Google is trying to clamp down on apps that have been using their access to Accessibility Services API on an Android smartphone. Developers tend to use this access for purposes other than just making their app more friendly for disabled users. The company is reportedly sending out mails to developers asking them to comply with Google’s Permission policy and explain how their app is using the Accessibility Services within 30 days. Failure to comply can result in the removal of app or even termination of the developer’s account from the Play Store.
The Accessibility Services is a set of permissions which allows apps to access data in other apps. According to Google’s guidelines, apps with access to it would allow users to get a spoken feedback by simply tapping on an icon or allows users with motor impairments to control their smartphones using physical buttons. But a lot of apps use this access for other purposes. For instance, Last Pass uses access to auto fill passwords for other apps. Antivirus apps such as McAfee use this API to scan all apps and data on your smartphone. Another app Type Machine keeps records of all text inputs so users won’t lose data that may be deleted accidentally.
Users can check which apps have this access in Settings->Accessibility-> Services.
Access to Accessibility Services is different from the usual app permissions. It can pose a bigger risk for users as it allows apps full control over the smartphone and other apps. Malicious apps can misuse this access to implement keylogger over a banking app or carry out phishing attacks.
Google is often criticised for its inability to reign in apps which pose a security or privacy risk. It has been trying to address this with a series of new measures such as Play Protect and Project Treble and is now restricting apps form misusing access to Accessibility Services.
While this will plug a major privacy risk, it will also disrupt the working of a number of popular apps