When was the last "Massive iOS Mobile Botnet Hijacking SMS Data" headline?
When was the last maximum security prisoner getting run over by a bus headline? Sometimes freedom has its own risks, which includes idiots making poor decisions over where to get their software from. Does that mean everyone should be locked up in a cage to prevent that from happening?
No, not at all, but there are parts of this story that expose one of the weaknesses of the Android permissions model; namely that an app requests a set of permissions (that are overly broad to cut down on the number of permissions groups) and you have to either accept or deny those permissions wholesale.
Because the people who download dodgy apps and sideload them, then click past the permissions list without even looking at it would selectively disable the permissions they didn't really want to grant?
The permissions problem you refer to is a really difficult one to solve. Oh, it could be solved for you, by giving you the ability to selectively disable permissions (which, BTW, you can actually do with a small amount of one-time effort), but face it, less than 1% of Android users would carefully vet and individually select the permissions. Probably much less than 1%.
Then there's also the problem that individual permission selection would just cause app developers to test to see if they got all the permissions they wanted, and refuse to function at all if they didn't. Google could respond by trying to make it appear that the apps did get permission, perhaps by serving up fake data, but that would just create an arms race between app developers and Google, and apps have a much shorter release cycle. In fact, for power users the status quo is probably better, because they can root their phones and use an app to selectively disable permissions, but there aren't enough of them (far less than 1%) to motivate app developers to try to work around it.
I don't know what the solution is, but I don't think that's it. I lean more towards finding ways, at least in the official app store, to shame apps that request broader permissions than they should. Maybe Google should develop some sort of a "risk rating", based on the permissions requested and the trustworthiness of the publisher and tag every app in the store with it, perhaps even adding an additional warning dialog if the risk is over some threshold, and probably artificially lowering "risky" apps in the search results. Of course, the really problematic apps aren't on the Play store, and adding an additional warning on an app that a user has already chosen to get from some dodgy site is unlikely to help. But Google might be able to dissuade publishers of apps on Play from requesting more permissions than absolutely required.
(Disclaimer: I work for Google, but not on Android. My relationship with Android is that of a user.)