> Is "internet access" permission just granted for any app by default without asking the user?
IIRC it was changed because people complained that a lot of apps required that permission despite the functionality not needing it. E.g. calculator app or whatever. Turns out that you need this permission if you want to display ads. So Google just sided with the advertisers and removed the permission from the display. Generally, I believe that Google likes internet connected things because they as a company have better tools to capture online revenue streams vs offline ones.
Even if I hate ads and I think one should be able to ban them forever on their devices, Android could just add an "Internet access" permission that only counts for Internet access required outside the Ads API, so they would keep their ads and users could be a bit safer on the "this app is snooping my data" side.
That would only work if they open up the Ads API to work with any ad network. Otherwise it would basically kill any competition in the Android Ad space, which would probably lead to EU and US regulators coming down hard on Google.
They could instead expand the permission system to group various ad api's so that each api is considered a distinct permission. Honestly would be good to do that in addition (i.e. separate from) the general internet permission.
I agree that it would be nice to separate the privileges if it were possible.
I suspect that allowing internet access even in the form of ads opens the possibility for data exfiltration in principle. But I'm not familiar with the Android case at all.
It allows for expensive, obvious data exfiltration. (Expensive in the sense that somebody else could take the data, unless you're the highest bidder for those categories – assuming Google Ads still shows ads with a bid of 0, which I'm not confident in.)
IIRC it was changed because people complained that a lot of apps required that permission despite the functionality not needing it. E.g. calculator app or whatever. Turns out that you need this permission if you want to display ads. So Google just sided with the advertisers and removed the permission from the display. Generally, I believe that Google likes internet connected things because they as a company have better tools to capture online revenue streams vs offline ones.