Hacker News

Android P to Block Apps From Monitoring Device Network Activity

android-p-network-activity-selinux

Do you know that any app you have installed on your Android phone can monitor the network activities—even without asking for any sensitive permission—to detect when other apps on your phone are connecting to the Internet?

Obviously, they cant see the content of the network traffic, but can easily find to which server you are connecting to, all without your knowledge. Knowing what apps you often use, which could be a competing or a financial app, “shady” or “malicious” app can abuse this information in various ways to breach your privacy.

But it seems like Google has planned to address this serious privacy issue with the release of its next flagship mobile operating system.

With Android P, any app will no longer be able to detect when other apps on your Android device are connecting to the Internet, according to the new code changes in Android Open Source Project (AOSP) first noticed by XDA Developers.

“A new commit has appeared in the Android Open Source Project to ‘start the process of locking down proc/net,’ [which] contains a bunch of output from the kernel related to network activity,” XDA Developers writes

“There’s currently no restriction on apps accessing /proc/net, which means they can read from here (especially the TCP and UDP files) to parse your device’s network activity. You can install a terminal app on your phone and enter cat /proc/net/udp to see for yourself.”

Also Read: Android P Will Block Background Apps from Accessing Your Camera, Microphone

However, the new changes applied to the SELinux rules of Android P will restrict apps from accessing some network information.

android-p-network-activity

The SELinux changes will enable only designated VPN apps to access some of the network information, while other Android apps seeking access to this information will be audited by the operating system.

However, it should be noted that the new SELinux changes are coming for apps using API level 28 running on Android P—which means that apps working with API levels prior to 28 continue to have access to the device’ network activities until 2019.

A few custom ROMs for Android, such as CopperheadOS, have already implemented these changes years ago, offering better privacy to their users.

As XDA developers pointed out, this new change introduced to the Android operating system appears to be very small that users will hardly notice, “but the implications for user privacy will be massive.”

Similar Posts: