The problems with permissions.....
The Android permissions architecture is a pretty good idea. The problem is the implementation and presentation is poor.
When you are browsing the Market, you don't get to see the permissions until you are ready to download the app. It would be far better if the permissions were on the main app description page. It would also be a good idea for the Market app to highlight permissions that are a particular risk ("Services that cost you money", for example)
Its all, or nothing. You either agree to all of the permissions, or you don't install. In some cases this is sufficient, why would a fart app need access to my contacts? Other times it isn't. There are plenty of legitimate reasons for an app to require network access, even if it is to serve up ads. There are also plenty of malicious uses for that permission.
What is needed is for the permissions system to be up-ended. Instead of the app saying "I need these permissions", the user should be able to say "I give you these permissions", preferably when the app asks for them. The app asks to access location services, the user replies "No", "This time only" or "Yes Always". The Android API should require that apps should handle being denied a permission gracefully.
The network access permission could be tightened up by making it more specific. Something akin to a firewall, perhaps? Allowing the app to access certain addresses or use certain protocols? Could be too complicated for the average user, however.
There are firewall and permission blocker apps available, those these need root access and apps that have their permissions blocked often force-close or behave badly in other ways.