There's so many crazy gotchas in android permissions, though... eg, most users won't know that there's a connection between wifi and geolocation data. That's a non-obvious connection with a real trade-off: the app might have some interesting wifi-based functionality, but in exchange the app authors might harvest your geo data.
Consider the permissions for the lowly keyboard app...
A proper understanding of fine-grained permissions basically requires a working knowledge of how that permission might be or has in the past been abused.
And ultimately, fine-grained permissions are probably answering the wrong questions. The user expresses some basic trust via the initial app installation; what permissions ultimately help with is deciding whether or not to keep trusting the developer. If the app ask for lots of unexpected stuff, it's probably malware and should be uninstalled. If the permissions seem reasonable, the app is probably fine, and the user just wants to delegate responsibility to the app to do what it needs to do to get shit done.
It's really /all/ about trust. If you can't trust a random app, installation is a high-friction event. Check the stars, number of users, read a bunch of recent reviews, carefully go through permissions providing access for exactly what's needed. If you /can/ trust a random app, you can just install it, use it to read the fscking QR code and go on with your day. The need for trust is why we've ended up with centralized app stores with stringent content policies, and all the false positives that come along with it.