The presence of a good reason is exactly why you have to be so careful. Creating an app with a legitimate reason to request permission, only to also abuse it, is a great strategy for an attacker.