I think it's true that the Android permission system is not very good; an application with zero permissions can read everything on the SD card. However, I'd like to think this is just a weakness in Android, rather than proof that permissioning system for end-users don't work.

Are there any other recent examples of poor permissioning?

Maybe the fact that programmers are typically more considerate about this, but it has no "real" benefit to end users, leads to the whole design/workflow not getting much attention.