Well it would have the same permissions as crash reports in general? It uploads the same amount of info as normal crashes right?

Most apps send analytics up already if you are not already aware, most don't ask for your permission to do so.

Make it opt-in and require a privacy review every time something like this goes in?

If you make it opt-in, the company will not get a lot of reports. If you want to get enough data, they should be opt-out as the others.

Opt-in analytics fail to account for people who turn them off because they don't like opt-in analytics. So you might be getting more data, but it might not necessarily be any more representative.