[mdp2021]

Since when network access is standard? Access to filesystem is not, use of hardware components but for display and speaker is not, internet access is not... Maybe you are referring to the exploitation of "intents" to exchange with networking enabled applications?

[kuschku]

Network access requires no user approval. The only place you could find it before granting it to an app was via the permissions list in the play store.

[mdp2021]

Ok, let us clarify the matter a little.

An Android application requires "permissions" to do "anything past the basics"; permissions have to be declared in the "Manifest" file.

There are (simplifying) two main types of permissions: "normal"¹ and "dangerous, runtime"²; the former only need to be specified by the programmer in the Manifest; the latter also need direct confirmation from the user at a requester prompt.

This implies that "normal" permissions are granted by the user implicitly with the action of installing the application. Which means, that it is _quite important_ that the user sees the permissions list beforehand, before installation.

--

¹"Normal": BLUETOOTH, INTERNET, VIBRATE...

²"Dangerous": READ_CONTACTS, RECORD_AUDIO, SEND_SMS...

[uranium]

Same with "run at startup" and some other important ones; there's no way to deny it once installed.

[kikokikokiko]

This is why having a firewall installed is essential in every android phone. Afwall+ does the job. My phones are all rooted but if I'm not mistaken it works on non rooted phones as well.

[uranium]

Nope, it requires root, as it should, really. Anything that can mess with networking at a low level needs root; there's no Android permission that I know of that lets you get down to iptables level.

[mdp2021]

There do exist "noroot" Android firewalls; I am not sure how they work (I think by somehow becoming interfaces - like "noroot" packet sniffers), but very probably not through `iptables`.

There are products on GitHub; I am looking at NetGuard (from, I think, Marcel Bokhorst aka M66B - the project has many forks). The .md says, «The only way to build a no-root firewall on Android is to use the Android VPN service».