In order to download a song from Click.dj, you must sell them your Twitter account.

Say a map app allowed you to share a location with someone, or forward a set of directions to a contact. It needs "access" to your list of contacts to do that

Sounds innocent enough. But how do I know they aren't farming my contacts? Can I audit their source code? So I'm just supposed to take them on their word that they are "doing the right thing?" I mean, VW has proven that they don't even bother, why do you think this unknown company is going to do the right thing?

And no, it doesn't NEED access. I can copy a "share this route" from google maps on my desktop. That doesn't need access to my contacts, so your argument is specious and spurious.

Generally if they're doing anything nefarious, the truth will come out and they'll get shunned out of business, so they usually keep things above board.

Because? yea, maybe they get caught eventually... Most murderers get caught "eventually" but by that time the harm is done.

But there's usually an innocent enough reason for these permissions.

So if you wanted to get a malicious app on someone's phone would you:

a. present a well reasoned and seemingly innocuous reason for the need for "all" permissions a. come out and say "hey, this is malware and we want to steal all your information"

Option A seems like the path of least resistance to me...

It's still only when you want to do so, and they won't ever post automatically

Because?... You gave them carte blanche access to those abilities. Why do you think they won't abuse it? Because they'll eventually be outed as a bad company?

but they need the base permission to be able to even function.

Bullshit. In iOS you can turn off all permissions. Sure, some of the features won't work... but I don't want you tweeting for me anyway.

/r/mildlyinfuriating Thread Parent Link - i.imgur.com