> periodic re-confirmation

This just trains everyone to blindly click "accept" thus adding zero security while making the UX terrible for people who know what they're doing

Why is that an acceptable middle ground for you? I trust f-droid apps a lot more than anything installed from the Play store. The same restrictions should apply to Google's store as others.