This is correct, but it is still a slippery slope. At some point the dev ends up...

gassi · 2026-01-05T17:10:46 1767633046

Related, GrapheneOS has a handy feature to disable network access for individual apps.

yonatan8070 · 2026-01-05T20:06:51 1767643611

Also non-GrapheneOS Android. I'm on CrDroid (Android 16), ans if I go into "Settings -> Apps -> Some App -> Mobile data usage", there's a toggle for "Allow internet access", and a few more to control network access on Wi-Fi, cellular, background, and VPN.

sallveburrpi · 2026-01-05T20:50:51 1767646251

If the permission is added in retrospect wouldn’t you still need to opt in?

fwiw i completely agree that oss is the way to go here

shakna · 2026-01-06T04:16:30 1767672990

The "Internet" permission on Android is one of the no-approval ones. If it gets added, you won't notice.

hsbauauvhabzb · 2026-01-05T23:59:23 1767657563

I’m interested in what you’re suggesting. Who are those auditors you trust? Does f-droid imply things have been audited?

ElectricalUnion · 2026-01-06T02:07:56 1767665276

f-droid implies

* that the application is source-available;

* toolchain used to build the app is FOSS - application does not use Play Services, or proprietary tracking/analytics, or proprietary ad libraries.

* application toolchain doesn't depend on "binary blobs";

Not even passing the sniff test on those easy to meet requirements is suspicious.

hunter2_ · 2026-01-06T04:22:11 1767673331

Would a safe alternative (albeit annoying to update) be to side load the apk for the purpose of eliminating the possibility of auto updates brought on by an app store?