Here is an APK analysis of Maxthon:
http://mobilesandbox.org/xml_report_static/?q=358104
android.permission.RECEIVE_BOOT_COMPLETED [run on boot]
android.permission.GET_TASKS [get running tasks]
android.permission.READ_CONTACTS
android/telephony/TelephonyManager;->getDeviceId [used to identify you for tracking]
Cipher(AES/ECB/NoPadding) [used to encrypt data to be phoned home]
HttpPost [used to phone home data]
A web browser does not need any of these calls/permissions and should not be using them.
Next Browser is another piece of garbage that someone recently mentioned. Have a look at the APK analysis:
http://mobilesandbox.org/xml_report_static/?q=357097
android.permission.READ_LOGS [basically no app should do this as logs contain all kinds of information]
android.permission.USE_CREDENTIALS [use your accounts]
android.permission.MANAGE_ACCOUNTS [manage your accounts]
android.permission.READ_CONTACTS
android/telephony/TelephonyManager;->getDeviceId [used to identify you for tracking]
Cipher(RSA) [used to encrypt data to be phoned home]
HttpPost [used to phone home data]
You can opt out of data collection right? And you can also use app ops to deny those permissions if rooted