Most attacks on Devs are about fooling us into importing libraries that hide a callback to their server, exposing the user to lots of different attacks. Removing the Internet permission from your app blocks all callbacks. So, even if we get fooled into a lib, the app still does not leak information.
Discussion
One day I’ll fool you into making an amethyst iOS version 😈
Aye, remember all the "and suddenly it's malware"