Restrict access to Tor's SOCKS port
Any process on localhost can connect to the SOCKS port of our Tor process and use it to make connections via Tor. Without having any specific attack in mind, I guess malicious apps running on localhost (which are within our threat model on Android) might be able to use this to undermine the user's anonymity.
Tor uses the SOCKS username and password for circuit isolation, so if we wanted to password-protect the SOCKS port we'd have to add a config option to treat the password as a credential, perhaps keeping the username for circuit isolation.
Tor already has password-hashing code for the control port, which we might be able to reuse for the SOCKS port.
If this feature request passes the smell test let's open a ticket upstream.