weixiyen seems to be ignorant of, or omitted, the fact that there's a difference between "read text messages" and "read the SD card" permissions. If some Flappy Bird clone wants to read/write the SD card, maybe users don't care, but they might decide it has no legitimate reason to read their messages.

If one wanted to criticize Android for having such broad SD card permissions, there may be an argument there, but given the current state of things, it's trivial for apps to securely encrypt files they put on the SD card (they store the key in internal storage, which is much better-protected.)