READ PHONE STATE AND IDENTITY
Allows the app to access the phone features of the device. An app with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
So is it going to store my phone number in a database somewhere? Is it simply going to avoid trying to send data if a phone call is active? We, as users, have no way of knowing. And, if they made the permissions even more granular, we would never be able to successfully wade through all of them. I need someone smarter than me to fix the design. But the design as it exists today is largely useless.
Is it true that if a company does not reserve the right to sell my details to every advertiser it can, they will be in trouble?
Well that would only be true in a limited sense. For example, with a company like Facebook now that it is public - yes, this could be partially true. A company whose business model is collecting data and selling advertisements based on that data would not make their shareholders happy if they decided not to fully utilize that data. However, if a company had a business model of "we provide secure cloud services" (oh say like Amazon EC2 or Microsoft Azure or something like that, or even like say Dropbox) their shareholders would not like it if the company jeopardized their entire business by not keeping the stored data as confidential as possible. Only as the company started to fail on its own (like dropbox could now that Google Drive and Microsoft Skydrive are attacking their turf) would the shareholders then want to extract all the possible value from the data that they have. They still wouldn't want to do it illegally though as the lawsuits could eat up the shareholder value before they can cash out.
The main risk to data is that it can be subpoenaed by the Government fairly easily. That's really the data risk you have in the US.
To do nothing is to be nothing.