It's nice to be able to toggle it (it's also possible to revoke this permission on GrapheneOS). However, it is imperfect, since apps within the same profile can still communicate through IPC, so if apps cooperate, network access can still be achieved. I would guess that Play Services is one of the larger offenders, since many apps communicate with Play Services and as far as I understand (but I may be mistaken) Play Services does work that involves internet access on behalf of other apps.
You could of course disable network access to Play Services, but at least for me that broke a bunch of apps or made them unreliable.
What AOSP ROMs need besides the network permission toggle is IPC scopes functionality, akin to storage scopes.
GrapheneOS has user profiles, but they're too heavyweight for most uses.
Profiles are a thing in "stock" Android too, they just don't have the toggle to disallow them working in the background, the "Install available apps" option and Google services also keep working across profiles.
If you want something less disruptive for isolation, there's Private Space. What I like is that this can stop apps there from working in the background on stock Android as well.
> However, it is imperfect, since apps within the same profile can still communicate through IPC, so if apps cooperate, network access can still be achieved.
Folks brings up 'IPC' as if this is some chink in the armour in AOSP. It isn't. 'Apps' pretty much on most consumer OSes can 'IPC' their way with other co-operating apps to 'achieve' network access from behind a firewall, just the same.
> since many apps communicate with Play Services and as far as I understand (but I may be mistaken) Play Services does work that involves internet access on behalf of other apps
If the OS or its privileged component will fchown the socket to the origin app, think the INTERNET permission will be enforced as expected.
There is very little IPC that is allowed for apps that do not share a development team on iOS.
> There is very little IPC
I am not familiar with iOS internals, but does "very little IPC" mean "zero IPC"? Because if we are talking IPC in the context of bypassing permission checks, I imagine, 'very little' doesn't cut it?
What stops the app from opening a link in Safari to trackmyshit.com/uuid-uuid-uuid-uuid that closes itself.