Android 14 seems to have quietly eliminated a trick some apps were using to keep themselves alive when the OS tried to kill them.
As spotted by Greenify developer @oasisfeng, Android now freezes a package's cgroup before killing it. Control groups (cgroups) is a Linux kernel feature that organizes processes into groups so their resource usage can be monitored/controlled.
Before Android 14, apps were "able to prevent their death by forking multiple processes under different services and monitoring for the death of any of these. When a child death [was] detected, the remaining process restart[ed] the terminating/terminated service before it's able to be killed itself."
Android 14 prevents this "by freezing the entire cgroup of the package to be killed before killing the individual processes. After the kills are completed synchronously, the cgroup can be unfrozen to allow for restarts. Before freezing the cgroup, the binder interfaces of the processes about to be frozen are also frozen to prevent indefinite blocking by synchronous Binder callers."
Apparently, this trick that Android 14 patches was used by libraries like MarsDaemon in order to keep apps from being killed. The library itself isn't malicious, but it was used by a lot of malware in the past.
The MarsDaemon library hasn't been updated in years, as Oasis says that Chinese OEM forks of Android patched the method it used long ago. Given how much more aggressively Chinese OEM forks of Android manage background processes, this wouldn't surprise me.
It's good to see Android crack down on abusive background behavior by apps. Other related improvements in Android 14 include a reduction in how long it takes for cached apps to be frozen (10 minutes --> 10 seconds) and an increase in the maximum number of cached apps (32 --> 1024).
点击图片查看原图