Show 2-way internet access without permission by using IPC/intent to browser/webview components & update privacy-policy

[emanuelb]

From https://github.com/databurn-in/PrivacyBreacher/blob/49baca41451be4c6`6d90c764c0af7da2ff5f987f/privacy-policy.md#privacy-policy

PrivacyBreacher doesn't transmit any information that it collects because it can't access the internet

Change the text, as even app without internet permission can access the internet and leak data via several methods as:

1. Abusing IPC/intents to other apps that suffer from SSRF/XAS (cross application scripting) alike vulns or features, the common/most-available method is via intent to browser application (or webview activity) to open https URL, this also can be 2-way, details below.
2. making the data available for other apps with internet permission so they can leak them (such as having exported content-provider, a file with 777 permissions, etc...)

The text can clarify that it doesn't transmit any information because it's what the code does and you can read it to verify, access to internet with zero permission app is possible as this app shows (after implementing below feature)

Regarding Internet 2-way communication example:

1. open Browser with intent to HTTPS url (leak data in GET request url query parameters) - passing data to server.
2. the HTTPS url can return to the app with additional information via using either custom URI scheme or using INTENT uri or using app links - passing data from the server to the app.

Related issue in Vanadium (default browser in GrapheneOS)
GrapheneOS/Vanadium#37

GrapheneOS-Archive/legacy_bugtracker#675 (comment)

Browsers implementing an ACTION_VIEW handler for URLs is a simple example providing a partial bypass by allowing non-covert HTTP GET requests without the INTERNET permission.