back to article Android P to improve users' network privacy

The forthcoming Android P release will protect the operating system's network processes against snoops and nasties. Android's problems lie in a folder and file inherited from Linux, the source of Android's kernel and its key structures: /proc/net. In a commit at Android Open Source, Google's Jeffrey Vander Stoep launched the …

  1. teknopaul Silver badge

    yey

    I had a uni disertaion on "everything in linux is a file, discuss." About the ease on access to the linux system via posix file api.

    Kids now will be writing "Google pwnd linux, discuss."

    I wonder if chrome still knows your ip and every move?

    Do you think Google considers themselves "Advertisers"?

    1. Jamie Jones Silver badge

      Re: yey

      Just because things can be accessed as a file (*not* everything, by the way.... ref: ioctl) it doesn't imply lack of securuty.

      As you know, there are directory permissions, file permissions, acls.. etc.

  2. DougS Silver badge

    Couldn't they just change permissions on /proc/net?

    There isn't any legitimate reason for an app to access anything under it, that should all be mediated by Android APIs.

    1. David Roberts Silver badge

      Re: Couldn't they just change permissions on /proc/net?

      Wouldn't it be sensible to log access for a while instead of just turning it off?

      At a minimum any Apps using/abusing it could be identified and warned.

      1. phuzz Silver badge

        Re: Couldn't they just change permissions on /proc/net?

        How would Google collect the logs (without ending up as the subject of a "google is stealing your information from your phone!!11!!" dogpile), and then how would they parse all of them to pass information on to app developers?

        It's a nice idea that would work well on a handful of servers, but doesn't really scale up to millions of phones.

        1. Dan 55 Silver badge

          Re: Couldn't they just change permissions on /proc/net?

          How would Google collect the logs

          You are aware of this giant binary blob called Play Services...

          and then how would they parse all of them to pass information on to app developers

          They'd probably need just the app name and path in proc at most.

          but doesn't really scale up to millions of phones.

          Tiny compared to ad data.

          They're probably already collecting it as we speak.

    2. Overflowing Stack

      Re: Couldn't they just change permissions on /proc/net?

      There are legitimate reasons.

      There needs to be a way to uniquely identify devices on a local network.

      My Android app can control many household devices like smart TVs and cable boxes, it searches using upnp and mdns.

      If someone has two of the same devices on the same network (say two Samsung 43" 2018 7 series TVs) I need to be able to determine which TV they want to be able to control.

      This can't be done by IP address as this changes often and although upnp provides a UUID this can sometimes change or be identical across models, so can't be used.

      The MAC address is the only way to do this and you can only get this from the /proc/net/arp cache (As far as I know).

  3. Anonymous Coward
    Anonymous Coward

    Correction ..

    Android's problems lie in a folder and file inherited from Linux, the source of Android's kernel and its key structures: /proc/net.

    No, Android's problems lie in the fact that the Google ownership means you have to agree to Google's T&Cs before you have a usable phone. I'm wondering if that may end up as an argument for the EU privacy people to lob a large fine at Google and pretty much start a trade war..

  4. Sloth77

    Great, there go the useful Wifi utilities

    Yet another nail in the coffin, after the process listing API got nerfed.

    1. Jamie Jones Silver badge

      Re: Great, there go the useful Wifi utilities

      Well, it did say "replaced with suitable api/permission", but yeah, you are right if the process listing block is any indication.

      I think android should be a lot tighter, but in doing so, should not affect the capability of "power" apps. I know they want to steer it more towards being just a consumer kit, like an iphone, but if it wasn't for the 'techies', they wouldn't even have the software they're profiting from!

      1. GnuTzu Silver badge

        Re: Great, there go the useful Wifi utilities

        @Jamie Jones, yes; agreed. I hate being Harrison Bergeron'd. Voted up.

  5. Anonymous Coward
    Anonymous Coward

    If Android/Google REALLY wanted to protect privacy..

    There would be an option to disable the INTERNET permission on individual apps (Including system apps).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019