Google Sends Warning to Android App Developers Using Accessibility Services

Android app developers are reporting in posts on XDA Developers, Reddit, Android Police, and other forums that Google has sent out an email warning them that apps requesting accessibility services are to be used to assist users with disabilities with using Android devices and applications. The email alerts developers that they must explain to app users how their Android apps are using the “android.permission.BIND_ACCESSIBILITY_SERVICE” specifically relating to users with disabilities. Apps that fail to explain the use of accessibility services may be removed from Google Play. Developers have 30 days to meet accessibility services usage requirements. The email also suggests developers can remove requests for accessibility services from their Android apps or simply remove their apps from Google Play.

Generally speaking, accessibility services run in the background of an Android app and when “AccessibilityEvents” are fired the services receive callbacks from the system. Clicking on a button and changing the focus are examples of AccessibilityEvents. You can learn more about the Accessibility Services API at the Android Developers website.

Many developers have built Android apps that rely on the Accessibility Services API for purposes that may not necessarily be specific to helping users with disabilities. Many popular apps using accessibility services in innovative ways may be impacted by the warning from Google. Apps that could be impacted include Cerberus, Clipboard Actions, Greenify, LastPass, Smart Launcher, Type Machine, and Universal Copy.

Google may have issued this warning in an effort to reduce potential security risk. The Accessibility Services API can be used to read data from other apps if the user grants specific permissions. This in turn, can be used by a bad actor to enable malicious activity such as a phishing exploit, keylogger, or ransomware attack.

At the time of this writing, Google has not issued an official statement regarding the emails sent to developers about the use of accessibility services.

Be sure to read the next Application Development article: GitHub Launches Teletype for Atom to Make Social Coding Easier