Play to have it's access.

However, it would be much better if these permissions could be depended on the user's confirmation i.e. there were Yes/No option in pop up

[Guest benali72]

The smartphone business model is that you carry a personal-data-gathering and tracking device on behalf of the vendor and various governmental entities. When you add an app, in many cases, you've extended those capabilities to the app. A sophisticated user can get around some of this information sharing, but only at the price of crippling the device's capabilities.

It's a little like FB. Sure, FB has "privacy controls" blah-blah-blah. But to anyone who's been alert, it's clear that FB changes these settings frequently just to ensure they're not of much use to most users. In fact -- if my memory serves correctly -- FB even lost a case that exposed their frequent privacy-setting changes as part of a purposeful strategy to deny users' privacy (see http://www.forbes.com/sites/kashmirhill/2009/12/17/did-facebook-break-the-law-when-it-changed-privacy-settings/).

Businesses and govts like this model for devices, hence all their slobbering over the coming internet-of-things. This article is pretty thoughtful about what that means -- http://www.theatlantic.com/technology/archive/2014/09/when-everything-works-like-your-cell-phone/379820/?single_page=true

[Guest JamesSchneider]

If you use pseudo names for social accounts and keep them separate then nobody would know the real you. Keep your online identity separate from the real you an you would have complete anonymity and privacy. Use these pseudo profiles in smart phones.

When you have to use your real email or anything, use your desktop PC.

[Guest AnnetteFinney]

If you use pseudo names for social accounts and keep them separate then nobody would know the real you. Keep your online identity separate from the real you an you would have complete anonymity and privacy. Use these pseudo profiles in smart phones.

When you have to use your real email or anything, use your desktop PC.

You are missing some pieces here,

1. Your IP address is traceable i.e. if someone looks at your IP history he will know the real you.
2. Your data is tracked by your ISP i.e. if someone have your data then there is no use of pseudo names in your case. 

The only way I can see to avoid this is an encrypted privacy proxy, a VPN proxy like https://www.ivacy.com 

[Guest EdwardSmith36]

There's nothing wrong in getting the complete access. In fact, they should remove all the restriction that they kept in some.