Developer-Dude Honestly I think that removing any permission from any app should include writing down that it was done and what threat the action was intended to guard against. And I think it would be good to spend a moment (for each permission being removed from each app) to review which legitimate parts of the app might misbehave after the removal.
As a special case, I think removing any permission from any app that ships with GrapheneOS should receive special thought:
- If I don't trust the Camera app to know which way the device is facing, do I really trust it to not embed a list of installed apps in invisible metadata in each picture?
- If I don't trust the GrapheneOS team to ship a camera app that won't abuse the orientation of the device when I'm taking a picture, how do I trust the team not to leak my e-mail address via unused bits of Bluetooth data frames?
I think it is best to resist any urge to do mass "spring cleaning" on permissions, especially for the built-in apps. Each GrapheneOS release includes millions of lines of code that aren't controlled by any toggle. Reading a random module of that source code (or even just the comment block at the top) seems more likely to lead to useful understanding than spending an afternoon flipping permission toggles.