No excuse for a keyboard to have internet permissions, but that's how they turn a profit. There are some great opensource keyboards available through f-droid that don't have any internet permissions, like AnySoftKeyboard, OpenBoard, and Simple Keyboard.
While these concerns are valid depending on who you ask. Am curious to know how the author came to the conclusion that gboard required let alone requested for GPS permissions. And other ones he claims to be sensitive.
Also, 200M installs does not equate to 200M users (affected).
I have 7.1.8.something and it has approximate location permission, but I see no indication of this or current version wanting exact location. The others seem in line with what Play Store webpage shows:
* full network access
* read the contents of your USB storage
* find accounts on the device
* read your contacts
* record audio
* take pictures and videos
All these aren't requirements for app functionality AFAIK. If any app needs a certain permission you should get a prompt to accept or deny any of them individually. If denying permissions isn't possible on nougat (don't know if this is a relevant problem, I think old android had something of the sort) maybe you should look into upgrading your device.
To perform network operations in your application, your manifest must include the following permissions:
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />