Flatpaks also just come with a set of default permissions at install time, so running in a sandbox only really protects against flaws in the software, but not against malicious intentions by its creator. Flatpak doesn’t have an “ask for permission” system afaik, at least not standardized. What you do is you add or subtract from the default the app itself specifies.
Does this happen with the network cable unplugged?