iOS should ask permission for network access similar to how it asks permission to access contacts and photos. Unlike those permissions, however, this one should be optional to the app author.

This permission is only important for a certain class of business apps that access potentially sensitive corporate data, but for those apps it can be essential. The wide open marketplace of the App Store means a good app can come from anywhere - but how do you know the FTP app you just downloaded isn't uploading your server login credentials to a nefarious actor? Ditto for that version control app or SQL app.

This isn't just a problem for app users, either. If you are an unknown developer making that new SQL app, how can you assure potential buyers that you won't do anything shady? A promise in your app description isn't worth much (and may even arouse further suspicion).

Of course, requiring permission to use the network would be a disaster for apps that show ads (that is to say, most of them) and a problem for many other apps as well. That's why, unlike contact and photo access, apps should be able to opt-in to requiring permission for network access.

To distinguish apps that opt-in, Apple should brand the feature ("Secure Networking", for example) and have an accompanying logo. Apps that opt-in should get a badge in the App Store, and Apple should promote the feature, especially to enterprises.

One more thing: authorization should happen per domain. That way an app couldn't say it needed network access to twitter.com and then actually connect to malicious-domain.com.

I know I would be much more willing to download and try out an unknown FTP, SQL, or similar app if it came with a guarantee that my sensitive login information couldn't be stolen by a malicious app author.