> If they forgot to add "read contacts" in their application manifest, then the code that tried to read the contacts would ALWAYS fail. Even on the simulator, which is rooted.
I meant the Android OS developers (which is what happened with iOS here), not the 3rd party developers.
String READ_CONTACTS Allows an application to read the user's contacts data.
String WRITE_CONTACTS Allows an application to write (but not read) the user's contacts data.
So yes, if they HAD forgotten, then Android would have the same security hole. But it doesn't, because they took security seriously.
I meant the Android OS developers (which is what happened with iOS here), not the 3rd party developers.