The Littlenitch pitch explains the concept:
As soon as you’re connected to the Internet, applications can potentially send whatever they want to wherever they want. Most often they do this to your benefit. But sometimes, like in case of tracking software, trojans or other malware, they don’t.
But you don’t notice anything, because all of this happens invisibly under the hood.
Application firewall mitigate this problem on a per-application basis.
Note that one might also want to look at network firewalls which stop whole network protocols from doing stuff, and application sandboxes, which prevent other naughty behaviour by apps, e.g. accessing local files or devies or other services that they should not.
sfxedit advises when trying to moderate apps hogging limited bandwitch:
Application Firewallto control what app on your mac connects to the internet.
Lulu is free and opensource. Radiosilence and TripMode are two other very affordable alternative app firewalls that are simpler to use than Lulu. Little Snitch and HandsOff are more advanced with more features (and hence costlier).