For years, Android has allowed apps to modify the behavior of other applications, using Accessibility Services. While the intended purpose is for developers to create apps for users with disabilities, the API is often used for other functionality (to overlay content, fill in text fields, etc.). LastPass, Universal Copy, Clipboard Actions, Cerberus, Signal Spy, Tasker, and Network Monitor Mini are just a few examples of applications heavily using this API. Although Accessibility Services can greatly extend the functionality of applications, they can potentially create a security risk.
Google has stated that Android app developers violating its Accessibility Services by so doing creating cyber security issues would have to be forced to take their software off Play Store to better help users with disabilities, Android has a set of Accessibility Services that developers can use to improve their applications.
“Google is most likely cracking down on Accessibility Services use due to security reasons. While applications like LastPass use the available APIs to identify password fields in other apps, this level of access can be used maliciously,” tech portal Android Police reported earlier this week.
Google has sent a broadcast email to developers, stating that “unless developers can describe how the app properly uses the Accessibility Services to help users who are disabled, it will need to remove all requests for accessibility services or it will be taken off of the Play Store”. Apps such as Last Pass, Universal Copy, Clipboard Actions, Cerberus, Tasker and Network Monitor Mini use the service.
The new directive could have major ramifications for several apps, especially those intended for customisation. Also added in the report by Google which explained that “All violations are tracked. Serious or repeated violations of any nature will result in the termination of your developer account, and investigation and possible termination of related Google accounts.”