Since switching to Graphene and starting research on Android development, I've come to realize that very few Android apps are audited for their network activity. This is bad for everyone, although fortunately Graphene OS provides a toggle for blocking network traffic. As a security hobbyist Id also like to look under the hood a bit more.

I want to make a daemon (or call a preexisting one) to monitor this traffic and get it sent to logs. This daemon would ideally be able to intercept incoming network traffic before sending data back to the requestor. I was wondering anyone had any insight on Android's native daemons, and how I could go about accomplishing this.

    zombiekitty527 make a daemon (or call a preexisting one) to monitor this traffic and get it sent to logs

    Whatever DevicePolicyController (docs) uses could potentially be useful as well. You can look in AOSP for hints.

    There's also extensive eBPF plumbing, if you're interested in extending that for network logging purposes. A relevant report on it by Mishaal Rahman (of XDA): https://www.xda-developers.com/google-restricted-networking-mode-android-12/ (mirror).

      Awesome, this is exactly what I was looking for. Thank you!