I think this is a serious oversight. I understood not doing it in Maemo, but I would expect at least Jolla would implement something like Android, where the app declares what it needs, and it fails if it tries to access something it did not request access to. At this day and age, what is the justification not doing something like this? It only takes 1 malicious developer with a relatively popular, innocent looking app to compromise the security of most Sailfish users, and steal all the info they store on their phones. This is the main reason I'll avoid getting one.