Android 13 blocks malicious applications that abuse accessibility

With the arrival of Android 13 By the end of 2022, Google will fix spam-loaded applications that abuse accessibility APIs. For those who don’t know, accessibility APIs allow developers to offer tools, such as cloth speakers and speaker functions, to help users with hearing or visual impairments. Meanwhile, the best hackers have explored Android’s accessibility feature to seed malware and run other serious problems. Let’s take the MysteryBot malware, for example, which secretly monitors the input of touch-sensitive substance to record text so that you can record keystrokes in sensitive channels, such as login pages.

Malicious applications may also present a fake HTML cache that appears as a legitimate login screen for an application aimed at modifying authentication information. The Flubot malware, which will be all the rage in 2021, sends a text message to victims with a link to download an application that abuses accessibility to change credentials of banking and cryptocurrency applications. Google tried to curb the unnecessary use of accessibility APIs for apps listed in the Play Store, but when it comes to apps downloaded from third-party repositories, they have proven to be an Aquiles plug-in to the operating system.

This is going to move with Android 13. After the launch of the first public beta version of Android 13, Esperby Mishaal Rahman reviewed the updated application settings and found a native system that restricts accessibility APIs for sideloading applications. Android allows users to manually activate accessibility for certain applications, but the next operating system update may disable this manual alternative. Once there, users will see an error message that reads “for your security, this configuration is currently unavailable“If they try to grant access to an application downloaded from sources other than the Play Store.

Google is investigating applications listed in the Play Store that require accessibility resources, but this security protocol has not been implemented for applications downloaded as an APK file from the Internet. However, Google will not activate the limit for all side-loaded applications, as the company only sends applications with obscure and less legitimate fonts. It is not clear if there is an internal database that categorizes repositories of third party applications as legitimate or confiscated, but there is a parameter that will be helpful in creating the solution. And that parameter is the session-based package installation API. Rahman notes that “this installation method is generally used by app stores to provide a more perfect experience

For applications that require accessibility processes, but are installed from a source that does not implement the session-based package installer, the accessibility privilege is disabled by default. In a nutshell, users cannot grant accessibility permissions to hide sideload applications, even if they do. The script starts with the Files by Google application, which analyzes whether an application’s APK package conforms to the session-based package installation instructions. Once implemented in Android 13Malicious applications distributed through a suspicious web page or SMS link have less access to less access, preventing them from performing malicious tasks such as modifying confidential information.

Source: Esper

Leave a Reply

Your email address will not be published.