Hello, I am happy to have stumbled on this website when I came across a post that taught me how to expose my localhost host to the internet for rem...
For further actions, you may consider blocking this person and/or reporting abuse
The fact that you stopped to think is already an indication that there was something fishy there :-)
Does the app ask permission to access all that data? Is there a reason for the collecting? I can't think of a reason for an app that registers biometrics to collect the contact list or the messages unless the user is notified about it and it makes sense in the context of a function.
Long story short: hell no :D
By default, Android will always ask the user to allow/deny permission to read contacts or SMS (which I am sure many guys will just click the accept button).
But I am definitely sure if they knew what was going to happen after they allow such permission, such users won't dare accept it