Actually, when you install an application you accept the READ_PHONE_STATE permission. So you're explicitly giving them permission to take your phone number. This doesn't really apply to pre-installed applications, but there's really no argument that they're doing it without your consent if you download the application from the Play Store.
Actually, most of the time it's explained as being needed to determine if the phone is in a call. Which sounds perfectly fine - I'd like music to stop or games to pause on incoming calls.
The fact that "phone state" is mixed up with Phone Unique ID is terrible.
Well, not only if your phone is in a call, but also your phone number, device id and the number of the person you're connected to.
Read phone status and identity:
Allows the app to access the phone features of the device. This permission allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call.
And don't worry if your friend has the Facebook app and calls you if you don't have a profile. They can just search through your friend's contacts to associate your number with a shadow profile of you anyway.
The description is PHONE CALLS
READ PHONE STATUS AND IDENTITY
Allows the app to access the phone features of the device. This permission allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call.
I am sure that most users will not even read/understand that description.
If the user puts some effort into parsing it, they will understand it and what it means for their privacy. But most people will not put that much effort into installing an app.
Despite being perfectly clear to you and I, it is wrong to ask for these permissions at install time.
Imagine if every time you visited a web site you were given a list of 5 - 10 permissions requested by the website before you could visit.
I'm pretty sure it doesn't literally show them "READ_PHONE_STATE" and other permissions in enum form. There' s a heading and a description of what each permission entails.
