Comment by GuB-42
6 months ago
Here is a rather convincing answer about why not require user approval for internet access in Android applications. From the Android developers themselves.
https://old.reddit.com/r/androiddev/comments/ci4tdq/were_on_...
I don't know about "running in the background" but Android work using "intents", which mean an app can be woken up effectively at any time, so "don't allow app to run in the background" may not do what you expect.
I'm sure there's subtle details to manage here. But "You can exfiltrate data be opening a browser" is a weak argument: One can display the URL to be opened to the user if such an Internet-limited app asks to open a browser, or decide that apps that aren't allowed to use the Internet also aren't allowed to open a browser.
I think there's ways to manage the communication with users around which cases it is surprising/suspicious for the app to require that functionality. Personally, I don't love the model that apps ask for certain permissions but aren't required to explain in a way that can be verified by app store reviewers what they need those permissions for.
And even if one doesn't want every consumer to have to explicitly consent to the permission, it seems to me like you could still have an opt-out mechanism, so that the paranoid among us can implement a more restrictive policy, rather than giving up on the idea of having such a permission entirely.