Ask the developer. There are links to their web site and email on most apps' pages. Some devs are cool and include it in the app's description. But all this comes down to the developer. They should know and be able to tell you what the app specifically does with one of the permissions.
Of course, the dev could say "It connects to the Internet to verify your purchase license" but still secretly transmit you're top-secret personal data to a scrupulous third party.
So, just stick to open-source apps that you are able to audit all the code. Or just make your own. You cannot trust anyone these days. Then again, you have weigh that vs the convenience of having a ready-made app do what you want out of it. I cannot say I personally have poured over GCC's code to know it isn't sending my source code to some server in China. But, I trust the community enough that if that were to be found of some program, all hell would break loose on them. Apps have been found to do stuff like this (people running network sniffers and the like), and I feel the response was appropriate from the community and Google in identifying, pulling from the store, and when severe enough, automatically wiping it from people's phones.
The decision is yours. Hyper-paranoia and do it yourself, or ask the developer and decide if you trust them. The Android system is striking a balance between flexible enough to give you a starting point to the needed permissions, any more strict and you run into the Vista-style annoyance that it becomes futile. Any less, and you don't know what's going on ever.