Google's Android 17 introduces a major security restriction in Advanced Protection Mode that prevents non-accessibility apps from using the Accessibility API, aiming to curb malware exploitation while maintaining essential assistive tools.
Google is testing a new security feature as part of Android Advanced Protection Mode (AAPM) that prevents certain kinds of apps from using the accessibility services API. The change, incorporated in Android 17 Beta 2, was first reported by Android Authority last week.
AAPM was introduced by Google in Android 16, released last year. When enabled, it causes the device to enter a heightened security state to guard against sophisticated cyber attacks. Like Apple's Lockdown Mode, the opt-in feature prioritizes security at the cost of diminished functionality and usability so as to minimize the attack surface.
Some of the core configurations include blocking app installation from unknown sources, restricting USB data signaling, and mandating Google Play Protect scanning. "Developers can integrate with this feature using the AdvancedProtectionManager API to detect the mode's status, enabling applications to automatically adopt a hardened security posture or restrict high-risk functionality when a user has opted in," Google noted in its documentation outlining Android 17's features.
The latest restriction added to the one-tap security setting aims to prevent apps that are not classified as accessibility tools from being able to leverage the operating system's accessibility services API. Verified accessibility tools, identified by the isAccessibilityTool="true" flag, are exempted from this rule.
According to Google, only screen readers, switch-based input systems, voice-based input tools, and Braille-based access programs are designated as accessibility tools. Antivirus software, automation tools, assistants, monitoring apps, cleaners, password managers, and launchers do not fall under this category.
While AccessibilityService has its legitimate use cases, such as assisting users with disabilities in using Android devices and apps, the API has been extensively abused by bad actors in recent years to steal sensitive data from compromised Android devices.
With the latest change, any non-accessibility app that already has the permission will have its privileges automatically revoked when AAPM is active. Users will also not be able to grant apps permissions to the API unless the setting is turned off.
Android 17 also comes with a new contacts picker that allows app developers to specify only the fields they want to access from a user's contact list (e.g., phone numbers or email addresses) or allow users to select certain contacts with a third-party app. "This grants your app read access to only the selected data, ensuring granular control while providing a consistent user experience with built-in search, profile switching, and multi-selection capabilities without having to build or maintain the UI," Google said.
The Accessibility API has become a favorite target for malware developers because it provides privileged access to device functions without requiring root permissions. Malicious apps have used this API to read notifications, capture keystrokes, take screenshots, and even click buttons automatically - all while appearing as legitimate applications to users.
By restricting non-accessibility apps from using this API when Advanced Protection Mode is enabled, Google is essentially creating a firewall between potentially malicious software and one of Android's most powerful system interfaces. This approach follows a growing trend in mobile security where platforms are increasingly limiting app permissions and capabilities to reduce the attack surface.
For users who rely on accessibility features, this change should have minimal impact since verified accessibility tools remain fully functional. However, users of automation apps, password managers, and other utilities that previously relied on the Accessibility API will need to disable Advanced Protection Mode to continue using those features.
The introduction of this restriction highlights the ongoing cat-and-mouse game between platform security teams and malware developers. As Google and other companies implement more sophisticated security measures, attackers continuously adapt their techniques to find new vulnerabilities and bypass protections.
This move by Google represents a significant step toward making Android devices more resistant to sophisticated malware attacks while still preserving essential accessibility features for users who need them. As mobile devices continue to store increasingly sensitive personal and financial information, such security enhancements become crucial for protecting user privacy and data integrity.
For developers, the change means reassessing how their apps interact with system APIs and potentially finding alternative methods for functionality that previously relied on accessibility services. The new contacts picker feature also demonstrates Google's broader effort to provide more granular and secure ways for apps to access user data without requiring broad permissions.
As Android 17 continues through its beta testing phase, it will be interesting to see how this restriction performs in real-world usage and whether it effectively reduces the prevalence of malware that exploits the Accessibility API. The success of this feature could influence similar security measures on other mobile platforms in the future.
Comments
Please log in or register to join the discussion