Thanks for your comment. I agree that some scenarios are unlikely. Its real danger, as you’ve identified, is that unexpected behaviour can lend credence to an otherwise obvious attack. For example, if you take a look at this fake “Android virus alert” – how much more convincing would it be if the phone vibrated with its “alert”?
It will be interesting to see how this develops – and I look forward to reading more about the permissions model.