Google has recently emailed Android app developers regarding its move to take down apps that take advantage of the platform’s Accessibility features in order to stealthily serve malware to users.
The Accessibility feature for Android is designed to help users with disabilities navigate around the system. For example, an app can include voice assistants to aid those with issues in vision. Light signals can also help those who have difficulty in hearing.
While it is indeed aimed for the betterment of the user’s experience, cybercriminals have used the feature for their own gain. Malicious apps that are injected with banking trojans and ransomware typically use this to force themselves to be installed as a device administrator. Not only this grants access to various operations, it makes the app more difficult to uninstall.
Google is now telling developers that unless their app is actually using Accessibility services to aid those with disabilities, their app will officially be removed from the Play Store. If they want to continue hosting their app there, they will now be required to show a visible explainer to users as to how and why they are using the feature. They also have to add “This app uses Accessibility services” to the app’s description, according to BleepingComputer.
The company has given developers 30 days to comply with the new requirements. Those who won’t be able to do so are being asked to take down their app.
While this will likely aid in reducing the amount of malicious apps in the Play Store, the move does not affect third-party Android app stores, therefore still leaving others vulnerable towards attacks; still, the initiative is a welcome move towards removing innocuous-looking programs that are out to steal information from unsuspecting users.
Source: BleepingComputer