I agree this is a better set of defaults, but there should be a toggle in the settings someplace, even deep in the developer mode settings, that gives users control over more granular permissions and allows them to choose which permissions to auto-grant and/or auto-deny.
Though I agree with you, why is this level of detail demanded of mobile apps but not of desktop apps? I would love to be able to sandbox desktop apps as well.
