Google is currently piloting an innovative security enhancement within its Android Advanced Protection Mode (AAPM), aimed at fortifying user safety by restricting certain applications from utilizing the accessibility services API. This update, part of the Android 17 Beta 2, was initially highlighted by Android Authority last week.
Enhanced Security Measures
Originally introduced in Android 16, AAPM elevates the security framework of devices, positioning them to better defend against intricate cyber threats. Similar to Apple’s Lockdown Mode, this feature is opt-in, prioritizing security over some functionalities and usability to effectively reduce potential vulnerabilities.
The core configurations of AAPM encompass:
- Blocking app installations from unknown sources
- Restricting USB data signaling
- Mandating Google Play Protect scanning
Developers are encouraged to integrate with this feature through the AdvancedProtectionManager API, which allows applications to detect the security mode’s status. This capability enables apps to automatically adopt a more secure stance or limit high-risk functionalities when users opt into AAPM, as outlined in Google’s documentation regarding Android 17’s features.
Restricting Accessibility Services
The latest addition to the one-tap security setting is designed to prevent non-accessibility apps from accessing the operating system’s accessibility services API. Only verified accessibility tools, marked by the isAccessibilityTool=”true” flag, will be exempt from this restriction.
According to Google, the designated accessibility tools include:
- Screen readers
- Switch-based input systems
- Voice-based input tools
- Braille-based access programs
However, applications such as antivirus software, automation tools, assistants, monitoring apps, cleaners, password managers, and launchers do not qualify as accessibility tools.
While the AccessibilityService API serves vital functions, particularly for users with disabilities, it has also been misused by malicious entities seeking to extract sensitive data from compromised devices. With the introduction of this new restriction, any non-accessibility app that previously had permission will see its access revoked when AAPM is activated. Additionally, users will be unable to grant permissions to the API for these apps unless AAPM is disabled.
New Contacts Picker Feature
Android 17 also introduces a revamped contacts picker, allowing app developers to specify which fields they wish to access from a user’s contact list—be it phone numbers or email addresses. This feature enables users to select specific contacts for third-party applications.
Google emphasizes that this approach provides apps with read access to only the selected data, ensuring a more granular control while maintaining a seamless user experience. The built-in search, profile switching, and multi-selection capabilities eliminate the need for developers to construct or maintain their own user interface.
