Google cracking down on Accessibility API usage

[Guest]

Quote

Google's new policy will hurt a large swath of power-user apps. Android accessibility APIs are meant for alternative input devices and alternative output methods, but they are also a powerful set of controls that have been co-opted by the Android tweaking community to give users more control over their devices. If you want to write a powerful Android app and don't want to modify your phone for root access, tapping into the accessibility API is the next best thing.

 

With the accessibility API, apps can access lots of powerful commands that let them function a bit like a system-level app, and the legitimate, non-accessibility uses are almost endless. Through the API, an app can see all the other apps the user is running and take an action when a specific app launches. This is great for automation apps like Tasker, which allow users to write complicated "If, Then" statements that constantly run on the phone.

 

Quote

Google's new policy of only allowing the accessibility API for accessibility purposes definitely seems to be new, as many of these apps are years old and have existed in the Play Store without issue. Google's own developer documentation still claims it is fine to use the Accessibility APIs for non-accessibility purposes. For instance the "Building Accessibility Services" page suggests developers make apps for users "who may temporarily be unable to fully interact with a device." The page even lists some non-accessibility examples for the accessibility API, like assisting "Users who are driving, taking care of a young child or attending a very loud party might need additional or alternative interface feedback."

Quote

It's understandable that Google would want to put a lid on the accessibility APIs in Android, but they already require a good amount of work from the user in order to enable. Android's accessibility API requires special permissions that can't be granted during runtime or requested programmatically by the app. Users must manually go into the accessibility options and enable accessibility features for the app, which requires tapping through a few warning pop ups.

Enabling this for a malicious app can, of course, wreak a lot of havoc, which is probably Google's inspiration for cracking down on the accessibility API. Google's sudden policy change seems like it will also reduce the functionality of myriad useful apps and could outright kill others. Some developers are attempting to come up with workarounds, but, for the most part, nothing on Android compares with the accessibility APIs.

I have a few apps that I use often that employ the accessibility APIs, so this will be quite the inconvenience if they follow through or developers don't update their apps to use other methods (I would rather not have to use an APK mirror just to get updates). I haven't heard about many malicious apps exploiting this, but even if it is, seems a little silly to me to crack down on this API usage instead of looking out for malicious apps that use a cloak and dagger approach (Or screen overlay deception). Maybe this is their way of going further on the path of becoming a walled garden (Seems like they have been trying for a while). What are your thoughts on this and will any/many of the apps that you use be impacted?

 

Source (Ars Technica) (XDA)

[Thermosman]

Title is vague

[Guest]

13 minutes ago, Thermosman said:

Title is vague

Woops, I don't know what happened

Edit: fixed

[Daan101]

Repost: 

 

[Guest]

3 minutes ago, Daan101 said:

Repost: 

 

Well fudge, I didn't even notice it.

[sof006]

1 hour ago, tjcater said:

Well fudge, I didn't even notice it.

Same here if I am honest.

[W-L]

To keep discussion consolidated:

 

-Locked-