Android P Will Prevent Apps From Background Network Monitoring

According to a recent commit to the main repository of the Android Open Source Project, Google is preparing to prevent apps from monitoring network activity in the background with the release of Android P, the next major version of the Android OS.

XDA Developers, which first reported on the commit, explained that "Currently, apps on Android can gain full access to the network activity on your device—even without asking for any sensitive permissions."

While apps can't access the content of calls made over the network, they can identify where network calls are being made to. For instance, apps can detect when other apps make requests to a particular service.

Apps, including malicious apps, could use this to track Android users without their knowledge.

The new commit will restrict app access to /proc/net, which contains kernel output related to network activity. Only certain VPN apps will be able to access /proc/net files.

Because of Android Versioning requirements, apps that target Android API levels under 28 will still be able to monitor network activity. This won't change until 2019, when Google will require apps to target API level 28 or higher. 

Be sure to read the next Security article: Daily API RoundUp: GitHub, WorldCup 2018, Google Street View