The problem is with the current Android permissions system. An app must request every permission it needs for every feature in one big lump at install time. The developer can't provide explanations in the permissions request dialog, and the user is forced to either accept all permissions or not install the app. This is far from ideal for both parties. Users have to sign their life away just to try an app, and developers are stuck with either scaring off users with a massive list of permissions or removing useful features.
This article explains the (perfectly legitimate) reasons for the permissions needed by Facebook Messenger:
The problem will be fixed in Android M, which will have a completely new approach to permissions. Rather than being one big lump, permissions will be dealt with individually. The user will only be asked to accept or deny a permission at the point when that permission is needed; For example, if you never use the SMS features in an app, then you will never be asked to grant that permission. Users can deny specific permissions, and the app will have to cope gracefully with that. A system settings menu will allow users to see what permissions are currently granted to which apps, and revoke any previously granted permissions.