Could you make the Expo Client app require no permissions to various things, and then allow the ‘package app’ to declare and request permissions for its particular functionality?
When I go to install the client app, it advises pretty much FULL access to everything on my phone, and I doubt the package I want to use actually needs all of that.
It might go along way to encouraging users to trust the framework and packages?
On further checking - it seems the permissions description on the app if you visit the app store from a browser is different to the actual app store. From browse it says ‘HAS access to’ - from the app store is says ‘MAY REQUEST’ access to, and after installing it I can confirm the default permissions are no access to anything. It might be worth seeing if the browser version of the app permission text can better reflect the actual situation. It initially prevented me from even starting/trying the app altogether.
this is more of an issue with how google displays information. we can’t really control it. depending on your android version the permissions will be mandatory or require runtime permissions checks - old versions of android have more static permissions and later versions use runtime permissions checks. so when you look on your device it knows what os version you have and can display the appropriate info, but from your computer it does not know