How Android ensures security?

I am just starting on Android development. To my nascent knowledge, it seems that anybody can grab any personal info and modify it or phone it home. Like with ContactContentProvider. I k开发者_如何学编程now these(permissions) have to be specifically declared in application manifest and the user would be presented with this info during installation. But still how would you you know the application handling your private data is not going to go rouge on it?

Example:

Suppose I create an app with internet and contact-reading permissions. It claims that it will backup contacts on a server specified by user. While secretly it also copies them to your own server.

It's no different than you developing an app that does it that runs on a PC, or something that uses your gmail login to see if there's others you know on the same site.

It's all about trust. Also the Apple approval process doesn't safeguard against any of this if you hide it and when found out malicious apps can be killed & uninstalled instantly.