Jump to content
D13H4RD2L1V3

Google will remove apps which use Android’s Accessibility services for anything other than helping impaired users

Recommended Posts

Posted · Original PosterOP

Well, if you’ve been an avid user of Tasker, Lastpass or other apps which utilize Android’s accessibility services for extra functionality, I’ve got bad news.

 

It’s been reported that Google has sent a message to Android app developers telling them to update their apps so that they don’t use Android’s accessibility features or risk having their app removed from the Play Store and possible infractions to their developer account.

 

Quote

For years, Android has allowed apps to modify the behavior of other applications, using Accessibility Services. While the intended purpose is for developers to create apps for users with disabilities, the API is often used for other functionality (to overlay content, fill in text fields, etc.). LastPass, Universal Copy, Clipboard Actions, Cerberus, Tasker, and Network Monitor Mini are just a few examples of applications heavily using this API.

While Accessibility Services can greatly extend the functionality of applications, they can potentially create a security risk. Once granted the right permissions, the API can be used to read data from other apps. Likely for this reason, Google has sent emails to app developers regarding the usage of Accessibility Services.

Source: http://www.androidpolice.com/2017/11/12/google-will-remove-play-store-apps-use-accessibility-services-anything-except-helping-disabled-users/

 

Quote

"Like the other policy that basically says that 'apps that crash violate developer policy and can be taken down' this new statement is too vague. If we take this literally then even an app that’s meant to be used by disabled people can be banned because it allows users that are not disabled to use it. There’s no way an app can enforce that. Is an app like AutoInput (an app that helps a lot of disabled folks) not allowed because a lot of non-disabled people can benefit from it too? There’s no way to tell."

Source: Same link as above, quote by Joao Dias, developer of AutoTools

 

While Google’s reason for this is security, there could be significant ramifications for developers who take advantage of Android’s Accessibility services to add extra functionality which makes their app more useful.

 

What do you think?


ASUS RoG STRIX GL502VM

Intel Core i7 7700HQ | GeForce GTX 1060 6GB | 16GB DDR4-2133 | 128GB SanDisk M.2 SATA SSD + 1TB 7200RPM Hitachi HDD | 15.6" 1080p IPS monitor @ 60Hz w/ G-SYNC | Windows 10 64-bit

 

Samsung Galaxy Note8 SM-N950F

Exynos 8895 (4x Mongoose @ 2.3GHz, 4x Cortex A53 @ 1.7GHz)ARM Mali G71 MP20 | 6GB LPDDR4 | 64GB Samsung NAND flash w/ UFS 2.1 dual-lane controller + 128GB SanDisk C10 UHS-I microSD | 6.3" 1440p "Infinity Display" AMOLED | Android Nougat 7.1.1 w/ Samsung Experience 8.5

Link to post
Share on other sites

So they intended apps to use accessibility services so they could help handicapped people, but app developers misused these features to add extra functionality to their apps easily but introduce security loopholes. But if they prohibit the use of such accessibility features, what will the developers of apps legitimately meant for handicapped people do ? Why not institute a review process which determines whether an app is actually using the accessibility features in the intended manner or not ?

Link to post
Share on other sites
Posted · Original PosterOP
2 minutes ago, Kumaresh said:

So they intended apps to use accessibility services so they could help handicapped people, but app developers misused these features to add extra functionality to their apps easily but introduce security loopholes. But if they prohibit the use of such accessibility features, what will the developers of apps legitimately meant for handicapped people do ? Why not institute a review process which determines whether an app is actually using the accessibility features in the intended manner or not ?

That’s the real issue.

 

The way Google has mentioned it is extremely vague. 

 

I find Lastpass’s autofill very useful in versions of Android before Oreo and Tasker is a nice thing to have. While they don’t appear to benefit handicapped users in an obvious manner, they’re still pretty useful.

 

I think Google needs to clarify. It’s just too vague.


ASUS RoG STRIX GL502VM

Intel Core i7 7700HQ | GeForce GTX 1060 6GB | 16GB DDR4-2133 | 128GB SanDisk M.2 SATA SSD + 1TB 7200RPM Hitachi HDD | 15.6" 1080p IPS monitor @ 60Hz w/ G-SYNC | Windows 10 64-bit

 

Samsung Galaxy Note8 SM-N950F

Exynos 8895 (4x Mongoose @ 2.3GHz, 4x Cortex A53 @ 1.7GHz)ARM Mali G71 MP20 | 6GB LPDDR4 | 64GB Samsung NAND flash w/ UFS 2.1 dual-lane controller + 128GB SanDisk C10 UHS-I microSD | 6.3" 1440p "Infinity Display" AMOLED | Android Nougat 7.1.1 w/ Samsung Experience 8.5

Link to post
Share on other sites

Sounds like Google is starting to take security more seriously. 


Laptop: 2016 MacBook Pro Core i5, Iris 540 iGPU, 256GB SSD, 8GB RAM | Phone: iPhone 6s Plus 64GB Wearables: Apple Watch Sport Series 2 CPU: i5 4690k | Mobo: Gigabyte Z97-N WI-FI | RAM: 8GB Ballistix Sport | GPU: MSI R9 380 4GB | Case: Cooler Master Elite 130 | OS: Win 10 | Storage: 480GB PNY SSD & 2TB WD Green HDD | PSU: Corsair CX600M | Display: Dell UZ2215H 21.5" 1920x1080p @60Hz, ViewSonic VX2450wm-LED 23.6" 1920x1080p @60Hz, Samsung SyncMaster 940BX 19" 1280x1024 @60Hz | Cooling: Corsair H55 AiO | Keyboard: Logitech G610 Orion Cherry MX Brown | Mouse: Logitech G303 | Audio: Audio Technica ATH-M50X & Blue Snowball

 

Link to post
Share on other sites
Posted · Original PosterOP
Just now, DrMacintosh said:

Sounds like Google is starting to take security more seriously. 

They should, really. 

 

Android is no longer that one OS that only power users understand. It’s now a mainstream consumer-focused OS. 

 

The problem is that Google’s explanation for why this is so is too vague. What if your app uses accessibility options for helping impaired users in a not-so-obvious way? What if it was intended for impaired users but non-impaired users end up using it?


ASUS RoG STRIX GL502VM

Intel Core i7 7700HQ | GeForce GTX 1060 6GB | 16GB DDR4-2133 | 128GB SanDisk M.2 SATA SSD + 1TB 7200RPM Hitachi HDD | 15.6" 1080p IPS monitor @ 60Hz w/ G-SYNC | Windows 10 64-bit

 

Samsung Galaxy Note8 SM-N950F

Exynos 8895 (4x Mongoose @ 2.3GHz, 4x Cortex A53 @ 1.7GHz)ARM Mali G71 MP20 | 6GB LPDDR4 | 64GB Samsung NAND flash w/ UFS 2.1 dual-lane controller + 128GB SanDisk C10 UHS-I microSD | 6.3" 1440p "Infinity Display" AMOLED | Android Nougat 7.1.1 w/ Samsung Experience 8.5

Link to post
Share on other sites

So instead of updating the API to include the functionality developers want, they stop allowing developers to use their market place? Android is looking like the worst Open Source project ever. :(


All aboard the Floatplane!

Link to post
Share on other sites
Just now, D13H4RD2L1V3 said:

What if your app uses accessibility options for helping impaired users in a not-so-obvious way? What if it was intended for impaired users but non-impaired users end up using it?

I believe what they are saying is that apps can't use accessibility features to perform functions that are not normally allowed. 

 

Much like Apple I don't think Google wants apps lying to the OS about what they are doing and how they are doing it. 


Laptop: 2016 MacBook Pro Core i5, Iris 540 iGPU, 256GB SSD, 8GB RAM | Phone: iPhone 6s Plus 64GB Wearables: Apple Watch Sport Series 2 CPU: i5 4690k | Mobo: Gigabyte Z97-N WI-FI | RAM: 8GB Ballistix Sport | GPU: MSI R9 380 4GB | Case: Cooler Master Elite 130 | OS: Win 10 | Storage: 480GB PNY SSD & 2TB WD Green HDD | PSU: Corsair CX600M | Display: Dell UZ2215H 21.5" 1920x1080p @60Hz, ViewSonic VX2450wm-LED 23.6" 1920x1080p @60Hz, Samsung SyncMaster 940BX 19" 1280x1024 @60Hz | Cooling: Corsair H55 AiO | Keyboard: Logitech G610 Orion Cherry MX Brown | Mouse: Logitech G303 | Audio: Audio Technica ATH-M50X & Blue Snowball

 

Link to post
Share on other sites
1 minute ago, KuJoe said:

So instead of updating the API to include the functionality developers want, they stop allowing developers to use their market place? Android is looking like the worst Open Source project ever. :(

The irony in that is iOS is an API city.........


Laptop: 2016 MacBook Pro Core i5, Iris 540 iGPU, 256GB SSD, 8GB RAM | Phone: iPhone 6s Plus 64GB Wearables: Apple Watch Sport Series 2 CPU: i5 4690k | Mobo: Gigabyte Z97-N WI-FI | RAM: 8GB Ballistix Sport | GPU: MSI R9 380 4GB | Case: Cooler Master Elite 130 | OS: Win 10 | Storage: 480GB PNY SSD & 2TB WD Green HDD | PSU: Corsair CX600M | Display: Dell UZ2215H 21.5" 1920x1080p @60Hz, ViewSonic VX2450wm-LED 23.6" 1920x1080p @60Hz, Samsung SyncMaster 940BX 19" 1280x1024 @60Hz | Cooling: Corsair H55 AiO | Keyboard: Logitech G610 Orion Cherry MX Brown | Mouse: Logitech G303 | Audio: Audio Technica ATH-M50X & Blue Snowball

 

Link to post
Share on other sites
Posted · Original PosterOP
2 minutes ago, KuJoe said:

So instead of updating the API to include the functionality developers want, they stop allowing developers to use their market place? Android is looking like the worst Open Source project ever. :(

This is my major gripe with Google.

 

They don’t seem to have any clear direction. They’re trying to do so many things at once but only a few of them actually work and they tend to kill off stuff that could’ve worked if they had put more effort in them.

 

I do agree that apps shouldn’t misuse accessibility APIs for reasons other than what it’s intended for. However, they should make a different API so that these apps can retain their functionality. Oreo has an Autofill API for instance.


ASUS RoG STRIX GL502VM

Intel Core i7 7700HQ | GeForce GTX 1060 6GB | 16GB DDR4-2133 | 128GB SanDisk M.2 SATA SSD + 1TB 7200RPM Hitachi HDD | 15.6" 1080p IPS monitor @ 60Hz w/ G-SYNC | Windows 10 64-bit

 

Samsung Galaxy Note8 SM-N950F

Exynos 8895 (4x Mongoose @ 2.3GHz, 4x Cortex A53 @ 1.7GHz)ARM Mali G71 MP20 | 6GB LPDDR4 | 64GB Samsung NAND flash w/ UFS 2.1 dual-lane controller + 128GB SanDisk C10 UHS-I microSD | 6.3" 1440p "Infinity Display" AMOLED | Android Nougat 7.1.1 w/ Samsung Experience 8.5

Link to post
Share on other sites
6 minutes ago, D13H4RD2L1V3 said:

However, they should make a different API so that these apps can retain their functionality.

Just develop for iOS. Apple makes APIs every other day it seems xD 


Laptop: 2016 MacBook Pro Core i5, Iris 540 iGPU, 256GB SSD, 8GB RAM | Phone: iPhone 6s Plus 64GB Wearables: Apple Watch Sport Series 2 CPU: i5 4690k | Mobo: Gigabyte Z97-N WI-FI | RAM: 8GB Ballistix Sport | GPU: MSI R9 380 4GB | Case: Cooler Master Elite 130 | OS: Win 10 | Storage: 480GB PNY SSD & 2TB WD Green HDD | PSU: Corsair CX600M | Display: Dell UZ2215H 21.5" 1920x1080p @60Hz, ViewSonic VX2450wm-LED 23.6" 1920x1080p @60Hz, Samsung SyncMaster 940BX 19" 1280x1024 @60Hz | Cooling: Corsair H55 AiO | Keyboard: Logitech G610 Orion Cherry MX Brown | Mouse: Logitech G303 | Audio: Audio Technica ATH-M50X & Blue Snowball

 

Link to post
Share on other sites
Posted · Original PosterOP
Just now, DrMacintosh said:

Just develop for iOS. Apple makes APIs every other day it seems xD 

The irony on how a closed-source OS seems more friendly for devs.


ASUS RoG STRIX GL502VM

Intel Core i7 7700HQ | GeForce GTX 1060 6GB | 16GB DDR4-2133 | 128GB SanDisk M.2 SATA SSD + 1TB 7200RPM Hitachi HDD | 15.6" 1080p IPS monitor @ 60Hz w/ G-SYNC | Windows 10 64-bit

 

Samsung Galaxy Note8 SM-N950F

Exynos 8895 (4x Mongoose @ 2.3GHz, 4x Cortex A53 @ 1.7GHz)ARM Mali G71 MP20 | 6GB LPDDR4 | 64GB Samsung NAND flash w/ UFS 2.1 dual-lane controller + 128GB SanDisk C10 UHS-I microSD | 6.3" 1440p "Infinity Display" AMOLED | Android Nougat 7.1.1 w/ Samsung Experience 8.5

Link to post
Share on other sites

Google. Forever vague, forever digging.


Cor Caeruleus Reborn v5

Spoiler

CPU: Intel - Core i5-4690K 4.4GHz Quad-Core Processor or

CPU: Intel - Core i7-4790K  4.6GHz Quad-Core Processor
CPU Cooler: be quiet! - PURE ROCK 51.7 CFM Sleeve Bearing CPU Cooler  
Thermal Compound: Arctic Silver - 5 High-Density Polysynthetic Silver 3.5g Thermal Paste 
Motherboard: MSI - Z97S SLI Plus ATX LGA1150 Motherboard  
Memory: Kingston - HyperX Fury Blue 16GB (2 x 8GB) DDR3-1600 Memory
Memory: Kingston - HyperX Fury Black 16GB (2 x 8GB) DDR3-1600 Memory 
Storage: Samsung - 850 EVO-Series 500GB 2.5" Solid State Drive 
Storage: Samsung - 960 EVO 500GB M.2-2280 Solid State Drive
Storage: Western Digital - Blue 2TB 3.5" 5400RPM Internal Hard Drive
Storage: Western Digital - BLACK SERIES 3TB 3.5" 7200RPM Internal Hard Drive
Video Card: EVGA - GeForce GTX 1080 8GB FTW Gaming ACX 3.0 Video Card with iCX cooler installed! 
Case: Fractal Design - Define R5 w/Window (Black) ATX Mid Tower Case
Power Supply: EVGA - SuperNOVA P2 750W 80+ Platinum Certified Fully-Modular ATX Power Supply
Optical Drive: LG - WH16NS40 Blu-Ray/DVD/CD Writer 
Operating System: Microsoft - Windows 8.1 Pro OEM 64-bit 
Keyboard: Logitech - G910 Orion Spectrum RGB Wired Gaming Keyboard
Mouse: Logitech - G502 Wired Optical Mouse
Headphones: Logitech - G430 7.1 Channel  Headset
Speakers: Logitech - Z506 155W 5.1ch Speakers

 

Link to post
Share on other sites
22 minutes ago, DrMacintosh said:

The irony in that is iOS is an API city.........

Well, the Unknown Sources option exists, so it's not as though developers are forced to use the accessibility APIs in a proper manner, and the Play Store is certainly not the only means of getting apps for Android.

 

The Play Store itself isn't all that open tbh, though Android "openess" remains unfazed if developers choose to disregard the Play Store.


The pursuit of knowledge for the sake of knowledge.

Forever in search of my reason to exist.

Link to post
Share on other sites
Posted · Original PosterOP
1 minute ago, Zodiark1593 said:

Well, the Unknown Sources option exists, so it's not as though developers are forced to use the accessibility APIs in a proper manner, and the Play Store is certainly not the only means of getting apps for Android.

 

The Play Store itself isn't all that open tbh, though Android "openess" remains unfazed if developers choose to disregard the Play Store.

That’s true, although encouraging users to go enable “Unknown Sources” is sorta counter-intuitive to Google’s security push 


ASUS RoG STRIX GL502VM

Intel Core i7 7700HQ | GeForce GTX 1060 6GB | 16GB DDR4-2133 | 128GB SanDisk M.2 SATA SSD + 1TB 7200RPM Hitachi HDD | 15.6" 1080p IPS monitor @ 60Hz w/ G-SYNC | Windows 10 64-bit

 

Samsung Galaxy Note8 SM-N950F

Exynos 8895 (4x Mongoose @ 2.3GHz, 4x Cortex A53 @ 1.7GHz)ARM Mali G71 MP20 | 6GB LPDDR4 | 64GB Samsung NAND flash w/ UFS 2.1 dual-lane controller + 128GB SanDisk C10 UHS-I microSD | 6.3" 1440p "Infinity Display" AMOLED | Android Nougat 7.1.1 w/ Samsung Experience 8.5

Link to post
Share on other sites
8 minutes ago, D13H4RD2L1V3 said:

That’s true, although encouraging users to go enable “Unknown Sources” is sorta counter-intuitive to Google’s security push 

By enabling that option, the onus is on the user to take responsibility for what is downloaded. Android is (relatively) open in that the choice exists whether to take on that responsibility, or leave it to Google.

 

That said, assuming that the app from said "unknown source" is confirmed safe, nothing is stopping the user from toggling off that Unknown Sources option, as it won't affect installed apps, regardless of source. (Toggle option on, install apk, toggle option back off, proceed with day).


The pursuit of knowledge for the sake of knowledge.

Forever in search of my reason to exist.

Link to post
Share on other sites
Posted · Original PosterOP
6 minutes ago, Zodiark1593 said:

By enabling that option, the onus is on the user to take responsibility for what is downloaded. Android is (relatively) open in that the choice exists whether to take on that responsibility, or leave it to Google.

 

That said, assuming that the app from said "unknown source" is confirmed safe, nothing is stopping the user from toggling off that Unknown Sources option, as it won't affect installed apps, regardless of source. (Toggle option on, install apk, toggle option back off, proceed with day).

That would indeed work, although this is the stuff experienced users tend to do. 

 

Encouring laymen to do it to get their favorite apps which happen to use Android’s accessibility services that are removed from Google Play isn’t exactly good in a security PoV.


ASUS RoG STRIX GL502VM

Intel Core i7 7700HQ | GeForce GTX 1060 6GB | 16GB DDR4-2133 | 128GB SanDisk M.2 SATA SSD + 1TB 7200RPM Hitachi HDD | 15.6" 1080p IPS monitor @ 60Hz w/ G-SYNC | Windows 10 64-bit

 

Samsung Galaxy Note8 SM-N950F

Exynos 8895 (4x Mongoose @ 2.3GHz, 4x Cortex A53 @ 1.7GHz)ARM Mali G71 MP20 | 6GB LPDDR4 | 64GB Samsung NAND flash w/ UFS 2.1 dual-lane controller + 128GB SanDisk C10 UHS-I microSD | 6.3" 1440p "Infinity Display" AMOLED | Android Nougat 7.1.1 w/ Samsung Experience 8.5

Link to post
Share on other sites

wait a sec so apps that crash can be removed?

 

I can use my super unstable non-modified moto g that crashes after using any app for more than 15 minutes to get social media apps removed? Just record it crashing over and over again?

Link to post
Share on other sites
Posted · Original PosterOP
2 minutes ago, KingKeith55 said:

wait a sec so apps that crash can be removed?

 

I can use my super unstable non-modified moto g that crashes after using any app for more than 15 minutes to get social media apps removed? Just record it crashing over and over again?

Maybe. Perhaps remove the Facebook app? :P


ASUS RoG STRIX GL502VM

Intel Core i7 7700HQ | GeForce GTX 1060 6GB | 16GB DDR4-2133 | 128GB SanDisk M.2 SATA SSD + 1TB 7200RPM Hitachi HDD | 15.6" 1080p IPS monitor @ 60Hz w/ G-SYNC | Windows 10 64-bit

 

Samsung Galaxy Note8 SM-N950F

Exynos 8895 (4x Mongoose @ 2.3GHz, 4x Cortex A53 @ 1.7GHz)ARM Mali G71 MP20 | 6GB LPDDR4 | 64GB Samsung NAND flash w/ UFS 2.1 dual-lane controller + 128GB SanDisk C10 UHS-I microSD | 6.3" 1440p "Infinity Display" AMOLED | Android Nougat 7.1.1 w/ Samsung Experience 8.5

Link to post
Share on other sites
35 minutes ago, D13H4RD2L1V3 said:

Maybe. Perhaps remove the Facebook app? :P

I'll have to give it a try before I get a new phone. While I don't think it would get removed, it would probably drive their dev team insane trying to figure out why their app is crashing.

Link to post
Share on other sites

Good thing I don't have or use PlayStore


One day I will be able to play Monster Hunter Frontier in French/Italian/English on my PC, it's just a matter of time... 4 years later: Still patiently waitng

Phones: iPhone 5S | LG V10 | Lumia 920

Laptops: Macbook Pro 15" (mid-2012) | Compaq Presario V6000

Link to post
Share on other sites

So in order to "improve security " Google will be making a bunch of people download suspicious APKs from untrustworthy sources while enabling a gigantic security risk in order to install the APKs.

Great...

 

Would it not be simpler to have a large popup warning about the risk when a user installs an app with accessibility features? Apps like Tasker and Llama are rather useful to deal with the random issues regarding androids battery life.


"If anyone sneaks up on us, I'll smell them coming. Or I might not. We will see." -Kharjo

Ingram: “You talk about the machine likes it’s a living thing.”
Finch: “Shhh. It can hear you…”

Spoiler

Computational Device --> i5 4690k @ 0.91v ¦ 8GB DDR3 ¦ R9 290 Reference ¦ Asus H81m-Plus ¦ SC300 256GB ¦ 1TB HDD ¦ Samsung S24C650 24" ¦ CX 750 ¦ Packard-Bell Win XP Keyboard

 

Link to post
Share on other sites
11 hours ago, Zodiark1593 said:

By enabling that option, the onus is on the user to take responsibility for what is downloaded. Android is (relatively) open in that the choice exists whether to take on that responsibility, or leave it to Google.

 

That said, assuming that the app from said "unknown source" is confirmed safe, nothing is stopping the user from toggling off that Unknown Sources option, as it won't affect installed apps, regardless of source. (Toggle option on, install apk, toggle option back off, proceed with day).

With Android O this isn't an issue anyways. You can enable Unknown Sources for a specific app. So just install the Amazon App Store and XDA Labs and enable Unknown Sources for those two apps.

 

There's no real guarantee that apps from the play store are safe either TBH.

 

11 hours ago, D13H4RD2L1V3 said:

They should, really. 

 

Android is no longer that one OS that only power users understand. It’s now a mainstream consumer-focused OS. 

 

The problem is that Google’s explanation for why this is so is too vague. What if your app uses accessibility options for helping impaired users in a not-so-obvious way? What if it was intended for impaired users but non-impaired users end up using it?

They said in their email that it will be up to devs to justify that their app helps user accessibility. Just like other app policies, there's always the option to appeal the removal of you feel it wasn't justified. Whether your appeal gets looked at or not is another issue though >.>

 

A lot of these apps have very clear benefits for accessibility users. Universal Copy for users with dyslexia, Tasker to help automate tasks for switch users, LastPass for persons with mobility restrictions so they don't have to type passwords every time.

 

8 hours ago, ScratchCat said:

Would it not be simpler to have a large popup warning about the risk when a user installs an app with accessibility features? Apps like Tasker and Llama are rather useful to deal with the random issues regarding androids battery life.

Stock Android already has this since like... forever... >.>

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.


×