I think the idea was that you wouldn't install apps on your phone that you didn't trust. Obviously that didn't turn out to be practical so now they're adding more fine-grained control.
This phone has a much more restricted installation experience. There is only one installer, and Apple knows who to blame if any of the software it installs turns out to be malware.
I think the idea was that that tractability would deter people from trying to put malware on the App Store.
And that has worked reasonably well. Yes, there were several cases of apps that did not inform users that they uploaded data to implement features they advertised, but I am not aware of downright malware (say a fart app that uploads you address book to some server), and yes, Charlie Miller got a nefarious app on the App Store, but that malware was traceable back to him.
The thing Apple did not think through well enough is the privacy issue. Users can feel uncomfortable about apps uploading their data, even if that is necessary to implement app functionality, because they may not trust the app writer to do nothing else with the data.
Also the personal information is more limited. At first the only "personal" information was my name and the name and phone numbers of my friends. This information is available (in theory) in a phone book.
I think the reason for that is that people generally take an optimistic view of the world, e.g. "good things will usually happen." When smart phones came out your data was easily available. How many people at that time do you think shrugged it off with the excuse: "well, yeah, but I'm not doing anything wrong/who would care what I'm doing?"
Now that people finally understand that this practice is very widespread and considered "normal" among a non-trivial amount of people in the technology space people naturally have become more protective of their information.
They already do this to an extent with permissions. It's not as in-your-face about it, but it's certainly far more fine grained (read vs. write access, more services have permissions, etc.)
Not really. There are virtually no permissions that can be approved on a case by case basis in Android. Google claims that interactively approving permissions will make life "too complex" for developers. I hope this inspires them to be a little more open minded about it. There are so many useful but optional features of apps that need intrusive permissions (eg: read your contacts) - but apps need to request blanket permissions to them up front, which is just silly. I think developers can handle a little if-else logic especially if the trade-off is they can avoid the stupidity of having to push multiple versions in to the app market just to cater for different permission requirements.
If I have to download and configure a custom application into my toaster in order to choose whether I permit raisin bread, I'm being a toaster systems integrator.
"This isn't a problem, install this third party app to keep your permissions secure! But sorry, it could break at any time because Google don't provide support for it."
This is a desktop computer mentality. Sorry dude, I'm a programmer and a sysadmin, but my phone is a #*$@ing APPLIANCE! I want it to make and receive calls, and maybe play a few rounds of Angry Birds without wondering if Rovio is tweeting my location behind my back.
So you become a systems integrator by downloading apps to your phone? Then I'm afraid you already are one, sadly.
Who do these phone companies think they are, expecting people to actually program numbers in a device just to call someone? Not everyone is a programmer!
EDIT: You edited your comment above, but it still makes no sense to me. Your phone can't know if you want an app to access your personal info or not, you have to tell it. The only difference between what you want and what I propose is that you have to spend an extra two seconds installing an app. This doesn't sound so onerous, and doesn't mean you have to be an expert.
I'd call it completely the opposite of fine grained. You can't, for instance, restrict an individual app's access to the calendar. You're shown what permissions an app wants on install, but you can't revoke individual ones. You're stuck taking or leaving it.
This shouldn't be an "initiative." This should have been a standard practice from day one.