- Your location
- Your contacts
- Your WIFI network name
- Your phone ID
- Reading what other apps are installed
- Disk access
Unfortunately we have Android being slow to solve this issue, which has already been solved since years in other Android distributions such as CyanogenMod.
In either case, it is possible to remove some of the permissions nowadays. You can install the app as required, then before running it for the first time you should go to Settings -> Apps -> YourApp
From there, you can deny the permissions to access private data. Guess what? Most apps keep working exactly as normal, which makes one wonder why they request them in the first place.