That said, there's a difference between understanding what privilege you are granting and understanding the implications of that grant.
For instance, Google help pages [0] just talk about "Full account access" and "View your basic profile information." What about apps that can view your calendar? That's in between. What information do those apps actually see? What can somebody do with the information that I might not like? These are hard questions to answer with the information Google gives you.
Grant an application permission because it asked to in order to fulfill a request to handle one particular thing about one particular email. Instead, grant access to your entire email account, not get notified of which emails the application accessed, and get upset because the application exceeded what you desired to grant.
I don't think Google is a villain here, except for the lack of fine grained access control common to all cloud apps.
For example, I had enabled IFFT to record something to a Google Sheet periodically. I didn't realize that in doing that, I gave the company unfettered access to my entire corpus of data.
Edit: Formatting & Spelling