Google closing privacy flaw in Android

Google is finally making moves to close a privacy flaw that allows apps to covertly gain access to network activity on a device even without asking for sensitive permissions.

The flaw in the /proc/net directory of Android allows apps to detect the presence of other apps installed on an Android device, and sniff out when they are connecting to the internet including connecting to a specific server.

It does not expose the content of any network activity, but the flaw is already being used in a range of applications, including hidden trackers on Google Play, to track users’ network activity without their knowledge.

While a fix is being developed involving restricting access to some of the data stored in /proc/net, most applications are expected to continue to have unrestricted access to network activity until 2019, when a new framework for the way apps access APIs is introduced.

“User tracking without their consent undermines basic  privacy and security,” said NordVPN CMO Marty Kamden.

“Apps can monitor network activity even without requesting any sensitive permissions. In addition, this privacy hole could easily be exploited for malicious purposes — for example, when a user’s browsing history is collected, their online profile can be created.”

He urged Android users to consider taking additional steps to safeguard their online privacy, including being sure not to download fake apps or click on phishing messages, maintaining good password hygiene and keeping Android up to date with all software updates and security patches. Users should also consider using a VPN on their Android devices.

Image credit: ©stock.adobe.com/au/Mila Gligoric

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.