Internacional

Google cracks down on apps exploiting its Accessibility services

Google cracks down on apps exploiting its Accessibility services

Google has emailed a number of developers, telling them that they must take action to avoid having their apps removed from the Play Store. The impetus for this move appears to be existence of (now removed) apps in the Play Store which use Accessibility features in conjunction with a vulnerability patched as part of the September security update to install malware.

Unfortunately, like their decision to remove system overlays on Oreo, this makes all too much sense when you consider that they're doing this to get a tighter hold on the functionality that Android apps are allowed to have; preventing apps from stealing users data without their knowledge is a pretty important issue for them.

Google main concern about abuse of the API is that it poses a potential security threat.

Are you an Android device user who is exhausted of clearing the storage space on your smartphone in order to install app updates, new apps and receive OTA updates? DoubleLocker ransomware and BankBot malware are also among those which exploit accessibility services to compromise Android devices.

In an email (embedded below) sent out last week and shared on Reddit, Google told developers that it plans to remove all apps that utilize the Accessibility service from the official Play Store unless the Accessibility service is actually being used to power a feature for users with disabilities.

The policy enforcement could affect apps like LastPass, Tasker, Cereberus and Universal Copy that use accessibility code for key features not intended for handicapped users. Another option for devs who are using the API is to remove any requests for accessibility services within their app. "You can also choose to unpublish your app". This handy app lets you create shortcuts to open specified apps in multi-window on Nougat.

"All violations are tracked".

The company has given developers 30 days to comply with the new requirements. Besides this, Google seems to have included a feature in the Android 8.1 Oreo update that will address this pain point that exists now. Then after a specified time, the feature will mark apps that haven't been used in a while as inactive, and will downgrade their size by removing the cache files. Developers have 30 days to address their use of Accessibility Services so we will have to wait and see what happens.