Say, an app declared itself as

<uses-permission android:name="android.permi开发者_如何学Cssion.INTERNET" />

Is there a way for a user (or another app) to revoke that permission (w/o iptables of course)?

Blocking Internet

If what you want is to specifically block Internet access for selected apps AND your device is rooted then DroidWall is one of the options (use the blacklist mode). Btw, in the latest versions of Google Play app you'll notice that Internet permission won't even be listed when you install an app - Google decided it's not worth showing there..

Custom ROMs

Custom ROMs such as Cyanogen 7.x have built-in permission management. Once you enable the corresponding feature in Settings -> Cyanogenmod Settings you can disable the permissions you want by simply tapping a permission in the standard app system details screen. Cyanogenmod 9 and later don't have this feature anymore, because when the Cyanogenmod team were considering adding permission revocation to ICS, Google emailed them threatening to revoke Google Play access for devices running Cyanogenmod in case the feature persists in the Android 4.x builds.

AppOps

As of version 4.3 Android contains App Ops - a limited built-in permission management system that is not accessible from the main UI, but can be activated by calling an intent with action android.settings.APP_OPS_SETTINGS. There is an AppOps Starter app on the play market which will start the intent. If you use Nova launcher you can create a shortcut to AppOps via Add > Shortcut > Activities > Settings > App Ops (summary). You can also build the launcher yourself from source code.

Disabling specific activities

Elixir2 can selectively disable activities and broadcast receivers, so in many cases it might be able to disable specific ad activities which can be easily recognized by their package names.

Modifying APK files

You can also try to modify the apk file itself to remove the permissions you don't want, for example using ApkTool (very tricky and won't work if the developer takes security seriously).

PDroid

One more option is PDroid - it requires patching or recompiling your ROM. Once you have a ROM built with the PDroid code you can use the pDroid app on Google Play to configure each app as you wish.

xPosed Framework

Another alternative which only requires root, but not a specialized ROM is the Xposed Framework - a library which injects itself into the Android system process and which provides an API for other apps (called Xposed modules) to do the craziest possible things. At the implementation level, it allows the modules to intercept any Android API call, modify its parameters, and attach hooks. A description is available on the XDA developers forum. Once you install the framework, there are several modules that you can install which will give you total control over the permissions of any app, including feeding fake or random data for deviceID, contacts, locations, country, etc. Have a look, for example, at modules like xPrivacy, AppSettings, or AndroidTuner - they all allow altering permissions, or asking you for confirmation on access. There are also modules for controlling broadcast receivers and startup items. I have successfully run it on several devices with very good results, but subsequently found that battery consumption raised considerably, not sure whether it was because of the framework itself, or specific modules.

Is there a way for a user (or another app) to revoke that permission

Short of uninstalling the app? No. Permission decisions are a one-time thing when the app is installed.

UPDATE: On Android 6.0+, users now have the ability to control what apps can do after installation. Technically, this is not by revoking permissions, though the user interface certainly suggests it. This works akin to the AppOps technology leaked in Android 4.3 and early patchlevels of Android 4.4. Users who block operations (e.g., accessing contacts) cause affected apps to simply see an empty ContactsContract provider, for example.

there is a custom ROM that can do that

• http://forum.xda-developers.com/showthread.php?t=1011716
• http://forum.xda-developers.com/showthread.php?t=996726

Is there a way for a user (or another app) to revoke that permission (w/o iptables of course)?

"Yes, but..."

If you are willing to root your device (which no longer requires any occult rituals ;), you can use XPrivacy (as a module for Xposed). It does not simply deny the unasked-for permissions (which might cause an app-crash), but rather can be set up to sensibly spoof permissions you do not really want, e.g. when an app tries to get your location, it claims you're on the Easter Islands. It is very flexible (including a super-paranoid "ask ME what to anytime this app want to do that" and a handy "allow/deny for xx minutes" feature). Oh, and it's free (though the pro version, totally worth its money, allows you to apply permission templates to all installed apps and to access the crowd-repository with pre-determined permissions).