Re: Any developers in the house?
" there is an alarming number of genuinely useful apps that are legitimately useless if you don't allow them network access. What then?"
If it's an app the requires network access to perform its intended function, then you have to decide for yourself if the utility you get from it is worth the security risk.
If it requires network access just because, then either find a different app that doesn't (it probably exists), don't use it at all, or decide it's worth the security risk. Although in that case, you have an advantage in that you know for certain that it's an app that spies on you.
Plus, you always have the option of just not using an app, no matter how useful it may be. Personally, an app the spies on my is useless to me no matter what it does.
"which "firewalled" app is prevented from launching the system browser at the URL "http://www.shadysite.com/?ScrewNetworkPermissions=true&UsersPhoneNumber=123456"...?"
None, of course, but there are ways of handling that, too. For instance, you can firewall your browsers off and only whitelist them temporarily when you actually intend to use them.
In the end, this is the same old security tradeoff -- security and convenience. How much of each is right for you is a call only you can make. But you can't really have both.