Google tackles apps that ‘wrongly’ use accessibility services
Google has sent emails to developers who build apps using Android’s accessibility services. According to the company, that access is only for apps that help users with disabilities. Malware also uses this access.
In an email, the text of which is by Android Police, among others publishedGoogle calls on the developer of a battery saver app to explain to its users why he accessibility services Make use of. If he does not do this within a period of 30 days, his app will be removed. Another possibility is to stop using the accessibility service, with which, for example, the content of an active screen can be called up.
The wording does not make it clear whether it is sufficient to explain why that access is necessary or whether Google can nevertheless proceed with the removal, because it can conclude that there has been improper use of the access. According to the email, developers must indicate in the Play Store whether their app uses the service. According to Android Police, legitimate apps, including password manager LastPass, use and depend on this api.
In analyzes of security companies, the accessibility service regularly came up when it came to Android malware, for example with SpyDealer and clickjacking malware. The api also plays an important role in the so-called Cloak and Dagger-to attack. For example, malware uses the api to access sensitive information.