In the future, it looks like Android apps will no longer be able to detect when other apps on your device are connecting to the internet.
It's about time Google patches this nasty privacy flaw. Any app can monitor your network activity without your knowledge to see when you connect with a competing app, or perhaps worse.
XDA Developers first noticed[1] the new changes coming to Android's SELinux rules for apps targeting API level 28 running on Android P[2]:
A new commit has appeared in the Android Open Source Project to "start the process of locking down proc/net." /proc/net contains a bunch of output from the kernel related to network activity. There's currently no restriction on apps accessing /proc/net, which means they can read from here (especially the TCP and UDP files) to parse your device's network activity.
The SELinux changes only enable designated VPN apps to access some networking information, according to the code. As XDA Developers points out, Android apps won't have to target API level 28 until 2019 -- meaning the flaw could still be accessed for some time.
We'll be looking for changes in the next release of the Android Open Source Project. Hopefully Google will jump in and patch things before Android P's future release.
References
- ^ first noticed (www.xda-developers.com)
- ^ Android P (www.zdnet.com)