When you download an app to an Android phone, there is a list of permissions the app requires and that you must accept. But until now I've never observed an app making use of one of these permission unbeknownst to me.
Yesterday I tried placing a phone call with Google Voice for Android, which I had downloaded for the occasion. The permissions listed include SMS. To my surprise, this morning I find that a text was placed at the time of the call from my phone to a VoIP number 760-537-0537, which commenters on the Internet say is a Google number.
The message was a 120-character-long hash, and I suppose it was sent to support the use of the app — perhaps to verify that my phone was actually in my possession and not being spoofed by software.
[end]