Comment by UncleMeat
21 days ago
The effect of this would be to make all apps request all permissions because even if you are just using some other app for a particular feature you need, you have no control over what other permissions they might add which would suddenly break any intents you send them. The only defense would be to request everything.
You could very specifically ban ACTION_VIEW intents for web URIs from apps without an internet permission I guess. But does banning apps from linking to the web (to be opened in browsers) really seem like a good idea?
Similar changes have been done before, the security sandbox behaves differently based on the app's minimum/target API level for backwards compatibility.
That's also why there's a warning before installing really old apps, they may run with extra permissions.