Android P, the next version of Google’s mobile operating system, will fix a privacy issue that you may have never heard of. With the release of Android P later this year, Google will limit apps from gaining access to the network activity of your device. Currently, apps can access network activity even without asking for any sensitive permissions.
While Android apps cannot detect the content of your network calls, they are capable of sniffing any outgoing or incoming connection using the TCP/UDP protocols to determine whether you are connecting to a certain server. Any app on Android can detect what other apps on your device are connecting to the internet, and they can also tell when those apps are connecting to the internet. Apart from that, the Android apps can use the framework to see where the apps are connecting to.
This a serious privacy problem that only a handful of Android users will be aware of. Google, however, seems to be ready to address it, finally. A new commit has been spotted in the Android Open Source Project that allows to “start the process of locking down proc/net.” According to XDA Developers, the commit contains a bunch of output from the kernel related to network activity. Currently, there is no restriction on app accessing /proc/net and read the TCP and UDP files to track your device’s network activity.
The new changes coming to Android’s SELinux rules suggest that Google plans to restrict access to some of this information. The change applying to the SELinux rules of Android P suggests only designated VPN apps can get access to these files while all other applications seeking access will be audited by the system.
Watch: Android Oreo top features
This change could land in the second developer preview of Android P, expected to be announced at Google I/O 2018 this week. Google is getting very aggressive about security and privacy settings used by third-party developers and applications on Android. With this new restriction, it seems to be making Android more safer and secure against network mapping and targeting by applications.