I am fully aware of what vpn services to use and not. I am not using Express VPN, I am simply doing research for a master thesis, when I came across these results from Express VPN. If you have any ideas or corrections, please let me know why a VPN provider would need to have access to these permissions.
Screenshot is from Exodus service, which let’s you view what exactly perimissions and trackers each app uses. You can check out the results and the tool for yourself here: https://reports.exodus-privacy.eu.org/en/reports/com.expressvpn.vpn/latest/
That depends entirely on your use case, and how “devices” is defined.
For example, I run a couple of docker containers which each have their own VPN connection for different purposes. All connections originate from the same IP and run on the same physical machine even, but if they would be counted as different “devices” that would eat up the 5 device limit rather quickly.