Maximum permissions
Surely a simple first step for Google would be to limit permissions based on application type. In this case available permissions ought to be minimal.
Taking it a step further, any developer requesting admin permissions could be vetted, as in theory happens when requesting a EV SSL certificate.