Android P logo

The upcoming version of the Android OS —codenamed only Android P for the moment— will block applications from accessing and monitoring the operating system's network activity.

Android project developers took this decision to improve the operating system's privacy and prevent user-installed apps from sniffing on the user's network activity outside the app.

/proc/net access abused by apps

Currently, apps can access networking data by requiring a simple permission, but the text of that permission is vaguely worded, and most users don't fully understand the breadth of the access an app is receiving.

For example, a user-installed app that obtains the permission to access the user's network data can tap into the Android OS "/proc/net" process and detect any time the user is initiating a network connection and to what server.

The app can't access the data in that network connection, but often enough, knowing where the user is connecting is enough for apps that collect user data to sell it to advertisers.

Android devs are plugging the leak

But over the weekend, Android developers have submitted a commit to the Android OS source code that "plugs the /proc/net leak" and restricts access to this core OS process, according to XDA Developers, a forum dedicated for Android developers.

Moving forward, Android engineers said that only VPN apps will be allowed access to this process and that any other app that needs it must undergo a code audit.

This update is just the latest security-focused change made to the upcoming Android P operating system. Below are others:

⮞  Android P will block cleartext (HTTP) traffic from apps. HTTPS is the new norm.
⮞  Android P will use the same UI when requesting fingerprint authentification across apps and devices.
⮞  Android P will block background apps from accessing the phone's camera and microphone.
⮞  Android P will encrypt backups on the device with a local secret key before sending the backup for storage on Google's servers.
⮞  Experimental support for MAC address randomization.
⮞  Support for DNS over TLS.

Related Articles:

More Than Half of Android Apps for Kids Are Violating US Privacy Laws

Malware Found in the Firmware of 141 Low-Cost Android Devices

Malware Found in the Firmware of 26 Low-Cost Android Devices

Microsoft Will Extend GDPR Privacy Protections to All Users, Not Just Europeans

Amazon Is Selling Facial Recognition Software to US Law Enforcement