This depends on what you’re trying to defend against. In my opinion (on GrapheneOS):
“Accessibility” permission (i.e. full control of the device)
“Network” permission
“Modify system settings” permission
“Install unknown apps” permission
Any permission that allows apps to communicate with one another (such as a reduced sandbox, file permission, or app communication scopes)
Those are the only permissions that I can think of off the top of my head that could potentially allow an app to phone home. Turning off Wi-Fi for the device does little if the app also has the “Wi-Fi control” permission.
This depends on what you’re trying to defend against. In my opinion (on GrapheneOS):
Those are the only permissions that I can think of off the top of my head that could potentially allow an app to phone home. Turning off Wi-Fi for the device does little if the app also has the “Wi-Fi control” permission.