Android realizes parts of its sandbox model for the apps with SELinux. SELinux blocks the access to resources on your device by default. You have to specifically write rules to grant access. It appears Android allows all apps the access to the /proc/net directory by default. Some background information about proc:

The proc filesystem (procfs) is a special filesystem in Unix-like operating systems that presents information about processes and other system information in a hierarchical file-like structure, … /proc/net/, a directory containing useful information about the network stack, in particular /proc/net/nf_conntrack, which lists existing network connections …

This means that every app on your Android smartphone can monitor which apps connect to the internet and also when and where they connect to, without having to ask permission do so. People familiar with SELinux will find the related rule in the untrusted_app.te policy file under android / platform / external / sepolicy:

# access /proc/net/xt_qtguid/stats

r_dir_file(untrusted_app, proc_net)

Untrusted apps means:

In current AOSP, this domain is assigned to all non-system apps as well as to any system apps that are not signed by the platform key.

This rule does not only give access to the stats file as indicated but also any other file under /proc/net.