As a sandbox developer, I should be able to reinstall my apps when I want without worrying about permissions, that should be the whole reason the sandbox exists.
I have multiple sandbox devices, multiple emulators, multiple merchants and multiple apps. When I come to work on an app, I generally have to do the same steps:
- install over adb
- realise there's no permissions
- open sandbox dashboard
- find the app
- click preview in app market
- make sure I'm looking at the right merchant
- click install, choose plan
- open Register on device / emulator
- click sync, wait a few seconds for permissions to be synced
- run app again
- hope it worked.
So my suggestion should anyone see it is to examine the reasons why sandbox apps need to interact with the app market at all, and if possible just leave sandbox apps as having access to all permissions.
The only drawback I can see is going to be developers who forget permissions exist, and therefore forget to select the right ones when publishing an app.
Well I have a solution to that as well: make us list the permissions in the manifest with the uses-permission tag. That means on-upload the market can check the permissions match what is checked in the dashboard, and if they don't, reject the apk.