This is why I love xprivacy. It gives me a popup when an app tries to access something, and I can whitelist or blacklist it, either on a temporary or permanent basis. Unlike google's halfarsed attempt at a privacy layer, it also doesn't give an exception when an app tries to access restricted data as that can cause apps to crash; it just sends back fake data (device ID is DEFACE, contacts are empty, location is christmas island, etc.). It also covers just about every permission you can think of, unlike app ops/privacy guard that are just a few.
Although really, what needs to change isn't just in android itself; it's also developer behaviour. Stop trying to do intrusive things like prefilling forms, as it doesn't benefit the user in any real way.
> Stop trying to do intrusive things like prefilling forms, as it doesn't benefit the user in any real way.
Speak for yourself -- I find prefilled forms to be a time-saver.
However, I don't want apps trying to read through my contacts in order to do it. What I want (but haven't actually configured) is xprivacy configured to make contacts appear empty.
Although really, what needs to change isn't just in android itself; it's also developer behaviour. Stop trying to do intrusive things like prefilling forms, as it doesn't benefit the user in any real way.