[saurik]

Yeah: while declaring permissions sounds cool and tries to fit into the narrative of helping protect end users who don't know how to manage anything themselves, at the end of the day it first requires an extremely opinionated central entity in charge of listings which takes a role in attempting to mediate the incentive incompatibilities (something which should raise serious ethical red flags and begs the question of conflicts of interest with respect to that player and the market that they get to fully control) but then still not only doesn't work to prevent users from getting abused, it will never work: "this app has requested access to your birthday" might be easy for end users, but (if this must be an API; but like, to the extent to which birthday is a bad example, this generalizes to every other thing that people currently must grant as "permissions") the only actually-correct solution is to always provide a concrete random date to every app by default and then allow the user to go out of their way--and this must not, under any circumstance, be something the app is allowed to prompt for or have any visibility into: this must be something the user has to initiate through external UI--to say "I grant this app access to my real birthday" (which, to the app, would have to look like the user merely changed the setting on their birthday to some other random date, as opposed to "the user finally gave us permission to see the same date that they can share to every other app").