alt Hacker NewsYou're correct, but there's a good reason: they need to draw over other apps to do what they do. So it's not necessarily nefarious. But it is an excellent reason to build the functionality into the OS.
(The reason the permission is so dangerous is they can trick you into pressing the wrong button by relabeling dangerous text with innocuous text.)
The presence of a good reason is exactly why you have to be so careful. Creating an app with a legitimate reason to request permission, only to also abuse it, is a great strategy for an attacker.