I'm sure, there's cases where they just didn't want to have too many prompts, as that would result in people not reading them either.
But in other cases, this is also just Google that we're talking about. There's for example a presentation [1] where a Google dev introduces this new permission system and afterwards someone from the audience asks, if it's also possible to block internet access with it.
And the Google dev responds in the most innocent of ways that it doesn't need to be possible, because clearly the rest of their permission system works so flawlessly that no critical information one could want to upload to the internet would be available to apps anyways.
I know, never attribute to malice that which is adequately explained by stupidity, but it's not like the guy should be able to be this ignorant in the position that he's in. And Google does have reason to be malicious here. Without internet permission, their ads can't be displayed.
Especially the example in the video of the flashlight app is one where the permission system falls completely flat. In order to toggle the flashlight, you need to ask for full access to the camera, meaning you can take pictures as you like. And since you have internet, you can actually do something malicious with those pictures, too. Clearly, the user did not intend for their flashlight app to take pictures and much less so for it to upload them to the internet.
^this. As long as Google remains an advertising company with some incidental technology projects - they'll be hard pressed to ever fight internal culture/revenue enough to take meaningful steps towards privacy and security.
Just being able to write an app (code on the device) and deploy an ad (code on the Internet - possibility to run "code" like fonts, or trigger calls to site/unique.jpg) - would make preventing data exfiltration and/or tracking absurdly hard while continuing to cater to advertisers aka the paying customers.
But in other cases, this is also just Google that we're talking about. There's for example a presentation [1] where a Google dev introduces this new permission system and afterwards someone from the audience asks, if it's also possible to block internet access with it.
And the Google dev responds in the most innocent of ways that it doesn't need to be possible, because clearly the rest of their permission system works so flawlessly that no critical information one could want to upload to the internet would be available to apps anyways.
I know, never attribute to malice that which is adequately explained by stupidity, but it's not like the guy should be able to be this ignorant in the position that he's in. And Google does have reason to be malicious here. Without internet permission, their ads can't be displayed.
Especially the example in the video of the flashlight app is one where the permission system falls completely flat. In order to toggle the flashlight, you need to ask for full access to the camera, meaning you can take pictures as you like. And since you have internet, you can actually do something malicious with those pictures, too. Clearly, the user did not intend for their flashlight app to take pictures and much less so for it to upload them to the internet.
[1] Relevant question is at 18:07: https://www.youtube.com/watch?v=f17qe9vZ8RM