Android was in fact meant to work this way, with apps providing such functionality through intent filters that match the PICK or GET_CONTENT actions.
But Android is also supposed to work through ContentProvider components that enable access to databases. Sometimes you need more than a PICK action performed by an external app. As in the case when you want to make an alternate implementation of a contact picker.
This is why the issue has to be addressed directly, by making many if not all permissions optional, and settable per app. Handling a SecurityException is not burdensome. Much of the permission overreach is due to crappy "behavioral targeting" data collection that doesn't really work. Nobody will miss it.
But Android is also supposed to work through ContentProvider components that enable access to databases. Sometimes you need more than a PICK action performed by an external app. As in the case when you want to make an alternate implementation of a contact picker.
This is why the issue has to be addressed directly, by making many if not all permissions optional, and settable per app. Handling a SecurityException is not burdensome. Much of the permission overreach is due to crappy "behavioral targeting" data collection that doesn't really work. Nobody will miss it.