… How do you figure? Any user that’s willing to install a flashlight app that requests access to their personal data is more than likely to accept an internet permission as well.
Oh, you won’t accept the internet permission? Then the flashlight won’t work.
I don’t disagree with your main point. A user-controlled internet permission should be implemented, and permissions should be granular instead of all-or-nothing. But I wouldn’t think for a second that their existence would curtail the impact of any kind of app that exploits the user.
The reality is that the masses are unaware of how these things work, and how to be secure. And for many who may lean towards the side of not trusting an app with a permission, if the app provides something they want that’s gated behind it, they damn well are going to give it to them. There are only a few people that actually understand and take the time to consider the impacts of what they install.