android 17 - ACCESS_LOCAL_NETWORK

cherepavel

Android 17 will finally feature protection against loopback 127.0.0.1, through which apps send all sorts of information to each other.
https://developer.android.com/reference/android/Manifest.permission#ACCESS_LOCAL_NETWORK

DeletedUser728

cherepavel so it's only IPC left unprotected

xbxbz

cherepavel

The Android 17 ACCESS_LOCAL_NETWORK permission does not solve the cross-profile localhost communication issue described in GrapheneOS/os-issue-tracker#4768.

The vulnerability allows apps in separate user profiles to communicate over 127.0.0.1, bypassing profile isolation.

This occurs because Android shares the network namespace across profiles, enabling localhost connections between them.

The ACCESS_LOCAL_NETWORK permission only controls discovery of devices on the local network (e.g., LAN), not loopback interface (localhost) access.

The real fix requires separate network namespaces per user profile, which is not implemented in Android 17.

Elysium

https://developer.android.com/privacy-and-security/local-network-definition

Hm, is localhost even in their definition of local network? I am no expert with networking etc. Doesn't seem like it?

A local network in this project refers to an IP network that utilizes a
broadcast-capable network interface, such as Wi-Fi or Ethernet, but excludes
cellular (WWAN) or VPN connections.

169.254.0.0/16 //Link Local

100.64.0.0/10 // CGNAT

10.0.0.0/8 // RFC1918

172.16.0.0/12 // RFC1918

192.168.0.0/16 // RFC1918

Link-local

Directly-connected routes

Stub networks like Thread

Multiple-subnets
Additionally, both multicast addresses (224.0.0.0/4, ff00::/8) and the IPv4
broadcast address (255.255.255.255) are classified as local network addresses.

While local is 127.0.0.1 ?

DeletedUser728

Elysium indeed, thank you. None of loopback, 127.0.0.1 is mentioned either there or here https://developer.android.com/privacy-and-security/local-network-permission

So OP seems to be wrong or hasn't provided enough evidence.

@cherepavel?