Google is currently testing a new security control in Android 17 that prevents certain applications from accessing the system’s Accessibility Services API. The feature is being introduced as part of Android Advanced Protection Mode (AAPM), a security setting designed to protect users from advanced cyber threats.
The change appeared in Android 17 Beta 2, according to reports highlighted by Android Authority.
Advanced Protection Mode Adds Stronger Device Security
Google originally introduced Android Advanced Protection Mode with Android 16. When enabled, the device switches into a stricter security configuration aimed at defending against sophisticated cyberattacks.
This security model works similarly to Apple’s Lockdown Mode. Users must manually enable it, and while it increases protection, it may also limit some functionality in order to reduce the overall attack surface.
Key protections included in this mode are:
- Blocking installation of applications from unknown sources
- Restricting USB data communication
- Enforcing Google Play Protect scanning for applications
Google has also provided developers with an AdvancedProtectionManager API, which allows apps to detect whether this protection mode is enabled. Applications can then adjust their behavior automatically, such as disabling risky features or adopting stronger security settings.
Accessibility API Abuse Prompts New Restrictions
The newest change in Android 17 focuses on restricting access to the Accessibility Services API. When Advanced Protection Mode is active, apps that are not officially recognized as accessibility tools will no longer be able to use this API.
Only applications marked with the configuration flag isAccessibilityTool=”true” will retain access.
According to Google, legitimate accessibility tools include:
- Screen readers
- Switch based input systems
- Voice controlled input tools
- Braille accessibility programs
However, many other categories of apps are not considered accessibility tools. These include antivirus applications, automation tools, digital assistants, monitoring apps, device cleaners, password managers, and custom launchers.
Accessibility Features Frequently Exploited by Malware
Accessibility services are designed to help people with disabilities interact with smartphones and applications more easily. However, cybercriminals have increasingly abused these permissions.
Malicious Android apps have used accessibility privileges to:
- Capture sensitive information
- Monitor user actions
- Steal login credentials
- Perform unauthorized transactions
Because of these risks, Google’s new restrictions automatically revoke accessibility permissions from non accessibility apps whenever Advanced Protection Mode is enabled.
Users will also be prevented from granting new accessibility permissions to those apps unless they disable the protection mode.
Android 17 Introduces Privacy Focused Contacts Access
Android 17 also includes a redesigned contacts picker system aimed at improving user privacy.
With this new feature, developers can request access to only specific contact details, such as:
- Phone numbers
- Email addresses
Instead of granting full contact list access, users can choose individual contacts to share with a third party application.
Google says this method provides granular privacy control while maintaining a consistent user interface. The system also supports built in search, profile switching, and multi contact selection without requiring developers to design their own interface.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
