Ask Apple. They seem to have solved this problem quite a while ago.
The iOS implementation allows rejection of individual permissions, doesnt prevent install, and allows the developer the freedom to choose the best possible time to ask. See https://medium.com/p/96fa4eb54f2c
Well, you're right, but Apple's model is fundamentally different. I don't think Android will switch to such a model in the (near) future. That would mean a lot of things have to be changed, and hundreds of thousands of apps would break. So we can safely assume Android will stay with its current system. Thus there is only one possibility left: improve the current system. Rejection of individual permissions would definitely the most powerful improvement, while still being easy to implement.
If permissions could be granted not ahead of time, but rather when they're needed, you could simply update the application and just ask for permission when the new functioanlity was actually used.
That's Apple's system, right? Android does have a different one. Fortunately or unfortunately, I'm not really sure. Android's system definitely has advantages as well. But it goes without saying that there are serious issues that must be fixed.
If Android had a better permissions model, you could allow autoupdates with new permissions disabled unless the user then chooses to enable them. That said, anyone who is serious about security has autoupdates off anyway.
The iOS implementation allows rejection of individual permissions, doesnt prevent install, and allows the developer the freedom to choose the best possible time to ask. See https://medium.com/p/96fa4eb54f2c