Except many times the update will ask to expand its access to information in your phone it shouldn't need. So you choose between explicitly granting permission for unnecessary data access or don't update and hope you don't get owned via a vulnerability in that app.
So instead of finding someway to block or spoof a developer telling you they need different permissions, you'll wait around until some hacker breaks into your shit feeling like you beat the system?
In an imperfect system, you end up with imperfect solutions.
This is a tradeoff. Do I accept the developer demanding access they do not truly need, or do I accept the risk of a hacker gaining access to my phone through the developer's application?
If a hacker gains access to my phone through the developer's application, what do they gain access to? At the maximum (hopefully! unless they springboard to another hack and pwn your whole phone or other applications) they have what the application has access to.
Attack surface management is a lot more complex than just "always stay on the most latest shitware that the developer can shove down your throat"