We understand that the various permissions requested by the Android app may raise questions and concerns, and we are more than happy to enumerate the reasons for the various permission requests our app requires.
The short answer is that each of the permission requests enables one or more of the features of our app (for instance, the camera permission enables the barcode scanning feature).
The long answer is that Android "bundles" certain permissions together (for example, we need your phone's serial number to perform certain diagnostic and troubleshooting functions -- but Android only allows us to request the ID number by requesting the entire set of "Phone" permissions -- which include the phone number, any number you may be calling during the use of our app, etc. -- none of which we need, or are interested in, or collect).
Feel free to read the full article, or use the links below to jump to the permissions that interest you.
Regarding the permission to change wifi state, change network connectivity, prevent phone from sleeping:
Our app syncs frequently with our servers while it is the active app, since most of the food database data, and all of your backed-up user data, lives on our servers at http://www.myfitnesspal.com. Because users may, during the time the app is open, move from an area of 3G/4G coverage to an area of WiFi coverage, the app needs to be able to continue its connection to our servers should the mode of network connectivity change. Again this permission is part of a bundle of permissions. Our app simply needs to be able to monitor the kind of connection present so that it can move its data over whichever connection is currently active on your phone. As a final note on this topic, the app has the ability to prevent the phone from sleeping, only so that it can complete whatever synchronization task is being processed without the phone sleeping in the middle of the app's attempt to communicate data to our servers.
Regarding the permission to take pictures with the camera:
As briefly noted earlier, our barcode scanning feature uses the camera technology of your Android phone to convert a UPC symbol on food packaging into a diary entry in your food log. The permission is requested "to take pictures at any time" so that you do not have to expressly grant permission every time you tap the scanner button to scan a barcode. Our app never accesses your camera except when you expressly request it to do so by tapping the barcode scanner.
Regarding Location data:
Coarse location data will allow us to improve the relevance of the advertisements presented to you in the app, by allowing us to target the advertising based on the location of your device. No personally identifying information is collected as part of this process.
Regarding Internet permissions
The internet permissions are granted because our database exists outside the app (it's enormous, and growing daily) and the app needs to be able to reach through its connection to the net (via a "socket" or communication channel) in order to retrieve the results of food database searches, UPC barcode lookups, and to save your diary data to your account at http://www.myfitnesspal.com so that it is backed-up and accessible from any device or computer where you might log in.
Regarding Contacts permissions
Finally, as regards the contacts (address book) permission, in one of our latest versions of the app, we added the ability to invite your friends to join you on MyFitnessPal directly from the app. To invite someone, you need their email address, so the app requests Read Contacts permission so that you can lookup their email address from your contacts if you've forgotten it, without having to quit the app and launch your contacts list. This is the only time the app accesses your contacts, and it's only done if you request to invite a friend. If you don't invite any friends, your contacts are never accessed by the app. When you do invite a friend, their contact information is used only to send the invitation you sent and is not used or shared for any other purpose.