However — I've thought on and off for years — I feel like an omission is a toggle to restrict an app's network access. I would be much more willing to give an app other permissions if I knew my data couldn't be uploaded somewhere. But in its current state, I almost never give an app permission to access (for example) my contacts because I assume that data will be uploaded and stored.
---
If I remember correctly, custom keyboard extensions don't have access to the network by default, unless you explicitly give them that permission. Why hasn't this been extended to all apps?
---
This also brings up another question — why has iOS never had fine-grained control over which contacts you share with an app? (Similar to how they updated the photos/media permissions in the last few years.)
The funny thing is iOS (and I assume all of the other forks) does have this implemented but it's just not widely available. If you buy an iPhone in China, you can restrict individual apps from using both cellular & Wi-Fi. In other countries (I assume), you only have the option to disable cellular (Settings -> Mobile Data).
https://old.reddit.com/r/ios/comments/aib10i/in_china_ios_al...
https://apple.stackexchange.com/questions/278051/ios-wi-fi-i...
Even backend app containers like Docker, which are all about restricting permissions and maintaining a sandbox, allow arbitrary outgoing connections by default.
It would essentially kill the business model of any offline app with relies on advertising to function as soon as regular people learn that turning off network access means they keep their app and also don't get advertising.
1. An application firewall would prevent Apple from collecting data from its customers. (An obvious exception for Apple's app would result in negative publicity for it).
2. Apple also has an online advertising network, and in the early days Apple's plan was to entice developers to use their ad platform on various apps. This would mean Apple could make money from "free" apps too (developers who charged for their apps were already paying the "Apple Tax"). An application firewall preventing network access would make such an ad service useless on their platform.