I have the following code below that reveals me the entire email list of a Android phone.
val emailPickerIntent = Intent(Intent.ACTION_PICK, ContactsContract.CommonDataKinds.Email.CONTENT_URI)
startActivityForResult(emailPickerIntent, REQUEST_CONTACTS_CODE)
I understand that Android requires a user to explicitly give permission if we want to read/write to Contacts. However, in this case it seems that no permission needs to be given for the email list. Did google decide emails were not considered sensitive information?
reveals me the entire email list of a Android phone
No, it reveals to the user the entire email list. Your application code does not have access to the list.
If the user picks a contact, the Uri delivered to you (via onActivityResult() for REQUEST_CONTACTS_CODE in your case) will allow you to get details of that individual contact. The user, by selecting the contact, is granting you short-term access to that one contact, and only that one contact.
Did google decide emails were not considered sensitive information?
They do. That's why you need READ_CONTACTS to be able to query the ContactsContract provider directly. If the user is involved in the contact selection, though, that permission is not needed for whatever contact the user selects.