"It remains true that most start-up companies have a modest start. They are understaffed and with small budgets, but have a really great idea. Their main focus is to use the limited staff and resources available to do everything possible to make their dream a reality. Unfortunately, this most often means that proper security testing of their application falls to the side as a non-critical task. This is a serious problem, as most app vulnerabilities are best addressed at the development stage. Once an app is in operation, it becomes very difficult to mitigate lack of appropriate security measures, as we've just learnt from Snapchat."
Turns out those of us who are uncomfortable when a mobile app requests broad permissions are correct to be concerned.
Read the rest here.