@crlcan81@bark.lgbt at #IzzyOnDroid we have scanners in place that check each app on each update for such things. Should something "suspicious" show up, we receive an "alert", cross-check why the app might need that, reach out to the developers if unclear.
Results: either the permission is clarified (and the explanation added as in the screenshot) – or it is removed (sometimes, dependencies "drag stuff in" without the devs having intended that; we're all humans, mistakes can happen to each of us).