F-Droid tries to address this, for example. For each permission, there is a short explanation that the developer (I presume) has to write on why it is required.
Not perfect, but it's better than Google Play, in my opinion.
standalone tool currently runnuing on a x86 laptop loaded with Linux Fedora Core 3
while exploitable targets include:
Win2k, WinXP, WinXPSP1, WinXPSP2 running Internet Explorer versions 5.0-6.0
The GINSU software application to control the hardware implant BULLDOZER or the software one KONGUR:
supports any desktop PC system that contains at least one PCI connector (for BULLDOZER installation) and Microsoft Windows 9x, 2000, 2003, XP, or Vista.[...] If KONGUR is removed from the system as a result of an operating system upgrade or reinstall, GINSU can be set to trigger one the next reboot of the system to restore the software implant.
So after all, Microsoft is not really helping them, if they have to protect themselves from system updates
anyone with physical access can peek...
pretty much everything he wants/like.
No, actually, Obligatory XKCD Citation(TM)
I got a firstname.lastname@example.orgGHz machine that's able to run smoothly Black Mesa, SteelStorm and TF2.
I forgot to mention an interesting aspect: I have enough spare power to watch Netflix using XP in a VirtualBox machine