I'm facing the following problem at the moment:

I have developed app 'A' which uses permissions 1, 2, 3 and uses an 3rd party library 'B' as a dependency (added using maven & gradle).

Library 'B' uses the permissions 4 and 5. Now when building the app, the manifest merger adds the permissions 4 and 5 to app 'A'.

How can I prevent this and only have the permissions 1, 2 and 3 in the final manifest?

My first guess would be using one of the manifest merger markers as seen here: http://tools.android.com/tech-docs/new-build-system/user-guide/manifest-merger#TOC-Markers

You need to use Selector

Each tools:node or tools:attr declaration can be augmented by a tools:selector attribute which is contextual information on whether or not the merging strategy should be applied to the current lower priority XML description. For instance, this is useful when removing a permission only if coming for one particular library as opposed to any library:

<permission
      android:name="permissionOne"
      tools:node="remove"
      tools:selector="com.example.lib1">

It would be next according your initial requirements

<!--suppress AndroidDomInspection -->
<uses-permission
    tools:node="removeAll"/>

but keep in mind that all other <uses-permissions/> will be removed.

As you know all libraries have a manifest file and will merge together. you can remove a permission that is in one of your libraries by this:

tools:node="remove"

for an example removing location permission:

<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" tools:node="remove" />
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" tools:node="remove" />