Android 14 apps may limit malicious apps from accessing content to improve security
This year's Android update, Android 14, includes a new option for Android apps to prevent malicious apps from accessing their content. The move is designed to improve security, especially for important applications such as authenticator apps, brokerage apps, and other apps that are of a sensitive nature.
Content stealing malware, for instance those aimed at stealing two-factor authentication codes, are not as common as other types on Android, but there have been cases in the past. To gain access to another application's data, malware apps have used the Accessibility service in the past.
Legitimate accessibility apps, like screen readers or narrators, need access to other apps to assist Android users who require them. They help navigate apps and inform users about what is happening on the screen. This powerful feature set has been used by malicious apps in the past.
Google implemented changes in previous versions of Android to limit these dangers. In Android 12, it introduced a new attribute for apps, which they needed to declare, if they included accessibility functionality. Apps without the declaration could not be uploaded to Google Play anymore.
Then, in Android 13, Google hammered down on the use of Accessibility functionality in sideloaded apps. It was a logical consequence, after having introduced the new attribute in Android 13. This new restriction made it harder for malicious apps to trick users into enabling Accessibility functionality, but it was still possible. In essence, Google limited the option to enable Accessibility functionality for sideloaded apps.
Now, in Android 14, comes the next limitation. Application developers may enable a new setting in their application, which limits access to Accessibility tools that have declared their status. The change prevents non-Store apps from using Accessibility functionality to access an application's data.
While it is still possible that malicious apps with the right declaration pass the Google Play protections to be offered there, it is limiting malicious apps that use Accessibility functionality significantly. Clearly, the change is also limiting apps that are not malicious from making use of accessibility features.
One of the downsides of the change in Android 14 is that apps need to have the feature enabled. There is a good chance that many high security apps will implement it to improve security further, but it will take some time before the majority of these apps have implemented the change. Also, since it requires Android 14, many users of Android won't benefit from the change unless the new version is offered for their device. (via Esper)
