Android does not have fine grained permissions(to be fair, neither does iOS), nor the ability to internally segregate components or define inter-app trust. So while you are correct, the only option is to disable features. Features are necessary to build usage out of the pgp using ghetto to the ordinary cell phone user.