Every app would have a long permissions dialog. Every app would want to read your CPU fan for no good reason (just as another piece of fingerprint) so you'd get use to clicking accept so you could use any apps at all. The malware would still get through. This already happened on mobile.
It happened on mobile because Android (dunno iOS's permission model well enough) is more on the developers' side than the user's side, or at least they're more concerned with everything just working (for some values of "just work") than with giving users a chance to make sure that things don't work that the users don't want to work. A fine-grained capacity system where users were given the option to lie to the software about what capacities it has wouldn't be perfect either, but it would remove a lot of the user-focused pain points of Android's permission model.
It would be a non issue, if the options are not just allow/disallow, but also offer to provide random/fake data, so bad apps would not actually know if the permission is allowed or if the data is fake.
