[FatalBaboon]

First of all, malicious developpers can still ask for unreasonable access and often do. How many times did you want to install an app and wonder why they ask for insane permissions like sending text messages. You may be aware enough to refuse and uninstall at that point but that's not the case for everyone, and Apple washes their hands with this issue.

Furthermore, you may not allow such an app to access your privacy, but Apple itself is above the permission and will happily gather all kinds of data about you, with your implied consent (after all you DID buy a tapped piece of hardware). That's Siri and every remote Apple service for starters, and god knows what else in their closed source shiny software.

The random developer is the least of my concerns.

Now a truly open model where people can enforce torch apps cannot ask for ridiculous permissions, that's better. Enforced by enough parties that nobody can pull the blanket.