Apps asking for way more permissions that they need is the new chmod 777pic.twitter.com/8H0PjNuyyl
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Yep. And devs won't do better until they're forced to, so the ball is on Google/Apple's court
Apple does moderately well. They make most permissions explicit options and make it hard for apps to force/trick you into turning them on, probably by Store policy too.
Yeah, in comparison Apple is way better but I've been reading some stats and apparently is 70 vs 40% of users (android /iOS) leaking info; not sure how many of that 40% have their iPhones rooted 
However Apple does provide a device-unique tracking token that apps (& possibly websites?) can access and broadcast. You can manually reset it but not disable it.
So in summary we're quite screwed :/
My understanding is that it's (1) a compromise to prevent them from doing more awful, non-resettable hacks to fingerprint the device, and (2) a means of maintaining the value of their walled-garden/platform to ad-addicted developers.
Interesting, I really need to learn more about this and how it works
The app shouldn't know they've been denied. Just feed randomised data. So they can't be like "this app won't work without your contacts" or whatever
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.