Google doesn't vet every single app that lands on the Play Store the way Apple does it. This means that they need alternative solutions to keep users safe. One way to do that is through a permissions system. The developer creates an app with certain permissions that give his app certain "powers" over your phone, so it can do what it needs to do.
The problem is that these permissions are usually so vague and generic that we end up with SMS apps that require "full access to the Internet", or other apps seemingly unrelated apps tot SMS that require "access to SMS data". This sort of permissions can put many of us on guard, because we don't really know what those permissions allow the developers to do with our data. In the end, we either accept the permissions anyway and install the app, or we get too scared and don't install the app at all, even though the app may be harmless.
This means the permission system doesn't serve its intended goal of protecting the users very well, because either we install the apps, regardless of what permissions they have since we've learned that they are all too vague to know what they mean anyway, or we don't install perfectly safe apps.
Many users have asked Google before to allow them to deny certain permissions within an app. And it seems Google is finally starting to listen and is considering adding this functionality in Android. Android Framework Engineer Dianne Hackborn said:
"There have certainly been a lot of thoughts put into this. There's nothing that we can commit to doing right now, but we're definitely thinking about this."
Google can't easily do this because that's also a problem for developers. Developers rely on certain app permissions to make their apps work the way they are supposed to work, but if the users start randomly blocking permissions, the app may not work properly anymore, and then they'll give low rating to the developers' apps.
A possible solution would be to make the permissions a lot more granular. So for example instead of using a permission such as "full Internet access" just to allow an app to receive ads through the Internet so it can be monetized, they could use a more specific name such as "Access to the ad network" – and that's the only thing this permission would allow.
Of course, such a permission may remain mandatory, otherwise everyone will always block it, and the developers wouldn't make any money. But you can see how this idea can apply to other type of permissions, and at the very least it put us more at ease because we'd know exactly what the permissions are allowing the apps to do in our phones.