Google Android applications require accepting privileges grant.
depending on application privileges vary.
certain programs require access to phone's features as calling others despite user's knowledge or user's will at user's cost.
other require writing or reading data, that also pose risk of data loss or change etc ...
generally every privilege is a risk, the less requirements application has the better, safer for user.
in theory data access could be split into more of more specific, detailed privileges but this requires more learning by users costing them time & perhaps sanity, at least to certain extent.
the less code the better.
i think that smartphones are so advanced technology (UFO in itself for me) that i don't have time of life to understand them completely, there are patches & versions updates as well that complicate matter, making it stressful race against time.
i've written software for android phone that is simple as possible, i've wrote it to not harm, i can't guarantee that someone didn't tamper with it afterwards, modifying it's behavior.
every piece of software on computer system or phone, etc ... poses extra threat to user.
we don't know how our software works, as it uses services of operating system & hardware that we do not understand fully, there are patches & updates as well.
sometimes software is hacked, but 'a top-down business decision' can also activate hidden features of a device as smartphone or computer system as well, for example code parts that breaks it or modifies behavior. because of software integration, communication & service design, perhaps more.
software can be quite selective as to what services or content it serves to certain people, for example there can be conditional instruction 'if' used with IP address of a computer system that decides what to serve certain user(s) when or if at all.
there are many more options as well.
i've wrote Mala Android Smartphone Software for counting Mantras or Prostrations.
i don't guarantee anything, feel free to use or not, at Your own Risk.