But users might actually read the developers' explanations, in which case they would need to be true. If no 3rd-party verifies the permissions explanations before the app is released, then the only value is as a legal agreement between the developer and end-users. I would expect that to devolve into a 30-page EULA per app ... which has already happened, for many apps.
@ck2 is performing as thorough of a verification as possible without source code access. If I were a malicious app developer, however, I might program my app to wait a week before transmitting any user data.
@ck2 is performing as thorough of a verification as possible without source code access. If I were a malicious app developer, however, I might program my app to wait a week before transmitting any user data.