Android P Will Prevent Apps from Monitoring Network Activity

Developers from the XDA forum have discovered new changes in the SELinux policy rules for apps targeting API level 28 in the Android P operating system. These changes address a security issue that previously allowed any Android app to monitor the network access of other apps.

In all versions of Android up to and including Android Oreo, any app could track the device’s network activity without the user’s knowledge. While apps could not access the content of network calls, they were able to check any outgoing or incoming connection via the TCP/UDP protocol and determine if the user connected to a specific server. For example, an app could detect when another program on the device connected to a financial institution’s server.

According to members of the Android Open Source Project, developers plan to “begin the process of blocking access to proc/net.” This directory contains a large amount of network activity data from the OS kernel. Currently, apps have unrestricted access to proc/net, allowing them to analyze the device’s network activity.

The new SELinux changes will allow access to certain network information only for specific VPN apps. However, as the developers noted, this vulnerability will continue to exist for some time, since Android apps are not required to target API level 28 until 2019.