Google’s Android 17 Advanced Protection Mode Blocks Misuse of Accessibility Services
What Happened — Android 17 adds an opt‑in Advanced Protection Mode (AAPM) that blocks any app without declared accessibility functions from accessing the AccessibilityService API. The change stops malware that previously leveraged this API to read screen content, capture keystrokes, and perform unauthorized actions.
Why It Matters for TPRM —
- Reduces a long‑standing attack surface used by mobile malware targeting credential theft and fraud.
- Forces third‑party app vendors to declare legitimate accessibility tools, improving supply‑chain transparency.
- Provides a measurable security control that can be required in mobile device management (MDM) policies.
Who Is Affected — Enterprises with Android device fleets, mobile‑app developers, and any third‑party vendors whose solutions run on Android (e.g., security, automation, password‑manager apps).
Recommended Actions —
- Instruct users to enable Advanced Protection Mode via device settings or MDM policy.
- Verify that all approved third‑party Android apps are compatible with AAPM and correctly flag accessibility tools.
- Update vendor risk questionnaires to include AAPM compliance checks.
Technical Notes — AAPM enforces a strict check on the isAccessibilityTool="true" flag; only screen readers, switch‑input, voice input, and Braille apps are exempt. The feature also tightens sideloading restrictions, USB data signaling, and mandates Google Play Protect scans. No new CVE is disclosed; this is a preventive platform hardening. Source: SecurityAffairs