Google is testing a new security feature as part of Android Advanced Protected Mode (AAPM) that prevents certain types of apps from using accessibility services APIs.
This change is included in Android 17 Beta 2 and was first reported by Android Authority last week.
AAPM was introduced by Google in Android 16 released last year. Once enabled, your device will enter an enhanced security state to protect against advanced cyber-attacks. Similar to Apple’s Lockdown Mode, the opt-in feature sacrifices functionality and ease of use in favor of security in order to minimize the attack surface.
Some of the core configurations include blocking app installations from unknown sources, restricting USB data signals, and requiring Google Play Protect scans.
“Developers can integrate this feature using the AdvancedProtectionManager API to detect mode status, which allows applications to automatically adopt an enhanced security posture or restrict high-risk features when the user opts in,” Google said in a document outlining features in Android 17.
The latest restrictions added to One-Tap security settings aim to prevent apps that are not classified as accessibility tools from taking advantage of the operating system’s accessibility services API. Validated accessibility tools identified by the isAccessibilityTool=”true” flag are excluded from this rule.
According to Google, only screen readers, switch-based input systems, voice-based input tools, and braille-based access programs are designated as accessibility tools. Antivirus software, automation tools, assistants, monitoring apps, cleaners, password managers, and launchers don’t fall into this category.
Although AccessibilityService has legitimate use cases, such as helping users with disabilities use Android devices and apps, this API has been widely exploited by malicious parties in recent years to steal sensitive data from compromised Android devices.
With the latest changes, when AAPM is active, permissions are automatically revoked for non-accessible apps that already have permissions. Users also won’t be able to grant your app permissions to access the API unless the setting is turned off.
Android 17 also comes with a new contact picker that allows app developers to specify only the fields they want to access from a user’s contact list, such as phone number or email address, or to allow users to select specific contacts in third-party apps.
“This gives apps read access to only selected data, ensuring granular control while providing a consistent user experience with built-in search, profile switching, and multi-select functionality, without the need to build or maintain a UI,” Google said.
Source link
