Overly complicated solution that doesn’t address the problem or fix the current mess. You’re forcing unnecessary and infinite complexity onto developers.
Copying the structure from iOS/Android doesn’t make any sense in the context of the Atlassian Marketplace. iOS apps are obviously 1:1 approved and managed by an individual user. Atlassian apps are approved and managed by org admins.
Please think about how much complexity this will entail for developers who will need to check and handle EVERY single possible on/off permission scope within their apps.
Opt-out automatic updates is the correct solution: