[sparkie]

In theory you could automate the process of removing unwanted permissions in another app store. For example, if some game on the google app store wants the camera but doesn't need it, a "safe app store" could download its code and remove the camera permissions and any potential calls to functions which read from the camera. (They could be replaced with blank stubs or even a fake video like a rickroll). Same principle for address book (just provide fake/randomly generated people, etc).

Obviously not everyone would use the safe version because of the network effect of Google's play store. But for anyone who becomes aware of the "safe app store" and is aware of privacy risks, they'll almost certainly chose to download their apps from there.

[josinalvo]

Afaik, some of this is possible on a rooted android phone: it is possible, for example, to cut off an application from real GPS data, and instead feed it fake data.

[sparkie]

You've already lost most users at "rooted" though. It also requires that someone has done the legwork to root a specific model, and it's always a moving target with new phone models which try new ways to prevent you rooting (or voiding your warranty). The majority of manufacturers are unhelpful when it comes to giving you more control over your phone.

All the more reason that things should be free software with anti-tivoization, so that the stock ROM on phones can be replaced easily. Most of android is free, but because it allows non-free parts (drivers, etc), it's a complete mess for people to tinker with devices because the method is different for every model.

You shouldn't really need root to selectively enable permissions for some apps either. The "all or nothing" approach to permissions is a poor design choice.