Google cracks down on power-user apps that use Android's accessibility API

Alfred Osborne
November 15, 2017

Developers whose apps use Android's accessibility features outside of their intended goal will need to abide by a few new rules or risk of having their apps removed from the Play Store entirely.

Last Pass have made a statement on their blog stating that Google have contacted them and other app developers and are working on a "long-term solution" to suit users' needs and their accessibility requirements for full app functionality. Google's sudden policy change seems like it will also reduce the functionality of myriad useful apps and could outright kill others. However, these functions can create security risks, so, Google is now taking some strict actions against apps using Accessibility Services. The app, which is particularly popular in India, has been delisted from the app store for misleading and unhealthy promotions.

Jeff Sessions rebuffed a Republican who wants to investigate Comey
But it also raised deeper concerns about the impartiality of the administration of justice. So it's possible Sessions' recusal from the topic will stand.

Lifestyle triggers major shift in disease burden across India
Air pollution, which was the third largest risk factor in the country in 1990, moved to the second position in the year 2016. In 1990, of the total disease burden in India, 61% was due to communicable, maternal, neonatal, and nutritional diseases.

Qualcomm rejects Broadcom's $103 billion offer
Overall, Broadcom's bid is a very ambitious attempt to grow its share of the market for components that go into mobile phones. Qualcomm's stock climbed 1.2% in premarket trading, while Broadcom declined 0.6%.

Google's new policy will hurt a large swath of power-user apps. If you want to write a powerful Android app and don't want to modify your phone for root access, tapping into the accessibility API is the next best thing. The email also informs that such repeated violations may lead to a termination of the developer's account or even related Google accounts as well. For example, some password management apps use Accessibility Services API to make it easier for users to fill in text fields with their log-in credentials in another app. The impetus for this move appears to be existence of (now removed) apps in the Play Store which use Accessibility features in conjunction with a vulnerability patched as part of the September security update to install malware.

With the accessibility API, apps can access lots of powerful commands that let them function a bit like a system-level app, and the legitimate, non-accessibility uses are nearly endless. This in turn, can be used by a bad actor to enable malicious activity such as a phishing exploit, keylogger, or ransomware attack.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER