Android P is putting an end to the ability of third-party apps to monitor one’s network activity even while they’re running in the background and with no reason to do so, according to a number of new commits recently merged into the main repository of the Android Open Source Project, as first noted by XDA Developers. The solution is only the first step Google is taking toward addressing the vulnerability that existed in its operating system for years but its impact is likely to be limited for years as it will only affect apps that aren’t just running Android P but are also targeting it.
Google’s current minimum target requirements are stricter than they used to be but are still lax enough to limit the potential benefits of the upcoming feature until 2020. Right now, developers are allowed to target an SDK that’s up to a year older than the latest major OS release, meaning apps targeting Android 7.0 Nougat are still accepted on the Google Play Store even though Oreo hit the stable channel last August. Due to that state of affairs, the upcoming limitations will only be required for all apps once Android Q is released in 2020 and developers are forced to target Android P and its requirements, i.e. API level 28.
In practice, the limitations will see part of the SELinux kernel related to networking locked down so as to prevent third-party software from parsing activity data in the background. Google is expected to launch the second developer preview of Android P later today, as part of its opening keynote at the latest iteration of the annual Google I/O developer conference. The new OS is then set to go through several more experimental builds before hitting the stable channel in the third quarter of the year, shortly before the Pixel 3 lineup of Android flagships is announced.