A years-old privacy flaw will finally be coming to an end on Android. It’s an issue you’ve probably never heard of, but one that you should absolutely be concerned about. Currently, apps on Android can gain full access to the network activity on your device—even without asking for any sensitive permissions. These apps can’t detect the content of your network calls, but they can sniff any outgoing or incoming connection via TCP/UDP to determine if you are connecting to a certain server. For instance, an app can detect when another app on your device connects to a financial institution’s server. Don’t believe me? Just download one of the many netstat apps on the Play Store and see for yourself.
Netstat Plus (Free, Google Play) →
Netstat Plus app detecting that my phone connected to Chase Bank.
Any app could detect not only what other apps on your device are connecting to the Internet, but they could also tell when those apps are connecting to the Internet and where they are connecting to. Obviously, this is a serious privacy hole that Google is finally addressing, but the malware implications are also pretty serious (we’re not going to go into further details as to not give anyone ideas.) I’ve heard of a few shady apps on the Play Store using this method to detect when you connect to services that they disapprove of. Apps like Facebook, Twitter, and other social media apps could use this to track your network activity without your knowledge.
Fixes coming to Android 7.1+
A new commit has appeared in the Android Open Source Project to “start the process of locking down proc/net.” /proc/net contains a bunch of output from the kernel related to network activity. There’s currently no restriction on apps accessing /proc/net, which means they can read from here (especially the TCP and UDP files) to parse your device’s network activity. You can install a terminal app on your phone and enter cat /proc/net/udp
to see for yourself.
But thanks to new changes coming to Android’s SELinux rules, access to some of this information will be restricted. In particular, the change applies to the SELinux rules of Android 7.1+ and it means that only designated VPN apps can get access to some of these files. All other applications seeking access will be audited by the system.
We’ll likely see this change land in a future monthly security update. If you are using a custom ROM such as CopperheadOS, then you’re already secure as these SELinux changes have been made years ago. We’re glad to see Google finally restrict access to /proc/net after many years of unrestricted access. It’s a very small change that users are unlikely to notice, but the implications for user privacy will be massive.
0 comments:
Post a Comment