Many Facebook users were already cranky about Messenger, the new mobile chat app that Facebook began pushing last week. But over the weekend, much more upsetting revelations surfaced about the app — and they go way beyond the inconvenience of having to download a second program.

In fact, if you actually read Messenger’s Android Terms of Service (which, admit it, you didn’t), you’d discover that the app — which Facebook is gradually forcing users to move to this month — requests a wide range of apparently invasive permissions, including the power to call phone numbers and send texts without your oversight. Per the Huffington Post’s Sam Fiorella, Messenger can:

  • Change the state of network connectivity
  • Call phone numbers and send SMS messages
  • Record audio, and take pictures and videos, at any time
  • Read your phone’s call log, including info about incoming and outgoing calls
  • Read your contact data, including who you call and email and how often
  • Read personal profile information stored on your device
  • Access the phone features of the device, like your phone number and device ID
  • Get a list of accounts known by the phone, or other apps you use.

… so if you download Messenger on an Android phone, as many millions have already done, you give Facebook theoretical permission to look at virtually everything you do. (As the folks in the Stack Exchange forums point out, iPhones operate a bit differently.)

In Facebook’s defense, there are plenty of legitimate reasons for requesting these permissions. Messenger needs access to your camera, for instance, so that you can send pictures, and few people would want to confirm microphone access every time they use the app to place a call.

These kinds of sweeping permissions are also extremely common — probably to a degree you don’t realize. Even the most vanilla apps collect extraordinary amounts of personal data: WeatherBug requests permission to view your Wi-Fi network and other devices connected to it; RunKeeper wants permission to read your contacts and call log; even the Kim Kardashian game, which is all the rage these days, logs your location, your device ID, and your incoming calls.

As with Messenger, the Kardashian game may have a valid reason to know when you get phone calls. (For instance, to save your spot before a call interrupts gameplay.)

But at the same time, consumers’ unease is understandable, particularly since so few of us have any idea what we give apps permission to do. According to one study, it would take the average person 250 hours a year to read every terms of service he encounters on the daily — which justifies why fewer than one in 10 people actually read the terms in full.

In fact, our collective ignorance over this whole app permissions thing probably explains the hullabaloo over Messenger. Yes, it’s potentially “insidious,” to quote Fiorella, but so are WhatsApp, Viber, MessageMe and virtually every other popular messaging app, all of which request comparably creepy permissions. On my insidiousness scale, at least, that ignorance of the devices and programs we use every day probably ranks higher than one overreaching app.