Google offers Android Accessibility Services that are used by app developers to create apps for users with disabilities. The service has also been used for other purposes such as fill in text fields by some apps like Tasker and LastPass to perform some functions. However, these functions can create security risks, so, Google is now taking some strict actions against apps using Accessibility Services.
Google is sending emails to developers that are using the Accessibility Services API, asking them for an explanation how the API on their app is benefitting the users with disabilities. If the developers are unable to convince the search giant within 30 days of receiving the mail, their apps will be removed from the Play Store. Google is doing so as it does not want the API to be used for purposes other than helping disable users and there are security reasons as well.
AndroidPolice reported this citing one such email that was sent to BatterySaver. The email reads, “We’re contacting you because your app, BatterySaver System Shortcut, with package name com.floriandraschbacher.batterysaver.free is requesting the ‘android.permission.BIND_ACCESSIBILITY_SERVICE.’ Apps requesting accessibility services should only be used to help users with disabilities use Android devices and apps. Your app must comply with our Permissions policy and the Prominent Disclosure requirements of our User Data policy.”
The email adds that the developer needs to explain how the API is being used to help persons with disability. It also states that if they fail to do so within 30 days, the app will be removed from Google Play. It also says that developers can alternatively remove the accessibility services within the app, or can choose to unpublish the app. The email also informs that such repeated violations may lead to a termination of the developer’s account or even related Google accounts as well.
“All violations are tracked. Serious or repeated violations of any nature will result in the termination of your developer account, and investigation and possible termination of related Google accounts,” the email reads further.
Google is aiming to take down the malicious apps from Play Store with this move. It is noted that this API can affect other apps and can be used for potential data theft. For example, some password management apps use Accessibility Services API to make it easier for users to fill in text fields with their log-in credentials in another app. So, their credentials can be used for malicious purposes.