I agree with the OP's conclusion - permissions need to be finer-grained and authorisation prompts more informative. But with OAuth as it stands, those things are under the control of the API provider, and app developers have limited control.
If my app has a button to follow someone on Twitter, my app needs Twitter write permission, which also lets me tweet as you and read your DMs. All I want to do is follow someone, but Twitter doesn't offer finer-grained authorisation, so I have no choice but to pop up the dialog box asking for full write access.
Twitter's an extreme example, but not the only one. The Facebook API also has some unintuitive permissioning requirements (for example, you need more permissions to "like" a post than you do to comment on it). Unless the permission model makes sense to users, apps have a hard time communicating to users why they need the permissions they're requesting. Judofyr's suggestion above would help a lot with this problem, but it's still not something that can be blamed entirely on lazy app developers.
If my app has a button to follow someone on Twitter, my app needs Twitter write permission, which also lets me tweet as you and read your DMs. All I want to do is follow someone, but Twitter doesn't offer finer-grained authorisation, so I have no choice but to pop up the dialog box asking for full write access.
Twitter's an extreme example, but not the only one. The Facebook API also has some unintuitive permissioning requirements (for example, you need more permissions to "like" a post than you do to comment on it). Unless the permission model makes sense to users, apps have a hard time communicating to users why they need the permissions they're requesting. Judofyr's suggestion above would help a lot with this problem, but it's still not something that can be blamed entirely on lazy app developers.