Notices



In Android 13, Google is cracking down on malware that uses Accessibility A

AVN News Feed

Post New ThreadReply
 
Thread Tools
  #1  
Old 05-06-2022, 09:17 AM
phillynewsnow's Avatar
phillynewsnow phillynewsnow is offline   Thread Starter  
Site Moderator - Staff

 
Join Date: October 11th, 2009
Posts: 4,640
Thanks: 0
Thanked 668 Times in 568 Posts
Downloads: 0
Uploads: 0


View phillynewsnow's Profile   Edit Options Edit Profile Picture View phillynewsnow's Photo Album Add phillynewsnow's to Your Contacts Show Groups Edit Avatar Subscribed Threads Private Messages
In Android 13, Google is cracking down on malware that uses Accessibility A

In Android 13, Google is cracking down on malware that uses Accessibility APIs



Malware has been an issue on Android for a long time, and one of the most prominent vectors of attack is through the accessibility services on a user’s phone. Accessibility APIs are powerful tools intended for developers to help aid users with disabilities, as they can read the screen, inject inputs, and more. Unfortunately, that also makes them ripe for abuse, with malware such as FluBot tricking users into enabling those APIs for malicious apps that in turn, cannot be uninstalled. This is changing in Android 13, as Google will prevent apps sideloaded from outside an app store from being granted those permissions.

As initially reported by Esper, Google will prevent apps sideloaded from outside of an app store from accessing accessibility APIs. Accessibility APIs are necessary for users with disabilities, but they also have an incredible amount of control over the device. That’s why it’s required by the user to manually enable the service per app, but some users can be tricked into enabling it if they don’t know what they’re doing. As a result, this change from Google will prevent users entirely from enabling it for apps downloaded through your browser or a text messaging app.

Google has struggled for a long time with how to handle apps that make use of accessibility services. In 2017, Google threatened to remove apps from the Google Play Store that made use of accessibility APIs for anything that wasn’t for assisting disabled users. While the company eventually backed off, Google updated its policies in 2021. Now, developers who want to make use of accessibility services in an app for reasons other than helping disabled users that targets Android 12 or higher must get approval from Google Play after completing a permission declaration form.

Now, though, things are changing again in Android 13. Any app sideloaded from outside of an app store will not be able to have its accessibility services enabled. When tapping the option to enable it, your phone will display a pop-up stating “For your security, this setting is currently unavailable”. While at first, this may seem alarming for other app stores, Google confirmed to Esper that this change would not affect pre-loaded or side-loaded app stores, and it was just to restrict apps downloaded from less legitimate sources.

In short, you’ll have no problem with enabling the accessibility service for a sideloaded app that was installed via the session-based package installation API. This installation method is typically used by third-party app stores. As for apps that use the non-session package installation API, those will be restricted. It’s an easier method for developers to implement as the installation can just be handed off to the system package installer, and this is how texting apps, mail clients, and browsers handle APK installation. If you want to learn more about the technical details of this implementation, then be sure to check out Esper‘s complete write-up.

Source: Esper


The post In Android 13, Google is cracking down on malware that uses Accessibility APIs appeared first on XDA.



More...
Reply With Quote
Post New ThreadReply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Google?s latest Android update adds some new fun and accessibility features phillynewsnow AVN News Feed 0 09-08-2022 04:48 PM
This Android malware has been installed on over 3 million devices phillynewsnow AVN News Feed 0 07-15-2022 02:43 PM
A Windows 11 tool to enable the Google Play Store was actually malware phillynewsnow AVN News Feed 0 04-18-2022 09:17 AM
This sneaky Android malware tricks users into thinking their phones are tur phillynewsnow AVN News Feed 0 04-12-2022 07:56 AM
[RELEASE] Install Google Android on PC with Google Android LiveCD/LiveUSB CYBER WEESJE (Home) Pc Applications 0 07-17-2009 05:18 AM


All times are GMT -5. The time now is 02:10 AM.

Layout Options | Width: Fixed
Contact Us - SPJ Bulletin - Archive - Privacy Statement - Terms of Service - Top