The forthcoming Android P release will protect the operating system's network processes against snoops and nasties.
Android's problems lie in a folder and file inherited from Linux, the source of Android's kernel and its key structures:
In a commit at Android Open Source, Google's Jeffrey Vander Stoep launched the apparently-prosaic process of “locking down
As the commit explained: “Files in
/proc/net leak information. This change is the first step in determining which files apps may use, whitelisting benign access, and otherwise removing access while providing safe alternative APIs.”
Like Linux, Android uses the
/proc filesystem to expose internal (that is, process) information to userspace processes. The kernel writes the information to virtual files in virtual directories under
/proc – and this includes networking information under
The folder contain programs important information about interfaces, connections, hosts' IP addresses and more, but much of that information is sensitive. In Android, any app can access
/proc/net without telling the user.
The change will require audits of a number of processes that have more access to
/proc/net than they should: the storage daemon, zygote (the parent process of user apps), the clatd IPv4-IPv6 daemon, the logging daemon, the vold (volume daemon) and others.
It's no surprise, then, that with so many processes able to access
/proc/net, apps can abuse it.
As Mishaal Rahman wrote at XDA-Developers,
/proc/net doesn't provide access to comms content – but IP addresses, for example, are valuable to advertisers.
And valuable to bad actors as, for example, an app burdened with malware can watch
/proc/net for attempts to connect to security Websites.
The other key components of the lockdown include adding a
proc_net_type attribute to SELinux, to protect privileged processes' access to the file; VPN apps will be protected with a
proc_net_vpn attribute, so they don't stop working.
The commit says Android's developers will audit “all other
proc/net access for apps.”
The XDA Developers post notes that securing users will be a slow process: “For compatibility purposes, it appears that apps targeting API levels < 28 will still have access for now. This means that until 2019 when apps will have to target API level 28, most apps will still have unrestricted access.” ®