Currently an app must list all permissions it might conceivably need and the user must grant them all together. This has some usability and privacy/security disadvantages:
* seeing a huge list of requested rights is confusing, when most of those are out of context (not needed for the current activity)
* seeing requests for rights the current user does not have is confusing (see also T94478)
* a privacy/security-conscious user might want to refuse some rights at the cost of losing some non-essential functionality; right now that is not possible
There should be a way to only request or only grant a subset of all rights the application is capable of using.