Whenever you download an app from , you see an alert that explains what information that app will be able to access once you install it on your phone; for instance, the alert will indicate whether the app needs to access your contacts list, or connect to the Internet. An app cannot use any part of the phone that it does not have permission to access, and the developer sets these permissions when it first submits the app to the Play store.
While the providing of this information is a good idea in theory, it doesn't work so well in reality. According to Joe Keehnast, a product manager for Norton, very few people actually look through an app's permissions before installing it.
Even if you were to read through the alert, you may not come away with much information: The permissions list can be extremely unclear and unhelpful. An app can request permission to use my network connection, for example, but I'm never sure what it's actually using that connection for. Some security apps, such as , feature "privacy advisors" that can give you a little more detail as to why an app would request certain permissions. At best, however, that is a workaround for a larger problem. Even with the extra information from security apps, you never see explicit details as to why, say, a browser app wants access to your phone's SMS function.