Android permissions suck
The way Android handles app permissions is totally wrong. When you install an app, it asks for permissions like internet access, ability to snoop in your address book, get your location, send SMSs without warning you, and other scary stuff. You may want to grant some permissions, but Android won't let you. You either have to allow all requested permissions, or don't install the app at all.
To make things worse, permissions are grouped in such a way that dangerous capabilities can piggyback along with innocent permissions. For example, the "read phone state" permission makes sense for media players, because this allows them to keep quiet when you receive a phone call in the middle of a song. But for some reason this permission is part of a permission called "read phone state and identity." Phone state, OK, but that doesn't mean I want your app to read my phone number and IMEI. Phone numbers and IMEI addresses are way too easily abused as undeletable tracking cookies by unethical advertisers. The phone state and identity permission definitely needs to be split in some future version of Android.
Until Google cleans up the permission system we need to work around the flaws by using a permission manager.
LBE Privacy Guard turns your phone back into your phone
LBE Privacy Guard is the best Android permissions manager out there. OK, PDroid may be better, but it's a lot harder to use and has to be tailored to your specific phone/software combo. So for now LBE Privacy Guard is the best app that combines permission management with ease of use.
LBE Privacy Guard includes a firewall (which you can even configure to block LBE itself), but DroidWall and avast are better at keeping apps offline. LBE also includes a data manager, but there are better data managers out there.
The reason to use LBE is for its other features. You can grant or deny access to your contacts, messages, phone number, location, and other info that you rather not share with every app that wants to snoop around. And you can deny permission to make phone calls or send SMSs without your consent. This can protect you against rogue apps that try to steal your money by sending texts to premium numbers on their own.
You can do many of these things with Permissions Denied, but LBE Privacy Guard is a lot smarter. Instead of simply denying permissions (which makes many apps crash), LBE sends bogus data to nosy apps that ask too much. This way they don't have all those scary permissions, but they think that they still do.
Edit: this bug got fixed in the update of March 7, 2012.
Now the good news. LBE's user interface is simplified by splitting the main screen in three sections: firewall, permissions manager, and settings. The permissions manager is the most important part. It has all the permission controls of the previous version, and a new permission set for you to tweak.
The new permission in the list is called "call monitoring." This includes changing your ringer volume. Apps that use this permission include VoIP apps, and they have a very good reason for that. If you receive a phone call while Skyping, you don't want your ringtone to blast at full volume when you have your phone pressed to your ear. Some VoIP apps can also integrate with your dialler so calls are automatically routed over cheap VoIP instead of your carriers expensive phone service. The call monitoring permission also lets you control your ringer volume with apps like Quick Settings.
The other features of LBE remain the same. You can tell apps to stay away from your messages, contacts list, call logs, and location info. You can make sure that apps can't call out or send text messages on their own. And if apps want to know your phone number or IMEI for no good good reason, you can tell them no.
LBE Privacy Guard requires root access to do it's job, and so do the apps that work great in combination with LBE: DroidWall, avast, and AdAway.
With usage stats and crash reports switched off my phone and my router didn't show any LBE traffic (unless I pushed the "check for updates" button). When I told LBE to go online while blocking its traffic traffic with DroidWall it really got blocked: my DroidWall log showed that LBEs packets were blocked, and my routers log showed that LBE didn't punch any holes in DroidWall.
• LBE Privacy Guard (Android Market)