Malware has been a problem on Android for a long time, and one of the most common avenues of attack is through a user's phone's accessibility services. Accessibility APIs are strong tools designed for developers to assist people with impairments by reading the screen, injecting inputs, and more. Unfortunately, this renders them vulnerable to exploitation, with spyware like FluBot duping users into allowing such APIs for dangerous programs that cannot be deleted. This is changing in Android 13, as Google will no longer offer such rights to programs sideloaded from outside an app store.
Google will block apps sideloaded from outside of an app store from using accessibility APIs, as Esper first reported. Accessibility APIs are vital for disabled users, but they also have a tremendous degree of influence over the device. That's why the user must manually enable the service per app, but some users may be duped into doing so if they don't know what they're doing. As a result of Google's move, users will no longer be able to enable it for applications downloaded using your browser or a text messaging app.
Google has long battled with how to manage programs that use accessibility features. Google threatened to ban applications from the Google Play Store that used accessibility APIs for purposes other than aiding impaired people in 2017. While the firm finally backtracked, Google's rules were revised in 2021. Developers who want to utilize accessibility services in an app that targets Android 12 or above for reasons other than assisting impaired users must now obtain clearance from Google Play after completing a permission declaration form.
However, in Android 13, things are changing once more. Any program sideloaded from a location other than an app store will be unable to use accessibility services. When you press the option to activate it, your phone will show a pop-up that says, "For your security, this setting is temporarily unavailable." While this may appear to be concerning for other app shops at first, Google verified to Esper that this change will not effect pre-loaded or side-loaded app stores and was only intended to prevent apps obtained from less credible sources.
