App developers have been warned by Google against using Accessibility Services in their apps. The original purpose of these Accessibility Services was to help disabled users make use of mobile applications in an easier manner. However, other apps that using these services and could potentially pose a security risk. Google has warned developers that it will remove these apps from the app store should they be used maliciously.
While the set of Accessibility Services created by Android have been created to assist users with disabilities, developers have used the services to improve applications for use by non-disabled users.
It is clear that the reason for Google’s recent crackdown on app developers regarding Accessibility Services is largely for security reasons. The Application Programming Interfaces (API’s) for these Accessibility Services are used in applications such as LastPass where they are used to identify the password field in other applications. It is this level of access that can allow malicious use.
Accessibility Services in an app have the ability to affect the behaviour of other apps on the device. Since password management apps have the ability for users to fill in text fields within a different app using the same login credentials. This same functionality allows apps to read information contained in other apps. This is what is creating the potential security risk as a result of Accessibility Services being used in apps that do not directly require them.
Developers have been sent emails from Google that state that they are required to describe how their applications help disable users to qualify the use of the Accessibility Services. If developers are unable to adequately describe and quantify their use of Accessibility Services, they will need to remove all requests to use these services from their applications. Should they not head this warning from Google, their apps will be removed entirely from the Google Play Store.
Applications that currently make use of Accessibility Services include LastPass, Clipboard Actions, Tasker, Network Monitor Mini, Universal Copy and Cerberus.
This new requirement can see major ramifications for many applications as well as their developers. Most specifically, it will affect apps that are intended to have customization functionality or are designed for power users.
Google have made it known that they are tracking all violations in regards to the use of Accessibility Services. Serious violations as well as repeated violations in any form will be monitored and the developer can risk having their account terminated. This will be followed by an investigation and can possibly also result in the termination of any other related Google accounts that the developer may have with the tech giant.
While this may seem like a great inconvenience not only to developers but to the users who genuinely find the apps useful, it is justified. This is due to the fact that Google are simply trying to protect their users. They are simply trying to get a tighter hold on app functionality to prevent the dissemination of users’ personal information without their explicit knowledge. When put this way it just makes justified sense.
If only they could find a less destructive way to resolve this issue. As it stands, they will be removing hundreds of applications that thousands of users find useful.