Yeah. I mean the irony is that the one advantage of having a controlled and monitored app store would be that the entity monitoring it enforces certain standards. Games don't need access to your contacts, ever. If Google Play would just straight up block games that requested unnecessary permissions, it might have value. Instead we have 10,000 match-three games that want to use your camera and read all your data and Google is just fine with that. If the issue was access to personal data, a large proportion of existing apps should just be banned.
I really think all permissions systems need what we had back in xposed/appops days:
Permissions should ~always be "accept (with optional filters)", "deny", and "lie". If the game wants contacts access and won't take no for an answer, I should be able to feed it a lie: empty and/or fake and/or sandboxed data. It's my phone and my data, not the app's.
We had it over a decade ago, xposed supported filtered and fake data for many permissions. It's strictly user-hostile that Android itself doesn't have this capability.
