When you install an app on your device, you are often prompted to allow or deny access to certain features and hardware components. One permission that apps commonly request access to is the local network. But what exactly does granting local network access entail and should you allow apps this capability?
What is the local network?
The local network refers to the internal network that your device is connected to. This includes any other devices connected to the same Wi-Fi network or local area network (LAN). For example, if you are at home and connect your smartphone to your home Wi-Fi, all other devices on that network like computers, smart TVs, and printers are considered part of the local network.
Some key characteristics of the local network:
- Allows connected devices to communicate with each other directly
- Usually accessed via Wi-Fi, ethernet, or local area network
- Grants access to other local devices like laptops, smart home gadgets, network storage etc.
- Commonly provides access to the internet via the network router
- Limited geographic range, usually confined within a home, office or building
Why do apps need access to the local network?
There are several legitimate reasons why an app may request access to the local network:
- To access other connected devices: Apps like remote desktop tools and file managers need to access other devices on the network like computers and NAS devices. Network access allows them to discover, communicate with and transfer data between devices on the local network.
- Network diagnostics: Some troubleshooting and network analyzer apps require the ability to scan the local network and identify connected devices. This helps them identify issues and monitor network traffic.
- Smart home devices: Apps that control smart home products like light bulbs, switches and appliances connect to them through the local network. Local network access allows these apps to find and communicate with the devices.
- Multiplayer gaming: Games with multiplayer modes hosted on the local network need to detect and connect to other players on the same network.
- Printers and scanners: To set up and use local printers and scanners, apps need network access to find and connect to the hardware.
- Media streaming: Apps like Plex and Kodi use local network access to find media content on PCs and NAS drives and stream it to your device.
What can apps do with local network access?
Here are some of the common things apps with local network access may be able to do:
- Scan devices and servers connected to the network
- Retrieve list of connected devices, their IP addresses and hostnames
- Attempt connections to open ports and services running on devices
- Perform wake-on-LAN requests to turn on devices remotely
- Transfer data and communicate directly with other devices on the network
- Access shared files and media on local file servers and PCs
- Control smart home devices, TVs and media centers
- Print documents to local network printers
However, the extent of what the app can actually do depends on the specific app, the platforms involved, and what network resources are being shared. Not all apps will be able to perform all actions or access every device.
Risks of allowing local network access
While many apps request local network access for legitimate functionality, there are certain risks to be aware of when granting apps this permission:
- Accessing your private network resources: Apps may access and transmit data from your other devices and shared files without your knowledge.
- Identity and location exposure: They can determine your network name, router MAC addresses and local IP range which could reveal your identity and physical location.
- Surveillance of network activity: Malicious apps could monitor network traffic to intercept data, track usage and discover vulnerabilities.
- Lateral movement: Apps could attempt to access devices and information beyond what is required for their functionality.
- Network attacks: Compromised or intentionally malicious apps could conduct network scans, spread malware, and launch attacks against other devices.
Additionally, bugs in apps could unintentionally cause leakage of sensitive network data or make networks susceptible to external attacks. Extensive permissions coupled with poor coding practices pose privacy and security risks.
Tips for managing app network access
Here are some ways you can manage app access to your local network more safely:
- Only install apps from trusted sources like official app stores
- Check app reviews and research the developer/publisher
- Only grant local network access to apps when required for their primary functionality
- Monitor network traffic when using new apps to check for suspicious activity
- Use antivirus software to scan for malware-infected apps
- Keep apps and operating systems updated to the latest versions
- Use firewalls and VLANs to restrict network access to IoT devices
- Frequently change Wi-Fi passwords and use strong encryption like WPA2
- Disable network discovery protocols like UPnP when not needed
- Connect untrusted devices and smart appliances to a separate guest network
Examples of apps requiring network access
Here are some common examples of legitimate apps that may request access to your local network:
| App Category | Apps |
|---|---|
| File managers | ES File Explorer, Solid Explorer, MiXplorer, X-plore |
| Remote access | TeamViewer, Splashtop, Chrome Remote Desktop |
| Network tools | Fing, Network Analyzer, WiFi Analyzer |
| Smart home | Google Home, Amazon Alexa, SmartThings, IFTTT |
| Printers | HP Smart, Epson Print Enabler, Brother iPrint&Scan |
| Media servers | Plex, Kodi, VLC, Infuse, AllConnect |
| Games | Minecraft, Asphalt 8, Call of Duty Mobile |
As you can see, many legitimate apps across different categories can benefit from local network access for their intended functionality. At the same time, exercise caution in allowing apps network access, especially those that do not seem to have a valid reason to request that permission based on their purpose.
How apps are allowed network access
Apps can gain access to the local network through the following methods:
- User permission: Apps directly request the Local/Network Access permission from the user during installation or first run of the app. The user must explicitly allow access.
- Mobile provisioning profile (iOS): Developers can enable the local networking entitlement when submitting an app to the App Store. The app is then allowed network access automatically, without requiring user permission.
- Over-privileged apps (Android): Apps with SYSTEM, ROOT or NETWORK_STACK permissions can implicitly access networks without holding the CHANGE_NETWORK_STATE or ACCESS_NETWORK_STATE permissions.
- Compromised routers: Malicious apps can change firewall settings on compromised routers to allow network access to other apps without consent.
- Circumventing sandboxes: Apps may exploit vulnerabilities in the OS sandbox to gain unauthorized network access outside their isolated environment.
So apps can’t normally access the local network without explicit user approval. However, exceptions do exist, especially on jailbroken/rooted devices with disabled security controls.
How network access works on Android and iOS
Android and iOS have some differences in how they handle apps accessing local networks:
Android
- Apps explicitly request ACCESS_NETWORK_STATE and CHANGE_NETWORK_STATE permissions
- Internet permission provides access to remote networks but not local networks
- Modifications may be required to interface with VPNs and Wi-Fi networks
- Apps can listen to network traffic with Root access or CAPTURE_PACKETS permission
iOS
- Apps request Local Network permission during App Review or at runtime
- Can only access services offered by Multipeer Connectivity framework
- VPN configurations must use NEPacketTunnelProvider API
- Apps can’t directly listen to network traffic due to sandboxing
On both platforms, users have to consent to providing local network access. But Android offers more low-level network configuration capabilities if the app is Rooted or privileged.
Testing what data apps can access
You can test what information apps can actually see on your local network by using the following methods:
- Port scanning tools like Fing or Angry IP Scanner to check if apps are accessing open ports or services on other devices
- Wireless sniffing apps like Wireshark to analyze app network traffic
- Firewall tools like NoRoot Firewall to selectively block app access and monitor connection attempts
- Permission managers like XPrivacyLua to revoke app permissions and simulate access denials
- Enable developer options to watch apps requesting network access in real time
- Temporarily connecting devices to isolated test networks to analyze app behavior
These methods can determine if apps are abusing network access by spying on traffic or communicating with other devices without justification. Revoke the Local Network permission from any app engaged in suspicious or unnecessary network activity.
Conclusion
The local network access permission allows apps to discover, communicate with and transfer data between devices on the same network as your smartphone or tablet. Legitimate uses include file management, remote access, printing and streaming media from local servers. However, the permission can be misused by malicious apps to steal data, breach privacy or attack devices on the network.
Carefully inspect apps before installing, only grant the network permission when absolutely required and monitor actual access behavior. Routinely review installed apps and restrict access for those that don’t provide a clear benefit from local network capabilities. Be very wary of enabling network access for apps from unknown developers or sources. Following basic precautions will help minimize privacy and security risks while still allowing you to benefit from apps that leverage the local network.