I've thought about this a lot because it always bothers me why some apps request permissions they do and unless you can figure it out your choices are accept and use it or refuse to install. Android started making developers include changelogs with each update and while that's been abused by some with poor logs such as "bug fixes and performance improvements" there are those that use it properly.
What I'd propose is similar to requiring changelogs. For every permission required the app has to state clearly why they need them. For camera apps to use camera is obvious but a torch app needing network access isn't so obvious until you see that it's ad supported. Then there are the really broad permissions like Facebore ask for that I'd never be ok with allowing.