If there is no app-store review process then all apps will demand full permissions, which means apps effectively get everything by default.
If it's a choice between permissions and not using the app then users will give them the permissions, and that is the choice app developers will give users, if they are sufficiently large to get away with it (Facebook, Fortnite, etc).
See my other replies. Standard bundles of caps by app type; limited/fake caps in place of system cap; yes it's a problem that needs work to demonstrate success at scale; ultimately it's up to the user who owns the device -- we can only design to support their judgement, not replace it. Replacing individual judgement with one central emperor of all phone software leaves everyone vulnerable to the emperor, as the recent and unsurprising news about iCloud in China should highlight.
It's not that I expect Apple to jump right on redesigning their OS. It's the claim that usable security is incompatible with universal computation, requiring a locked-down app store, that I'm objecting to. We have promising ideas about how to do better. We have actual experience of a handful of mass-market OSes, none using those ideas. If we had a lot of diverse experience of mass-market OSes and none of them worked, that would be a powerful argument from experience. But I think in our reality it's just status-quo bias.
If it's a choice between permissions and not using the app then users will give them the permissions, and that is the choice app developers will give users, if they are sufficiently large to get away with it (Facebook, Fortnite, etc).