Monday 7 May 2018

Android P Restricts Network Activity Monitoring Apps

Android P Restricts Network Activity Monitoring Apps

Android P Restricts Network Activity Monitoring Apps

Whenever we download Apps from Play Store, we give full access to the apps and they can monitor your full network activity.

They can sniff your incoming and outgoing connection via TCP/UDP to determine if you are connecting to a server. Collective information of user data can be then sell to Advertisers.

xda-developers explains,
A new commit has appeared in the Android Open Source Project to “start the process of locking down proc/net.” /proc/net contains a bunch of output from the kernel related to network activity. There’s currently no restriction on apps accessing /proc/net, which means they can read from here (especially the TCP and UDP files) to parse your device’s network activity. You can install a terminal app on your phone and enter cat /proc/net/udp to see for yourself.

According to Google sources,
Files in /proc/net leak information. This change is the first step in determining which files apps may use, whitelisting benign access, and otherwise removing access while providing safe alternative APIs.

To that end, this change:

  • Introduces the proc_net_type attribute which will assigned to any new SELinux types in /proc/net to avoid removing access to privileged processes. These processes may be evaluated later, but are lower priority than apps.
  • Labels /proc/net/{tcp,tcp6,udp,udp6} as proc_net_vpn due to existing use by VPN apps. This may be replaced by an alternative API.
  • Audits all other proc/net access for apps.
  • Audits proc/net access for other processes which are currently granted broad read access to /proc/net but should not be including storaged, zygote, clatd, logd, preopt2cachename and vold.

The  Android Security researchers said, that new changes coming to Android SELinux, access to some of this information will be restricted. In particular, the change applies to the SELinux rules of Android P and it means that only some VPN apps will be allowed access to some of these files. 

As we have already seen many Apps do Malvertising. Google has always been working on improving Android Security to keep your phone secure.


Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer