> However, it is imperfect, since apps within the same profile can still communicate through IPC, so if apps cooperate, network access can still be achieved.
Folks brings up 'IPC' as if this is some chink in the armour in AOSP. It isn't. 'Apps' pretty much on most consumer OSes can 'IPC' their way with other co-operating apps to 'achieve' network access from behind a firewall, just the same.
> since many apps communicate with Play Services and as far as I understand (but I may be mistaken) Play Services does work that involves internet access on behalf of other apps
If the OS or its privileged component will fchown the socket to the origin app, think the INTERNET permission will be enforced as expected.
There is very little IPC that is allowed for apps that do not share a development team on iOS.
> There is very little IPC
I am not familiar with iOS internals, but does "very little IPC" mean "zero IPC"? Because if we are talking IPC in the context of bypassing permission checks, I imagine, 'very little' doesn't cut it?
What stops the app from opening a link in Safari to trackmyshit.com/uuid-uuid-uuid-uuid that closes itself.