Typically, the app needs to ask for permissions like that, though. On Android, they need to ask to become a “Device admin”, and they need to specify what specifically they’ll use that access for. I imagine (though I’m unsure since it’s never happened to me) they need to ask to update those permissions if they want their uses to change.
Software is imperfect and you shouldn’t trust that future updates will not add that ability.
Typically, the app needs to ask for permissions like that, though. On Android, they need to ask to become a “Device admin”, and they need to specify what specifically they’ll use that access for. I imagine (though I’m unsure since it’s never happened to me) they need to ask to update those permissions if they want their uses to change.
Agreed, but its not perfect. I recall but couldn’t recover a link to a story about some application bypassing android or iPhone permissions.
Another big recent flaw allowed apps without the permission to draw over other apps.
https://blog.checkpoint.com/research/android-permission-security-flaw/