My guess about the Pandora rights: It probably needs "phone state" so that it can hibernate properly when you get a phone call. It probably needs "contact info" because it has a "share" feature if you want to send song info to your contacts.
Which is more likely: Pandora - a strong competitor in the Internet radio business - would risk the horrible publicity of being caught exposing your personal information; or the Pandora app needs certain specific rights for the legitimate operation of their app - and the Android SDK simply doesn't provide a way for them to specify exactly how they plan to use those blanket rights? I think the latter. Maybe you disagree?
There are a bunch of really smart tech-savvy people out there putting the popular apps through more of a wringer than I ever will. It stands to reason that one of them, somewhere, would be able to tell if an app was up to some shenanigans. At that point, of course, the dev would be called out publicly, and his/her reputation would be permanently destroyed.
Maybe that's being cavalier with privacy, but I just think developers have too much to lose by screwing around with your privacy, especially when it is virtually guaranteed that someone, somewhere, will know about it. Someone out there with a packet sniffer will be watching what the app is sending with its "full internet access" and will blow the whistle.
I think most apps that need your "phone state and identity" need it because they want to handle a phone call interruption elegantly; and I think most apps that need your "contact info" need it because they have some convenient ability for you to share information with your contacts - which is a GOOD thing.
Having said that, I try not to screw around with apps that have small audiences. There's safety in numbers, I think: the more people who are using the app, the better the chance that I don't need to worry about it.
Spot on! +1
BTW, you are in the right place, the Android community, consisting of the dev's out there doing ROM's, and others like us here at DF, are the "someone" you talk about watching what apps do.
I say again and again, make comments on all your apps, good or bad, in the market.