It's not without its own faults (and it used to have some huge gaps, such as address book access), but the iOS privacy model is simply a more user-centered paradigm than on Android.
Android apps ask you if you want to update to the new version or stick with the old one indefinitely; privacy settings are non-negotiable. iOS apps ask you as they go: If iOS had an SMS API, Facebook wouldn't need to ask you until you enabled two-factor authentication (assuming that's all they use it for). And you could turn it back off later if you weren't comfortable leaving it on.
Well, they could read all that other stuff by default with no warning previously until all sorts of apps abused it. Then Apple had to add in the prompts for things like reading Contacts. I'd imagine the Android devs are working on similar since the list of permissions model is breaking down.
Android apps ask you if you want to update to the new version or stick with the old one indefinitely; privacy settings are non-negotiable. iOS apps ask you as they go: If iOS had an SMS API, Facebook wouldn't need to ask you until you enabled two-factor authentication (assuming that's all they use it for). And you could turn it back off later if you weren't comfortable leaving it on.