Preventing accessibility permission abuse in the Android ecosystem

Posted by Bethel Otuteye - Senior Director, Product Management, Android App Safety

Security is a foundational pillar of Android, we continually work on ways to make the platform safer for everyone. This release builds on our ongoing efforts, which include a range of APIs and features designed to help developers protect user data and fight against malware. From Credential Manager for a streamlined and more secure sign-in experience to resources on Preventing Fraudulent Activity, we're consistently working to identify and close potential vulnerabilities. We know that a strong security posture requires collaboration across the entire ecosystem. It's a joint effort between us and the developer community to create a more secure experience for everyone.

Protecting your apps from snooping with a single line of code

To further enhance user security, Android is continually evolving its defenses against malicious apps that attempt to abuse the Accessibility API's powerful features. The abuse includes reading sensitive information, such as passwords and financial details, directly from the screen and even manipulating a user's device by injecting touches. To combat this, we have a feature in Android 16 that gives you a powerful tool to prevent this type of abuse with a single line of code.

The accessibilityDataSensitive flag allows you to explicitly mark a view or composable as containing sensitive data. When this flag is set to true,  apps with the accessibility permission that have not explicitly set the isAccessibilityTool to ‘true’ (isAccessibilityTool=true) are blocked from accessing the view's data or performing interactions on it. This simple but effective change helps to prevent malware from stealing information and performing unauthorized actions, without impacting the functionality of legitimate accessibility tools. Note: If an app is not an accessibility tool but requests accessibility permissions and sets isAccessibilityTool=true, it will be rejected on Play and will be blocked by Play Protect on user devices.

As an added benefit for developers, we've integrated this new functionality with the existing setFilterTouchesWhenObscured method. If you're already using setFilterTouchesWhenObscured(true) to protect against touchjacking, your views will automatically be treated as sensitive data for accessibility. This ensures that a large portion of the developer community will immediately benefit from this security enhancement.

Getting started

We encourage you to use the setFilterTouchesWhenObscured (recommended) or the accessibilityDataSensitive flag on any screen that contains sensitive information, including login pages, payment flows, and any view displaying personal or financial data.

For Jetpack Compose

**

val composeView = LocalView.current DisposableEffect(Unit) { composeView.filterTouchesWhenObscured = true onDispose { composeView.filterTouchesWhenObscured = false } } | Use the semantics modifier to apply the sensitiveData property to a composable.BasicText { text = “Your password”,            modifier = Modifier.semantics {                sensitiveData = true }}

**

For View-based apps

In your XML layout, add the relevant attribute to the sensitive view.

Alternatively, you can set the property programmatically in Java or Kotlin:

myView.filterTouchesWhenObscured = true; | myView.isAccessibilityDataSensitive = true;

myView.setFilterTouchesWhenObscured(true) | myView.setAccessibilityDataSensitive(true);

You can read more about the accessibilityDataSensitive and setFilterTouchesWhenObscured flags in the Tapjacking guide.

Partnering with developers to keep users safe

We've been working with developers from the start to ensure this feature meets their needs, and we're already hearing great feedback.

"We've always prioritized protecting our customers' sensitive financial data, which required us to build our own protection layer against accessibility-based malware. Revolut strongly supports the introduction of this new, official Android API, as it allows us to gradually move away from our custom code in favor of a robust, single-line platform defense."

• Vladimir Kozhevnikov, Android Engineer at Revolut

We believe these new tools represent a significant step forward in our mission to make Android a safer platform for everyone. By leveraging setFilterTouchesWhenObscured or adopting accessibilityDataSensitive, you can play a crucial role in protecting your users from malicious accessibility-based attacks. We encourage all developers to integrate these features into their apps to strengthen the security of the Android ecosystem as a whole.

Together, we can build a more secure and trustworthy experience for all Android users.