Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse
Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse
https://thehackernews.com/2026/03/android-17-blocks-non-accessibility.html
Publish Date: 2026-03-16 01:43:00
Source Domain: thehackernews.com
Google is testing a new security feature as part of Android Advanced Protection Mode (AAPM) that prevents certain kinds of apps from using the accessibility services API.
The change, incorporated in Android 17 Beta 2, was first reported by Android Authority last week.
AAPM was introduced by Google in Android 16, released last year. When enabled, it causes the device to enter a heightened security state to guard against sophisticated cyber attacks. Like Apple’s Lockdown Mode, the opt-in feature prioritizes security at the cost of diminished functionality and usability so as to minimize the attack surface.
Some of the core configurations include blocking app installation from unknown sources, restricting USB data signaling, and mandating Google Play Protect scanning.
“Developers can integrate with this feature using the AdvancedProtectionManager API to detect the mode’s status, enabling applications to automatically adopt a hardened security posture or restrict high-risk functionality when a user has opted in,” Google noted in its documentation outlining Android 17’s features.
The latest restriction added to the one-tap security setting aims to prevent apps that are not classified as accessibility tools from being able to leverage the operating system’s accessibility services API. Verified accessibility tools, identified by the isAccessibilityTool=”true” flag, are exempted from this rule.
According to Google, only screen readers, switch-based input systems, voice-based input tools, and Braille-based access programs are designated as accessibility tools. Antivirus software, automation tools, assistants, monitoring apps, cleaners, password managers, and launchers do not fall under this category.
While AccessibilityService has its legitimate use cases, such as assisting users with disabilities in using Android devices and apps, the API has been extensively abused by bad actors in recent years to…
