Google has all the new permission API documentation up now. Here's the money paragraph (emphasis mine):
Quote:
Note: On devices running the M Developer Preview, a user can turn off permissions for any app (including legacy apps) from the app's Settings screen. If a user turns off permissions for a legacy app, the system silently disables the appropriate functionality. When the app attempts to perform an operation that requires that permission, the operation will not necessarily cause an exception. Instead, it might return an empty data set, signal an error, or otherwise exhibit unexpected behavior. For example, if you query a calendar without permission, the method returns an empty data set.

So, that's at least promising.

What I like: They're encouraging apps to use external services rather than requesting permissions themselves. The canonical example is that, if you need to take a picture, you just send an IPC to the camera app, which will do it for you, no permissions required, versus talking to the camera directly, which requires permissions.

Also, they've created eight "macro" permissions. Example: "SMS" covers reading old messages and sending new ones. That's less precise, but it's also more user-comprehensible. I think that's a good tradeoff to make.

I'm still unhappy about every app having full Internet access by default. I went digging to see what else is on by default. Unfortunately, they haven't yet posted the relevant source code, although I suppose I could extract it from the M Developer Preview. That's a project for another day. For reference, here's where all the permissions are defined. The relevant blob is this:
Quote:
<!-- Allows applications to open network sockets. -->
<permission android:name="android.permission.INTERNET"
android:permissionGroup="android.permission-group.NETWORK"
android:protectionLevel="dangerous"
android:description="@string/permdesc_createNetworkSockets"
android:label="@string/permlab_createNetworkSockets" />

The magic word is "dangerous". So long as that's there, then the app is required to request the permission before it will work. If that field instead says "normal", then the permission is automatically granted. According to Github, the latest commit to this particular file was in March 2015, so that means the decision to give full Internet to every app was made later than that.