Permission systems are fairly good in both Android and iOS now, though.

Note: I agree that protecting your data is important, I don't want to downplay that.

No, the situation is "take it or leave it". Give all the permissions, or don't get to use the app. There are now even web sites (facebook, google maps, yahoo email) that seem to refuse service if you are determined to be on a phone. They demand that you install their app instead.

Proper permissions would have 4 possible settings:

1. ask (the default), with checkbox to make the choice stick

2. deny

3. allow

4. deceive the app, pretending to allow.

That last one is important. It keeps apps from forcing users to allow absurd permissions. Deception plug-ins should be possible, allowing various kinds of deception (like "oh, sorry, there is no signal") and even man-in-the-middle against the apps.

The problem is not that permissions are pretty good. The problem is that you have to give many apps way too many permissions to work.

Let's make an example; I use the FitBit tracker and quite like it. I also use its own Android app. A few months ago, they decided that in order to sync you need to enable GPS. Now, there is no reason on Earth why I need to turn on GPS to download data from my watch and upload it to FitBit's server. Still, no permission or GPS disabled = no sync.

Frankly, I do not think this is in my best interest. And I wonder how many of their user-base noticed the change of permissions.

I'm writing an article about this, doing research now, trying to correlate battery usage on a device with how many apps are installed on it, and user use.

If the user isn't using the device, and the more apps on it, the faster the battery drains, it's transmitting something somewhere to someone...

Your claim is that random 3rd party apps are transmitting unknown data while the apps are closed and the phone is not in use?