We're getting to that point now where phone operating systems need to be written with firewalls built in. There will be apps we don't trust to read our contact details, but we want for other purposes. There will be some games that want to spy on us as their business model, and it is our right not to be spied on if we do not wish it. Instead of accepting or rejecting the whole collection of an app's permissions based solely on what the developer asked for, we need granular control to say yes, you may modify my USB storage contents, but no, you may not access the internet at all.
This will change a lot of things. For one, it will no longer be possible for app developers to just slap a banner ad control on their free app, request full internet access and rake in the fractions of cents for click-through commissions. We may have to pay for apps or the app stores will have to offer other incentives to developers just to encourage app development.
The banner ad controls are the main reason this seems like a problem at all to me. Every time I install a free app, it seems to request full internet access, just to show ads. I think the Android SDK should include an ad banner control built in, with its own specific permission, different to the "full internet access" permission. That way, if an app developer is after ad revenue, they can use the built-in ad control and their users can rest assured that requesting permissions for internet access is only done for ads in this case.
Mokalus of Borg
PS - It would also make Google the primary ad provider on the platform.
PPS - And I'm sure that's something they'd like very much, assuming it's not already true somehow.