For an aac user, it can be super helpful to be able to install a custom communication system as a keyboard as then they can use it with all the other apps. The keyboard apps have the same disclosures as all the others and you should avoid giving it the ability to export data with access to the Internet. Really any app can do this while you’re in it and ask those name brand apps you bank with or whatever are made by third parties and could be logging anything to anywhere if no one bothered to check.

That said, I am unhappy with how android play store has never allowed you to filter apps by permission and has made it harder and harder to even see what permissions an app will request or “require”. The permissions system is so good, should be made more fine-grained but instead they seem focused on “data safety statements” that are just cya for the platform as far as I can tell.

You need something that can watch/report your Internet traffic around the clock and selectively “fail” dns lookups you don’t like or something. I think iPhone does have something like this built in?