Google adds a Restricted Networking Mode in Android 12

The latest feature regarding Android 12 XDA spotted, internally called restricted networking mode does not provide the configurable firewall.

A handful of commits merged to AOSP describe the new restricted networking mode feature. Google has created a new firewall chain, a set of rules that the Linux iptables utility follows to allow or block network traffic to support restricted networking mode. When this mode is turned on via a setting, only apps that hold the CONNECTIVITY_USE_RESTRICTED_NETWORKS permission will be allowed to use the network.

Since this permission can only be granted to privileged system applications and/or applications signed by the OEM, this means that network access will be blocked for all applications installed by the user. Effectively, this means that you’ll still receive push notifications from apps using Firebase Cloud Messaging (FCM), as these notifications are routed through the privileged Google Play Services app that holds the requisite permission, but no other app excluding a handful of other system apps can send or receive data in the background.

XDA don’t quite know where Google will place a toggle for restricted networking mode in Android 12. XDA know it can be toggled at runtime and programmatically queried via shell command, much like Android’s Data Saver feature, but XDA don’t know if Google plans to let users make their own allowlist/blocklist of apps. It would be huge if Google added a user-facing settings page to restrict Internet access on a per-app basis so users don’t have to rely on apps like NetGuard that use Android’s VPN API. There is nothing wrong with the way these apps operate, but there’s little preventing them from being killed by bad OEM software.