there should be an easy way to control at the very least, general aspects of what an app can do when you install it. like hit a button to uncheck it from having access to txts or for browsing history or whatever. and what I mean by easy is built into android itself. not some rooted app. If the app cant function with certain permissions, it should either not run or you can just reinstall and check the needed permissions. Most apps have the exact same permissions checked anyways so its impossible to tell what it can actually do without some research. it really just makes the install page useless. Dont tell me what vague permissions a calendar app can do if it has the same permissions as, say, the facebook app.
Am I the only one who thinks this is annoying?
As a developer, I would say android OS is by far more insecure than ios. There are two reasons for this. IOS reviews the apps, android is a self publishing process. Second, the average user will not pay attention to permissions on install, and most users don't monitor "scary apps", or apps with a long list of scary permissions. This is a double whammy. Most developers rely on ad revenue, so users are accustomed to accepting internet permissions. It would be trivial to traverse the media database and send pictures/thumbnails over a socket connection. Users cannot view network traffic unless rooted, so you might as well assume its happening.