I do not remember the circumstances behind how Facebook would steal user's data from their phones

I know a few years back, the scandals started that facebook was stealing a whole bunch of data from your phone and it just kept being in the headlines after that.

But now that I am more educated on privacy best-practices, I am a bit foggy on what the actual circumstance was. As far as I can tell, on regular Android and GrapheneOS, the permissions system is pretty granularized to the point where you can choose to give an app access to only specific data (such as Contacts, Calendar, etc) and even configure storage scopes.

Given that, what is the harm in installing Facebook and giving it access to nothing except Network and Notifications? I would understand that it can access phone specific identifiers (e.h. hardware identifiers) maybe (on regular Android) but no actual personal data, no? No contacts or call logs or anything no?

Or is the problem just that regular folks give it blanket access to anything it wants and then are surprised that it’s basically copying all there data?

The extreme data collection was before this time. I think the reason for granularizing the data was so that cross app tracking will be difficult.

The Facebook like, share, and login with facebook button on pretty much all the websites you visit will track and observe your web browsing habits and offer relevant ads. Also there is this

Also facebook can also potentially harm you in a way that was previously explained in the Nextflix documentary-drama Social Dilemma: