When I've had no android, I've thought that too. But as I've purchased an android phone, I was quite impressed about the efficient and tight rights separation system of android. Don't misunderstand me: I didn't "activate" the play store app, as I needed to couple it with a google account. If you could install the free apps without an account I'd have tried it, but that way google had lost a customer. The next thing I was annoyed of was the samsung bloat, and the possible lock-in the case I really started to like one of those apps. I solved these two problems when I've installed CM and F-Droid. Of course, I can't install the fanciest whatsapp and so on, but at least I know my phone is truly mine (except for the baseband part), and that lock-ins are very hard. I was fascinated when I found out that every installed app has its own UNIX user assigned.
The rights separation in android is far more better than anything on the linux desktop. In X, every application can keylog me. In android, that's not possible. On the linux desktop, every application has access to all my files, including my .ssh directory.. In android, fs access is far more developed and limited. In linux desktop, every app has access to the webcam. In android, you can see which app has access. Of course, android could do better, perhaps by adding a "revoke right" option and an "always ask" option (osmand for example has a nice recorder feature, but most time I use it I don't need it so why does it have the right *all time*, rather let android ask for that permission the few times I need it), but right now it does best.
The most annoying features of the android ecosystem radiate from GAPPS, but almost none from AOSP.