Android apps can request very powerful permissions, but those permissions are specific, explicit and revocable. There's a fundamental trade-off between power and risk, but I think the Android security model handles that trade-off quite well.
My #1 issue is that I'd love to grant an app powerful permissions if I can ensure it doesn't have internet access. But default Android doesn't expose the network permission (which exists and is accessible in ROMs like LineageOS)
Of course if this was exposed then people would start blocking the Google data vaccum - and that's bad for business
https://developer.android.com/guide/topics/permissions/overv...
https://developer.android.com/reference/android/Manifest.per...