I'd imagine it is probably not worth for Google to enforce application developers to only request minimum permissions needed for the application to operate