Sandboxing should prevent most of those issues. We can't control the users giving permissions to everything, but with more control on those permissions, or disabled by default, a phone should stay pretty safe, or am I missing something?
People have been trained to tap through those prompts without really reading them, and it’s unreasonable to expect a less technical user to know what the implications of granting a permission are.
You could have two classes of apps - manufacturer approved ones that do the usual stuff and unapproved ones that get limited access regardless of what the user types?