Google Tests Android 17 Feature Blocking Non‑Accessibility Apps from Accessibility API to Thwart Malware
What Happened — Google’s Android Advanced Protection Mode (AAPM) is being expanded in the Android 17 Beta 2 release to block apps that are not explicitly declared as accessibility services from accessing the Accessibility API. The change aims to stop malicious apps that abuse accessibility permissions to capture user input or perform unauthorized actions.
Why It Matters for TPRM —
- Reduces a common attack vector used in credential‑stealing and screen‑scraping malware targeting enterprise‑managed devices.
- Signals a shift toward stricter OS‑level controls that third‑party app vendors must accommodate, affecting compliance and risk assessments.
- Early adoption may impact device‑management policies and require updates to mobile‑device‑management (MDM) configurations.
Who Is Affected — Mobile device manufacturers, enterprise MDM providers, app developers (especially those that rely on accessibility services for legitimate functions), and organizations that enforce Android Advanced Protection Mode for employees.
Recommended Actions —
- Review your organization’s Android device policies and confirm whether AAPM is enabled on all managed devices.
- Inventory any internal or third‑party apps that use the Accessibility API; verify they are properly declared as accessibility services.
- Update MDM profiles to accommodate the new restriction and test critical apps for compatibility before Android 17 rollout.
Technical Notes — The feature is enforced at the OS level; apps lacking the android.accessibilityservice declaration will receive a permission denial when attempting to bind to the Accessibility Service. No CVE is associated, as this is a preventative hardening rather than a vulnerability fix. Data types at risk include keystrokes, screen content, and authentication tokens that malware previously harvested via the API. Source: The Hacker News