> Google is most likely saying that they haven't figured out a GOOD way to prevent apps from just exploding when a permission that they expect to have is denied.
That is (or at least was) their excuse with regards to not allowing permission controls. However it was bullshit then and it's even more bullshit now. Not all phones/tablet have GPS and even if they do it can be off. SD cards be be ejected (time was when that was the only bulk storage), tablets don't have phone modules, etc. There are probably a very small number of things guaranteed to be available, your contacts being maybe the only one. I'd hazard that the danger for the model as they had it was that an app might write something to the fake dataset and expect it to be there on the next read. Solvable as this all is, but they aren't trying.
Anyways, it was poorly conceived and poorly implemented and I don't mind it being gone. It ignored app permissions so that it would be active even for apps that requested nothing and made it difficult to identify apps that were actually problematic. More frustrating, it was targeted only at privacy and not security, which I'd think was just as much a concern.
> Personally it doesn't make much sense for an end-user to retroactively deny permissions.
You're assuming a perfect free market where there are infinite apps and you can find one that does exactly what you need and doesn't require any excess permissions. In reality, however, there aren't that many options. Sometimes there's only one: social games, bank, etc and that app requires more permissions than you want to give. Certainly you can go without, but why am I forced to let your app do whatever it wants on my device? Yeah, it's your copyrighted app, but it's not like I'm agreeing to install a GPS in my tablet, turn it on and ensure I have signal. So why can't I simply deny access to the GPS?
Honestly, the ability to revoke permissions would be great for developers too. There is (was?) a unit conversion app out there with two versions. One had currency conversion and needed an internet connection to determine the current rate. The other lacked the currency conversion and the internet permission. If users could revoke permissions or developers could set them as optional it would have made the second version unnecessary. A great deal of apps suffer the same issue. Most permissions are intended to be little niceties: a store wants GPS to find the nearest but could use zip code, an app wants contacts to auto complete but could just fire up the builtin contacts app. So on and so forth. Forcing permissions to be all or nothing forces develops to choose between adding features and appearing like a front for the NSA.