fine-grained app permissions

Does anyone know, why Android app permission management is so inflexible? Why when installing or updating an app one's only choices are: either grant all requested permissions or reject them all and fail the installation or the update? Why cannot apps choose to optionally use some permissions, but also be able to run without them, in which case respective functionality would be restricted or missing? Would it be too difficult for Google to implement this? Yes, I heard about per-app firewalls, which, I think, require rooting. But wouldn't this make sense globally for the mainline Android? Has this been discussed before? How do other OSes manage this? iOS?