Android P to improve users' network privacy

Soon-to-be-staunched Linux network process folder bleeds info about smartmobe use

12 Reg comments Got Tips?

The forthcoming Android P release will protect the operating system's network processes against snoops and nasties.

Android's problems lie in a folder and file inherited from Linux, the source of Android's kernel and its key structures: /proc/net.

In a commit at Android Open Source, Google's Jeffrey Vander Stoep launched the apparently-prosaic process of “locking down /proc/net”.

As the commit explained: “Files in /proc/net leak information. This change is the first step in determining which files apps may use, whitelisting benign access, and otherwise removing access while providing safe alternative APIs.”

Like Linux, Android uses the /proc filesystem to expose internal (that is, process) information to userspace processes. The kernel writes the information to virtual files in virtual directories under /proc – and this includes networking information under /proc/net.

The folder contain programs important information about interfaces, connections, hosts' IP addresses and more, but much of that information is sensitive. In Android, any app can access /proc/net without telling the user.

The change will require audits of a number of processes that have more access to /proc/net than they should: the storage daemon, zygote (the parent process of user apps), the clatd IPv4-IPv6 daemon, the logging daemon, the vold (volume daemon) and others.

It's no surprise, then, that with so many processes able to access /proc/net, apps can abuse it.

As Mishaal Rahman wrote at XDA-Developers, /proc/net doesn't provide access to comms content – but IP addresses, for example, are valuable to advertisers.

And valuable to bad actors as, for example, an app burdened with malware can watch /proc/net for attempts to connect to security Websites.

The other key components of the lockdown include adding a proc_net_type attribute to SELinux, to protect privileged processes' access to the file; VPN apps will be protected with a proc_net_vpn attribute, so they don't stop working.

The commit says Android's developers will audit “all other proc/net access for apps.”

The XDA Developers post notes that securing users will be a slow process: “For compatibility purposes, it appears that apps targeting API levels < 28 will still have access for now. This means that until 2019 when apps will have to target API level 28, most apps will still have unrestricted access.” ®


Keep Reading

If you're despairing at staff sharing admin passwords, look on the bright side. That's CIA-grade security

Internal report confirms what we all feared: Lax controls led to WikiLeaks Vault 7 hack tools blab

Not one to be outdone by Microsoft, Apple's cloud fell over too. Unlike Microsoft, it hasn't said what happened

Apple TV, iCloud Mail, iWork for iCloud, App Store and more go TITSUP*

Report: CIA runs secret cyberwar with little oversight after Trump gave the OK, say US government officials

Details start to emerge on real-world impact of Prez-signed secret memo

When you see PWA, Microsoft and Google want you to think Programs With Attitude: Web app release tool tweaked

More native applications we smoke, yo, our rep gets bigger

Sure is wild that Apple, Google app store monopolies are way worse than what Windows got up to, sniffs Microsoft prez

Analysis 'Far more formidable gates to access to other applications than anything that existed in the industry 20 years ago'

Swift tailored for Windows no longer folklore: Apple's programming language available for Microsoft OS

The Redmond-aligned can try the Cupertino-spawned lingo thanks to a Googler's intervention

Apple-Google COVID-19 virus contact-tracing API to bar location-tracking access

Renamed 'ExposureNotification' will only only one app per nation

Microsoft will release a web browser for Linux next month. Repeat, Microsoft will release a browser for Linux – and it uses Google's technology

Ignite This means Linus Torvalds has definitely won, doesn't it?

Biting the hand that feeds IT © 1998–2020