With the first Android 12 Developer Preview expected to go live one month from now, there’s still a great deal we don’t think about Google’s next significant OS update. Burrowing through the Android Open Source Project can only uncover a limited amount of much given that the bulk of Android 12’s codebase isn’t public. In any case, we sometimes see proof for new Android features in AOSP, however, they’re frequently not very exciting. The most recent feature we spotted, internally called “restricted networking mode”, tragically doesn’t give the configurable firewall that we were expecting to see, however it makes them interesting suggestions.
A handful of commits converged to AOSP depict the new confined networking mode feature. Google has made another firewall chain — a set of rules that the Linux iptables utility follows to permit or block network traffic — to help confined networking mode. At the point when this mode is turned on by means of a setting, just applications that hold the CONNECTIVITY_USE_RESTRICTED_NETWORKS permission will be permitted to utilize the network. Since this permission must be granted to privileged system applications and additionally applications signed by the OEM, this implies that network access will be blocked for all applications installed by the client. Successfully, this implies that you’ll actually get push notifications from applications utilizing Firebase Cloud Messaging (FCM), as these notices are directed through the special Google Play Services application that holds the requisite permission, however no other application — excluding a handful of other system apps — can send or get information in the background.
We don’t exactly have a clue where Google will put a switch for limited networking mode in Android 12. We realize it tends to be flipped at runtime and programmatically questioned through shell command, much like Android’s Data Saver include, yet we don’t have the foggiest idea whether Google intends to allow clients to make their own allowlist/blocklist of applications. It would be colossal if Google added a client confronting settings page to limit Internet access on a per-app basis so clients don’t need to depend on applications like NetGuard that utilization Android’s VPN API; there’s nothing amiss with the way these applications work, yet there’s small keeping them from being killed by awful OEM software.
