Note that the Android permission system is designed so that you are not in control by design, some permissions are "not for you" and only for "system apps" which you can't control. This gives Google and device manufacturers advantage over third party software developers in the name of security...
I think we should focus on defending the slowly-vanishing ability to unlock the bootloader and fight for the core parts of Android to stay open source.. without these two, installing an APK will mean less and less until it might eventually become synonymous with installing a PWA.
A great example of this is the 'networking' permission. Being able to control which app can speak to the WAN/LAN is a very important security consideration. Instead, every Android app can send any data it wants without the user being able to have a say in the matter. A lot of apps work just fine without being able to 'phone home'.
Thankfully there's the likes of GrapheneOS, however, with Google's recent changes, unless their OEM partner pulls through, their days are likely numbered.
Interestingly, on Xiaomi HyperOS they have added the ability to individually control each app's access to mobile data 1/2/WiFi. I didn't know this wasn't a general Android feature.
I guess if it was, people would be turning off the network permission of all the "apps that perform a trivial function, but with ads", like I always do.