Permissioning is a mess – among other things of course. I feel that permissions to access any resource(image, location, files etc) could be given without necessarily giving access to the PII value that resource holds, e.g. running a no side effects function on it on-device or on a trusted service that is readonly to me and write-only to 3rd parties.