How is requesting 11 different Android permissions necessaries for the functioning of this music player? I can understand it probably has expanded functionality as well as playing music such as syncing wirelessly but are these all necessary?

android.permission.WRITE_SETTINGS
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WAKE_LOCK
android.permission.INTERNET
android.permission.READ_PHONE_STATE
android.permission.WRITE_EXTERNAL_STORAGE
com.android.launcher.permission.INSTALL_SHORTCUT
android.permission.CHANGE_WIFI_MULTICAST_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.READ_LOGS
android.permission.MOUNT_UNMOUNT_FILESYSTEMS

:confused:

For anyone interested in why this is important to users check out these links if you have the time:

DefCon 18 - These Aren't the Permissions You're Looking For (http://vimeo.com/14980971)

Introducing the App Genome Project (http://blog.mylookout.com/2010/07/introducing-the-app-genome-project/)

The iPhone is just the same, Android has the courtesy of at least telling you what the application has the potentialto do.

My recommendation to the developers is to use as few permissions as possible to do the intended job. Do you really need to read my system logs? I presume you want to mount/unmount my filesystem for syncing over USB? Reading the phone state to stop music when a call comes in but also has the potential to be sending your phone number and other private information off to who knows where unless you analyse the traffic yourself.

I don't see a very big problem with these permissions if you look at the functionality.

i'll try to clarify some of the permissions, though i don't have any insight in the complete inner workings of winamp for android.

android.permission.WRITE_SETTINGS
to enable/disable auto-mounting

android.permission.SYSTEM_ALERT_WINDOW
don't have an example of where it's used, but this one doesn't do much harm.

android.permission.WAKE_LOCK
to prevent your phone from going into a full standby state, which would cause your music to stop.

android.permission.INTERNET
sync functions requires internet(wifi) and i think it also has tag-updating functions(and soon for streaming too)

android.permission.READ_PHONE_STATE
you don't want music to keep coming out of your headphones when in a conversation right?

android.permission.WRITE_EXTERNAL_STORAGE
wifi sync, need to write to sd for that.

com.android.launcher.permission.INSTALL_SHORTCUT
make a shortcut to a playlist on your desktop.

android.permission.CHANGE_WIFI_MULTICAST_STATE
enable wifi for wifi sync

android.permission.ACCESS_WIFI_STATE
check wifi status for wifi sync.

android.permission.READ_LOGS
my guess is this is so it can throw you a usable error when wifi or usb mode switching fails

android.permission.MOUNT_UNMOUNT_FILESYSTEMS
for automated usb sync.

somewhat annoying, android isn't very specific in permissions.
a dangerous-looking permission is sometimes needed for something harmless.
android.permission.READ_PHONE_STATE is a nice example of that, people can see it as an attempt to log your phone behavior when all it actually does most of the time is pausing the app when a phone call comes in.

Version 1.0 is asking for both coarse and fine GPS data. Why?

Version 1.0 is asking for both coarse and fine GPS data. Why?
This is a very good question. I absolutely love the player, but had to uninstall it until I hear any explanation about the need fine GPS location. An answer from the development team would be very highly appreciated. Thanks in advance.

So, I noticed there was an update for 1.0.3 ... happened to see some reviews, and it looks like people are absolutely freaking out about the latest permissions changes and how they're uninstalling winamp because it is now "spyware." But I can't tell what's changed.

See: https://market.android.com/details?id=com.nullsoft.winamp

The only real issue I can see might be log data, and perhaps "read running applications" data. I don't see location/GPS listed there, as some people implied. But with the way the permissions in general are described there, I can see why it would freak people out.

I searched around hoping to find some more info (let's face it, people on the internet don't all freak out simultaneously like that unless they're prompted by something/someone) but haven't come up with anything. So what's up?

it wouldn't surprise me if winamp anonymously collected in aggregate user location data. it would be a way for winamp to see where most of their users actually are, so they knew which markets deserve the most attention. doesn't worry me in the least.