You need zero permissions to get a list of all apps you have installed, your unique advertising ID and a common things like sensors and WiFi names. Plus full unrestricted internet access.
I think you mean you need zero revocable permissions. The permissions still need to be declared in the manifest, and can be viewed in app info. This is how it works on Android, anyways. I've used both root access and repackers that modify the manifest to remove offending permissions on the past (occasionally it works, but more often it results in the app crashing, especially when the permission is for network access)
