Differencebetween System Apps and Privileged Apps on Android

What is the difference between system apps and privileged apps on Android?

So after some digging, it's clear that apps in priv-app are eligible for system permissions, the same way that old apps used to be eligible to claim system permissions by being in system-app. The only official Google documentation I could find on this came in the form of a commit message:
Commit hash: ccbf84f44c9e6a5ed3c08673614826bb237afc54

Some system apps are more system than others

"signatureOrSystem" permissions are no longer available to all apps
residing en the /system partition. Instead, there is a new
/system/priv-app directory, and only apps whose APKs are in that
directory are allowed to use signatureOrSystem permissions without
sharing the platform cert. This will reduce the surface area for
possible exploits of system- bundled applications to try to gain
access to permission-guarded operations.

The ApplicationInfo.FLAG_SYSTEM flag continues to mean what it is says
in the documentation: it indicates that the application apk was
bundled on the /system partition. A new hidden flag FLAG_PRIVILEGED
has been introduced that reflects the actual right to access these
permissions.

Update: As of Android 8.0 priv-app has changed slightly with the addition of Privileged Permission Whitelisting. Beyond just being in priv-app, your app must also be added to a whitelist in order to gain various system permissions. Information on this can be found here: https://source.android.com/devices/tech/config/perms-whitelist

Difference between preinstalled and privileged protection level

The answer seems to be yes, as long as a privileged app is part of the system image (i.e. pre-installed). The package manager will grant a preinstalled permission to what it (internally) calls a system app, see grantSignaturePermission():

if (!allowed && (bp.protectionLevel
        & PermissionInfo.PROTECTION_FLAG_PREINSTALLED) != 0
        && isSystemApp(pkg)) {
    // Any pre-installed system app is allowed to get this permission.
    allowed = true;
}

Internally, a system app is actually a pre-installed app (refactoring is limited to the public API, not in the source), see ActivityInfo:

/**
 * Value for {@link #flags}: if set, this application is installed in the
 * device's system image.
 */
public static final int FLAG_SYSTEM = 1<<0;

// Many lines not shown

public boolean isSystemApp() {
    return (flags & ApplicationInfo.FLAG_SYSTEM) != 0;
}

What is the difference between privapp-permissions.xml in system/etc/permissions and default-permissions.xml in system/etc/default-permissions?

Every private permissions used by apps in /system/priv-app/ should be put in privapp-permissions.xml.
The dangerous permissions used by apps in /system/ can be granted by default by system/etc/default-permissions.

private permissions are permissions declared in platfrom with system|signatured flags.
dangerous permissions are runtime permissions should be granted by users.

Get Android system permissions by putting app in /system/app?

As of Android 4.4, Privileged Apps must be put in /system/priv-app instead of /system/app. Once I moved my app there, it got the privilege as expected.

See here: AOSP Privileged vs System app

When i add app priv-app phone not booting

You haven't shared the Crash Stack here. Its difficult to tell.

I could see here that
Are you requesting any privileged permissions from the app side ? if yes, device will not boot until you whitelist those permissions in privileged permissions xml file which will be stored at either system/etc/permissions