android.permission.READ_CONTACTS

Risk Level: HIGH

What does it do?

Grants access to your full contact list, including names, phone numbers, emails, and sometimes addresses and photos.

Why is it dangerous?

1. Privacy Violation: Your friends’ data is uploaded to spam lists.
2. Social Engineering: Scammers use real names of your family members to target you (or them) with convincing phishing attacks.
3. Financial Fraud: Fake loan apps harass your contacts if you miss a payment.

Legitimate Uses

• Social Media apps (to find friends).
• Communication apps (WhatsApp, Signal).

Verdict

Deny unless the app’s PRIMARY function is communication.