Google's new security policy on accessibility features will limit or remove 'hundreds of good, useful apps'

Android Oreo has new APIs which help remove developers reliance on accessibility permissions. (Source: knd61/Pixabay)

The next stage of Google's push to improve Android security is putting a spotlight on applications which misuse accessibility features to add functionality that wasn't expressely designed to improve use for people with disabilities. Some popular apps affected include LastPass, Cerberus, and Tasker.

Craig Ward, Published 11/14/2017

In more recent times, Google has been working to improve Android’s security, sometimes at the expense of features. Their latest target is apps misusing Android’s accessibility features, which are designed to help people with impairments to use Android devices.

If a user grants an app accessibility permission, they are allowing it to have a relatively invasive level of access to data on the phone and from within apps, which would generally be used to provide things such as text-to-speech. Several ‘non-accessibility focused’ apps also use these permissions to provide additional functionality, such as username and password autofill in password manager apps like LastPass, advanced action features in Tasker, or remote location and wipe functionality in Cerberus. Unfortunately, nefarious apps can also ask for these permissions which allows them to intercept and steal user data.

Google has emailed the developers of apps which use the accessibility features notifying them that they have 30 days (from Friday 10 November) to either convince Google that the app needs the feature for accessibility reasons, remove/replace the functionality, or take down the app from the Play Store.

For password vaults, they will likely switch to Android 8 Oreo’s new autofill feature. Developers are complaining that this autofill feature is currently buggy and not ready for widescale use. The other problem it presents is that they won’t be able to provide that same functionality to the 99.7 percent of users currently on an older version of Android. Developers of other apps will similarly try and find replacement APIs which will likely restrict functionality on versions of Android made before the APIs creation. Unfortunately, some apps use these features without any current API workaround, with the examples of Bixby Button remapping and status bar overlays according to developer ‘Fennifith’ on Reddit.

Those interested in the views of developers can find some in this Reddit thread from the original poster and several commenters.

Source(s)

Techspot

Android 2.3.7 Gingerbread was released in September 2011 (Source: Techzim)

Google will drop devices still on Android 2.3.7 and earlier in September 08/02/2021

It's not the first time Google Play has suffered from malware issues. (Source: Tech Viral)

Google Play security exposed by malware hidden in fake driving games 11/21/2018

Google might soon offer a credential provider for logging into Windows 10. (Source: Bleeping Computer)

Windows 10 will soon allow logins via a Google Account 09/01/2018

Google's Project Zero was set up to research improved data security. (Source: SteemKR)

The head of Google's Project Zero sees no future for blockchain in security 08/11/2018

The official Android app market saw a 34.2% climb in revenue in 2017. (Source: Androidguys)

Smartphone app market saw 35% growth in 2017 01/08/2018

Applications that misuse the accessibility service to add beneficial features for their users get a short pause from Google. (Source: JuralMin/Pixabay)

Google decides to re-evaluate whether they remove apps that misuse accessibility services, such as LastPass and Tasker 12/09/2017

Marshmallow still most popular version of Android with 31% market distribution 11/14/2017

Google Nexus 6P flagship and others receive August 2017 Android security patches

Google's August Android security patch now available for Nexus and Pixel devices 08/08/2017

Virus infections are relatively rare on Android, but the risk increases when the user allows side loading of apk files. (Source: gfkDSGN/Pixabay)

Android antivirus software relatively easy to beat 07/24/2017

Most Android phones in the US are running old security software. (Source: Skycure)

Most Android devices are running old security patches and could be vulnerable 03/24/2017

Google has admitted that less than half of the active Android devices in 2016 received security updates. (Source: Phone Arena)

Google promises better security for Android in 2017 03/23/2017

Read all 2 comments / answer

Loading Comments

Comment on this article

Nvidia Quadro P500 debuting in upco...

Qualcomm announces commercial shipm...

Craig Ward - Tech Writer - 397 articles published on Notebookcheck since 2017

I grew up in a family surrounded by technology, starting with my father loading up games for me on a Commodore 64, and later on a 486. In the late 90's and early 00's I started learning how to tinker with Windows, while also playing around with Linux distributions, both of which gave me an interest for learning how to make software do what you want it to do, and modifying settings that aren't normally user accessible. After this I started building my own computers, and tearing laptops apart, which gave me an insight into hardware and how it works in a complete system. Now keeping up with the latest in hardware and software news is a passion of mine.

Please share our article, every link counts!

> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2017 11 > Google's new security policy on accessibility features will limit or remove 'hundreds of good, useful apps'

Craig Ward, 2017-11-14 (Update: 2017-11-14)

Google's new security policy on accessibility features will limit or remove 'hundreds of good, useful apps'

Source(s)

Related Articles