Application security

Android Advanced Protection Mode restricts accessibility API abuse

Powered by Android operating system OS software logo icon on a smartphone tablet mobile phone device display screen macro, extreme closeup detail, nobody Android apps

Google is enhancing Android's Advanced Protection Mode (AAPM) with a new security feature in Android 17 Beta 2 that restricts non-accessibility apps from utilizing the accessibility services API. This change aims to curb the misuse of a powerful tool that has been exploited by malicious actors, The Hacker News reports.

The new restriction, detailed in Android 17 Beta 2, specifically targets applications that are not designated as accessibility tools. While verified accessibility apps, marked with the isAccessibilityTool="true" flag, are exempt, other applications will have their access to the accessibility services API revoked when AAPM is active.

This API, often abused by malware for data theft, is intended for legitimate uses like screen readers and voice-based input systems. Apps that previously had permission will automatically lose it, and users will be unable to grant it while AAPM is enabled. Android 17 also introduces a new contacts picker for more granular data access.

Source: The Hacker News

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds