If you've spent any time with the Facebook Android app, you know that it requires a breathtaking number of permissions to install. The real genius of this is that the user's social connections are essentially held hostage in exchange for access to sensitive aspects of the user's device. Furthermore, most Facebook users are unaware that Facebook's mobile site actually performs better than their native Android app. In fact, if more people uninstalled the app and used the mobile site, they'd expose less of their sensitive data to Facebook and have much better battery life. The quality of their personal lives would likely also benefit from the loss of persistent interruptions in the form of inane push notifications.
If you're looking to follow in Facebook's footsteps, be careful not to put too many permission requirements in your Android app early on. Work hard to make your service ubiquitous to the point that it feels inevitable. Then and only then, the real harvest begins!
It's tough making sure you have access to all a user's data. A little clever scripting can go a long way here. Google conveniently lists all possible permissions on the Android Developer site, so why not automate the process? Well, you can do exactly that, just like this:
This script leverages the power of the Beautiful Soup python library to parse out every possible permission you could ask for. The script then outputs a manifest template that's a great starting point for your app. Keep in mind there are a handful of system permissions that the script picks up. Unfortunately, your app can't actually receive these permissions as a non-system app, so you'll have to manually remove them. I'm not going to fix this because I consider it a bug in the Android API that there are permissions that Facebook can't receive.