This depends on what you’re trying to defend against. In my opinion (on GrapheneOS):
“Accessibility” permission (i.e. full control of the device)
“Network” permission
“Modify system settings” permission
“Install unknown apps” permission
Any permission that allows apps to communicate with one another (such as a reduced sandbox, file permission, or app communication scopes)
Those are the only permissions that I can think of off the top of my head that could potentially allow an app to phone home. Turning off Wi-Fi for the device does little if the app also has the “Wi-Fi control” permission.
App communication scopes isn’t the scary thing, it’s the solution. Standard Android sandbox allows apps to communicate if they mutually agree to it. Scopes will allow you to limit that.
This depends on what you’re trying to defend against. In my opinion (on GrapheneOS):
Those are the only permissions that I can think of off the top of my head that could potentially allow an app to phone home. Turning off Wi-Fi for the device does little if the app also has the “Wi-Fi control” permission.
App communication scopes isn’t the scary thing, it’s the solution. Standard Android sandbox allows apps to communicate if they mutually agree to it. Scopes will allow you to limit that.