I know a few years back, the scandals started that facebook was stealing a whole bunch of data from your phone and it just kept being in the headlines after that.
But now that I am more educated on privacy best-practices, I am a bit foggy on what the actual circumstance was. As far as I can tell, on regular Android and GrapheneOS, the permissions system is pretty granularized to the point where you can choose to give an app access to only specific data (such as Contacts, Calendar, etc) and even configure storage scopes.
Given that, what is the harm in installing Facebook and giving it access to nothing except Network and Notifications? I would understand that it can access phone specific identifiers (e.h. hardware identifiers) maybe (on regular Android) but no actual personal data, no? No contacts or call logs or anything no?
Or is the problem just that regular folks give it blanket access to anything it wants and then are surprised that it’s basically copying all there data?