Irrelevant App Permissions
Mobile applications access many hardware components as well as data present on devices. Apps must do so to execute their functions. Users are asked to grant the required access permission(s) explicitly when an app installs. Giving access to the device hardware and data can have unwanted implications if used maliciously. Below is an example to understand the risk better.
A user is installing an application on a mobile device. The app does not need to read data from SD cards but still asks for permission. An attacker injects a malware into the app. The malware captures data stored in the device memory and sends it across to an attacker. The app already has access to the device’s storage components. As a result, the attempt to access the storage and steal data from it go undetected. Asking the user to grant the access would not have been possible, for it may hint the user that the application has been modified unknowingly.
Mobile applications won’t be able to execute a majority of their functions if not all when no permission is granted. The best possible measure is to ensure that an application requests only the necessary access rights. Users shall not root their devices unless needed, as rooting provides access to otherwise shielded data and capabilities.