Android P Beefs Up Security By Blocking Apps From Monitoring Your Network Activity

There has been a privacy issue with Android for quite some time that gave apps the ability to access the network activity of your device without asking for permission. These apps are unable to eavesdrop on the content of your network activity, but they can peek at incoming and outgoing connections via TCP/UDP and figure out what server you are connecting to. In practice, this means that apps can do things like detect if you have connected to the server at your bank to conduct online transactions.

One concern with the issue is that it could allow social media apps to track network activity without the user's knowledge. This specifically has been a big concern for some users after the privacy issues Facebook has had with Cambridge Analytica.

Thankfully, Google will plug this hole with Android P, as the Android Open Source Project is committing to "start the process of locking down proc/net." If you are wondering, /proc/net holds the output from the kernel that is related to network activity. Right now, there are no restrictions on access to /proc/net allowing any app to read data stored there.

XDA reports that with changes to Android SELinux rules, access to data stored in that path will be restricted. The change applies to SELinux rules of Android P and with these changes only designated VPN apps will be able to access the files in that /proc/net path. To maintain compatibility apps with API Levels <28 will continue to have access to content in that path. That does mean that until 2019 when apps will be forced to target API Level 28, most apps will continue to have unfettered access to network data. It's worth noting that users on a custom Android ROM like CopperheadOS are protected since changes to block access to network data were made years ago.