Android currently allows apps to monitor your network activity even without requesting a specific permission, but Android P or version 9.0 will restrict access to network activity only to VPN apps.
Stopping Apps From Tracking You
Android currently allows any app to see what apps are connected to the internet and to which servers they connect. This way, an app seeking to gather this type of information could learn all about which sites you visit online, and you wouldn’t know about it.
Facebook, which has already admitted to tracking users’ internet activities across the web without their consent and building “shadow profiles” on them, could have also exploited this design flaw in Android. Furthermore, malicious apps could also abuse this flaw for their own gain.
Changes In Android P
Starting with Android P and API Level 28, Google will lock down "proc/net," which currently allows apps to access internet connectivity-related information. VPN apps will be able to ask users for permission to remove some of the restrictions while the app is in use. Due to this change, apps will no longer be able to monitor users’ internet activity without the user being aware of it.
The VPN service feature in Android also makes it very clear that users are at risk when they enable such apps, because those apps can fully monitor their internet connection. However, users typically know what they’re getting into when they install VPN apps. These apps’ sole purpose is to allow users to route route traffic through their servers, in order to benefit from the protection of the VPN’s encrypted channel.
It will be mandatory for third-party developers to support the Android API Level 28 by the end of 2019. The developers can still support the new APIs as soon as they are available.