Android isn’t known for its watertight security and one almost always finds out about a glaring flaw in it. It was recently discovered that Android apps on current and previous versions of the OS get unrestricted access to your network activity. To make matters worse, there’s no permission for you to grant, it’s just allowed for all apps by default. This means that any app has unrestricted access to the network activity of another app.
Additionally, they could also tell when those apps are connecting to the Internet and where they are connecting to. The actual contents of the data is still protected, but even a destination is enough to cause trouble. Some apps on the Play Store even use this method to detect when you connect to services that they don’t like. Even social media apps could use this to track your network activity without your knowledge.
Related Android P Notifications Might Be Getting New Features, Including Remind, Send, and Snooze Actions
Thankfully, the next version of Android is going to remedy the situation. According to a new AOSP commit discovered by XDA Developers, apps in Android P will no longer be able to monitor network activity. Only designated VPN apps will be allowed to read TCP and UDP files which in turn interpret network activity. Unfortunately, most apps will continue to enjoy unrestricted access until 2019 when apps are forced to use the newer version of the Android API. Hopefully, the new security measures will be implemented across all versions of the OS, but there’s no word about Google about it.
It’s also unclear if this change will make its way to past Android versions, and the vulnerability will still be around in devices running older versions of Android. Apps that specifically monitor network activity will likely be affected but there may be an official workaround to allow those apps to keep functioning. We may well find out more about this at Google I/O this week when the second developer preview for Android P is introduced.
Source: XDA developers