This depends on what you’re trying to defend against. In my opinion (on GrapheneOS), the “Network” permission, “Modify system settings” permission, “Install unknown apps” permission, and any permission that allows apps to communicate with one another (such as a reduced sandbox, file permission, or app communication scopes). Those are the only permissions that I can think of off the top of my head that could potentially allow an app to phone home.
App communication scopes isn’t the scary thing, it’s the solution. Standard Android sandbox allows apps to communicate if they mutually agree to it. Scopes will allow you to limit that.
This depends on what you’re trying to defend against. In my opinion (on GrapheneOS), the “Network” permission, “Modify system settings” permission, “Install unknown apps” permission, and any permission that allows apps to communicate with one another (such as a reduced sandbox, file permission, or app communication scopes). Those are the only permissions that I can think of off the top of my head that could potentially allow an app to phone home.
App communication scopes isn’t the scary thing, it’s the solution. Standard Android sandbox allows apps to communicate if they mutually agree to it. Scopes will allow you to limit that.