Starting March 27, 2025, we recommend using android-latest-release instead of aosp-main to build and contribute to AOSP. For more information, see Changes to AOSP.
Network security best practices
Stay organized with collections
Save and categorize content based on your preferences.
This section contains recommendations to ensure the security of network
communications from Android devices.
Secure listening sockets
Use listening sockets with caution. There should generally
not be any open listening sockets on devices as these provide a vector for a
remote attacker to gain access to the device.
- Android devices should minimize the number of internet listening sockets
they expose, especially on boot or by default. No socket should be
listening on the internet at boot by default.
- Root processes and processes owned by the system unique identifier
(UID) shouldn't expose any listening sockets.
- Listening sockets must be able to be disabled without an OTA update. This
can be performed using either a server or user-device configuration change.
- For local IPC-using sockets, apps must use a UNIX domain socket with
access limited to a group. Create a file descriptor for the IPC and make it
+RW for a specific UNIX group. Any client apps must be within that UNIX
group.
- Some devices with multiple processors (for example, a radio/modem separate
from the app processor) use network sockets to communicate between
processors. In such instances, the network socket used for inter-processor
communication must use an isolated network interface to prevent access by
unauthorized apps on the device (i.e. use iptables to prevent access by
other apps on the device).
- Daemons that handle listening ports must be robust against malformed
data. You should conduct fuzz-testing against the port using an
unauthorized client, and, where possible, authorized client. File bugs to
follow up on crashes.
The Android Compatibility Test Suite
(CTS) includes tests that check for the presence of open listening ports.
Disable adb
Android Debug Bridge (adb) is a valuable development and debugging tool, but
is designed for use in a controlled, secure environment and shouldn't be
enabled for general use.
- Ensure that adb is disabled by default.
- Ensure that adb requires the user to turn it on before accepting
connections.
Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
Last updated 2024-09-24 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-09-24 UTC."],[],[],null,["# Network security best practices\n\nThis section contains recommendations to ensure the security of network\ncommunications from Android devices.\n\nSecure listening sockets\n------------------------\n\nUse listening sockets with caution. There should generally\nnot be any open listening sockets on devices as these provide a vector for a\nremote attacker to gain access to the device.\n\n- Android devices should minimize the number of internet listening sockets they expose, especially on boot or by default. No socket should be listening on the internet at boot by default.\n - Root processes and processes owned by the system unique identifier (UID) shouldn't expose any listening sockets.\n- Listening sockets must be able to be disabled without an OTA update. This can be performed using either a server or user-device configuration change.\n- For local IPC-using sockets, apps must use a UNIX domain socket with access limited to a group. Create a file descriptor for the IPC and make it +RW for a specific UNIX group. Any client apps must be within that UNIX group.\n- Some devices with multiple processors (for example, a radio/modem separate from the app processor) use network sockets to communicate between processors. In such instances, the network socket used for inter-processor communication must use an isolated network interface to prevent access by unauthorized apps on the device (i.e. use iptables to prevent access by other apps on the device).\n- Daemons that handle listening ports must be robust against malformed data. You should conduct fuzz-testing against the port using an unauthorized client, and, where possible, authorized client. File bugs to follow up on crashes.\n\nThe [Android Compatibility Test Suite](/docs/core/tests)\n(CTS) includes tests that check for the presence of open listening ports.\n\n### Disable adb\n\nAndroid Debug Bridge (adb) is a valuable development and debugging tool, but\nis designed for use in a controlled, secure environment and shouldn't be\nenabled for general use.\n\n- Ensure that adb is disabled by default.\n- Ensure that adb requires the user to turn it on before accepting connections."]]
