Unfortunately, the permissions are rooted in the old server-centric UNIX model where users of the machine were generally trusted with all sorts of identifying information (eg ifconfig("8")). Those permissions were then augmented by a surveillance company, for surveillance companies (at least on the Android side).
When it comes down to it, even things like phone number, MAC, or current access IP address (as opposed to VPN egress address) are highly security sensitive information. There should be no way for apps to get access to these things, and if they insist on obtaining access, the ability to fake out that data should be the baseline of any modern OS.
When it comes down to it, even things like phone number, MAC, or current access IP address (as opposed to VPN egress address) are highly security sensitive information. There should be no way for apps to get access to these things, and if they insist on obtaining access, the ability to fake out that data should be the baseline of any modern OS.