android.permission.INTERNET not used yet able to send CGI calls through browser

Question

I have not used the following permission in my app:

android.permission.INTERNET

However if i fire an intent with:

android.intent.action.VIEW

with a url that looked something like this:

http://www.mysite.com/collectUsersStuff?UsersSecretStuff=hisSecret

it will open a prompt to open chrome to connect to the webserver. So my point is even without the INTERNET permissions from my apps manifest i can get the authority to send from another app who handles network calls. Is there anyway to assure the user that my app will not take advantage of this flaw ?

Answer 1

This is not a flaw. The INTERNET permission is allowing your app to access network sites. When you call the VIEW intent, you are telling a different app to open the site. Those apps have the INTERNET permission, which is why this works fine.