Well, everyone is chiming in with their opinions on the good and bad aspects of updates. I think update detractors are cherry-picking the bad points while ignoring the good. The bottom line is any kind of online access involves a lot of risk in today's world. There are literally hundreds of thousands of exploits that each specifically target the operating systems, computer applications, smartphone apps we use hours each day. Instead of dreading updates we should be appreciating them, it's evidence that some exploit is being addressed. Something that might prevent you from identity theft or other similar, very serious problem.
At this point none of us as consumers can determine what all these updates actually apply to. Yes feature or other similar updates might not be necessary, and there are some updates that do create instability in an app or OS but those are pretty rare occurrences. An update might be apply to a feature update (or downgrade when we don't like them), or a bug fix, or a security patch. In an ideal world it would be nice to have updates categorized so those who chose to can pick what they want, but here in the real world the fact is there can be overlap between those feature/bug fix/security aspects so categorizing any update might involve a lot of subjective opinion, both by developers and by users.
The bottom line is we're all tenuously connected to each other, the Internet itself is just a massive network, and that's a massive problem since as far as security issues things are getting really hazardous. Every few days there's a revelation about some online service that's been 'hacked', revealing user data in the thousands and often millions or billions. Some are internal oversights on bad procedure, but some are directly attributed to some network admin or web developer that ignored applying the necessary security update. A good example is the recent Equifax breach, which after months of varying false statements by management the truth was finally revealed -- a security update was ignored. (Specifically, an update for an Apache Struts web server application. A critical update that was available for several months prior to the 'hack'.) So this one intentionally ignored security update has resulted in a serious problem for billions of people that now have their current and past contact info, social security number, bank account number, and much more freely available online. (The number continuously grows as Equifax management is also continuously caught lying about the affected numbers.) Now multiple this kind of situation by thousands and that's a snapshot of just one day when it comes to the Internet. Lots of people have convinced themselves for various reasons to skip updating but it's a growing problem that in a large part we've created for ourselves.
And that's the issue with just those 'annoying' updates to your Android device. Intentionally ignoring updates for selective reasons may be a personal choice on making your device less safe, but again, we're all connected to each other so doing something like allowing your device to become part of botnet has an impact on all of us.
Regarding those little descriptive blurbs included with Play Store updates, they're essentially valueless. A developer may actually fill it in with a detailed message on what's being fixed or patched, or it might be just filled in wth that boilerplate, generic 'bug fix' terminology that can actually be just a bug fix to the base code or a serious security patch that's noted from the CVE database. On average I've noticed third-party developers are often better at providing actual details, while big corporations like Google typically reveal very little. But in either case it, for any user to base their decision on applying an app update on those blurbs isn't getting an accurate assessment. (Also, some very serious exploit fixes are intentionally not revealed up front because of timing issues -- if's often better for all involved to release a security patch ASAP to try to stay ahead of when some exploit is then revealed to the public. So that generic 'bug fix' could be just that, or it could in reality be something much more important.)