Android 17 Enhances Security by Limiting Accessibility API Access

Android 17 Enhances Security by Limiting Accessibility API Access

Posted on By CWS

Google has unveiled a significant security enhancement in Android 17 aimed at curbing the misuse of the accessibility services API by unauthorized apps. This update, part of the Android Advanced Protection Mode (AAPM), was highlighted by Android Authority following its inclusion in the Android 17 Beta 2 release.

Strengthening Security with AAPM

Android Advanced Protection Mode, introduced with Android 16, elevates device security against complex cyber threats. This feature, similar to Apple’s Lockdown Mode, is designed to prioritize security even if it results in reduced functionality and usability. Key configurations include prohibiting app installations from unknown sources, limiting USB data communication, and enforcing Google Play Protect scans.

Google’s documentation states that apps can detect AAPM status via the AdvancedProtectionManager API, allowing them to automatically adjust to a more secure setting or limit risky functions when the mode is enabled.

Restricting Accessibility API Usage

The latest update focuses on restricting access to the accessibility services API for apps not recognized as accessibility tools. Only applications identified by the isAccessibilityTool=”true” flag, such as screen readers and voice-based input systems, are permitted to use this API. Other applications, including antivirus programs and automation tools, are excluded from this category.

Google’s decision comes as a response to the API’s misuse, where malicious entities have exploited it to extract sensitive information from compromised Android devices. This change will revoke permissions from unauthorized apps when AAPM is active, and users cannot grant these permissions unless they disable the setting.

Additional Features in Android 17

Android 17 introduces a new contacts picker, allowing developers to specify which contact fields are accessible, such as phone numbers or email addresses. It also provides users with the ability to select specific contacts using third-party apps. This feature ensures that apps gain access only to selected data, enhancing privacy while maintaining a consistent user interface with built-in search and multi-selection capabilities.

Google continues to prioritize user security and privacy with Android 17 by implementing measures that limit potential exploitation avenues while offering new tools to manage data access effectively.

The Hacker News Tags:, , , , , , , , , ,

Related Posts

6,500 Axis Servers Expose Remoting Protocol, 4,000 in U.S. Vulnerable to Exploits 6,500 Axis Servers Expose Remoting Protocol, 4,000 in U.S. Vulnerable to Exploits The Hacker News
New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft The Hacker News
IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More The Hacker News
CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack The Hacker News
Warlock Ransomware Exploits Unpatched SmarterMail Server Warlock Ransomware Exploits Unpatched SmarterMail Server The Hacker News
[Webinar] Learn How Leading Security Teams Reduce Attack Surface Exposure with DASR [Webinar] Learn How Leading Security Teams Reduce Attack Surface Exposure with DASR The Hacker News