You're absolutely right. Not having a distinction between required permissions (e.g. a music player is pretty useless without the permission to read the SD card) and optional ones (e.g. a Twitter app can attach your location to your tweets if you want it to, but it doesn't have to) is the biggest problem with Android's permissions system.
Ironically, it is more of a social problem than a technical one. If people were expected to gracefully handle the exceptions thrown when permissions are denied, we'd be 80% of the way there, I think.
I think a lot of app crashes are due to the fact that app developers simply don't know what to expect. This is a direct result of shoddy documentation.
For example, the Android API has a tendency to return null from functions even when the documentation doesn't say it will (i.e. WifiManager.getScanResults and friends), or simply doesn't document return values at all (i.e. ConnectionManager.getActiveNetworkInfo). The Google guys aren't real stars when it comes to documenting what exceptions may be thrown either.
You can't blame app developers for not gracefully handling exceptions and return values that are not documented.
Ironically, it is more of a social problem than a technical one. If people were expected to gracefully handle the exceptions thrown when permissions are denied, we'd be 80% of the way there, I think.