Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google To Kill a Bunch of Useful Android Apps That Rely On Accessibility Services (androidpolice.com)

Posted by BeauHD on from the cease-and-desist dept.

Slashdot reader Lauren Weinstein writes from a blog: My inbox has been filling today with questions regarding Google's new warning to Android application developers that they will no longer be able to access Android accessibility service functions in their apps, unless they can demonstrate that those functions are specifically being used to help users with "disabilities" (a term not defined by Google in the warning). Beyond the overall vagueness when it comes to what is meant by disabilities, this entire approach by Google seems utterly wrongheaded and misguided. "While the intended purpose is for developers to create apps for users with disabilities, the API is often used for other functionality (to overlay content, fill in text fields, etc.)," reports Android Police. "LastPass, Universal Copy, Clipboard Actions, Cerberus, Signal Spy, Tasker, and Network Monitor Mini are just a few examples of applications heavily using this API." It's likely Google is cracking down on apps that use Accessibility Services due to the security risks they pose. "Once granted the right permissions, the API can be used to read data from other apps," reports Android Police.
The developer of BatterySaver received the following message from Google:

We're contacting you because your app, BatterySaver System Shortcut, with package name com.floriandraschbacher.batterysaver.free is requesting the 'android.permission.BIND_ACCESSIBILITY_SERVICE.' Apps requesting accessibility services should only be used to help users with disabilities use Android devices and apps. Your app must comply with our Permissions policy and the Prominent Disclosure requirements of our User Data policy.

Action required: If you aren't already doing so, you must explain to users how your app is using the 'android.permission.BIND_ACCESSIBILITY_SERVICE' to help users with disabilities use Android devices and apps. Apps that fail to meet this requirement within 30 days may be removed from Google Play. Alternatively, you can remove any requests for accessibility services within your app. You can also choose to unpublish your app.

Alternatively, you can choose to unpublish the app. All violations are tracked. Serious or repeated violations of any nature will result in the termination of your developer account, and investigation and possible termination of related Google accounts.

If you've reviewed the policy and feel we may have been in error, please reach out to our policy support team. One of my colleagues will get back to you within 2 business days.

Regards,

The Google Play Review Team

105 comments

  1. some of these are useful because android sucks by Anonymous Coward · · Score: 2, Insightful

    some of these cover gaps in android and make it suck less

    when my devices are sluggish and quirky greenify is great

    how about google fixes android suck before breaking viable work-arounds?

    1. Re:some of these are useful because android sucks by ChunderDownunder · · Score: 1

      Huh, I thought Lauren was a woman's name.

    2. Re: some of these are useful because android sucks by Anonymous Coward · · Score: 0

      He's just upset because this change does nothing to promote censorship. Lauren sure does love telling other people what they're allowed to say.

    3. Re:some of these are useful because android sucks by EETech1 · · Score: 1

      Just like Ralph Lauren?!

  2. but they'll kill orders of magnitude more malware by Anonymous Coward · · Score: 0

    android is a dumpster fire.

  3. What they're really doing... by fieldstone · · Score: 2, Insightful

    Is cracking down on apps that use accessibility services as a way of getting around not having root access. Google really isn't very friendly to users having control over their own device. So much for "Don't be evil".

    1. Re:What they're really doing... by fieldstone · · Score: 1

      Like Greenify.

    2. Re:What they're really doing... by Anonymous Coward · · Score: 5, Insightful

      No, what they're really doing is making Android more secure.

      After your emotions settle and your knee-jerk rant that seems equivalent to "Bwaaaaa they're taking away my favorite app! QQ", you might eventually realize that removing gaping security holes is a good thing.

    3. Re:What they're really doing... by Anonymous Coward · · Score: 0

      Greenify is a scam. So are all of the other so-called "battery extenders".

      Sure, you can shut everything on your phone off and most phones even have that ability built-in. Too bad that makes your phone a worthless paperweight.

    4. Re:What they're really doing... by Dutch+Gun · · Score: 4, Insightful

      I don't WANT a random app to be able to skirt around not having root access by claiming to need permissions for "Accessibiliy". Google is doing the right thing here, even if the approach may be a bit clumsy or ham-fisted. They were rightly panned a while back (right here on Slashdot) when shown how the Accessibility API could lead to security issues and they dismissed it as "not a bug / working as intended".

      Android developers were using an API for purposes it was clearly never intended for. Only now it's understood that those APIs have security implications, so those "clever" hacks may no longer be viable. Google is now working to close those loopholes a bit by making sure app developers justify the use of those APIs, and the response is "Google Evil!" Perfect proof that you can twist *anything* to make it sound nefarious.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    5. Re:What they're really doing... by modmans2ndcoming · · Score: 1

      "Google isn't very friendly to people getting 1 million dollars from the google bank account. So much for "Don't be evil""

    6. Re:What they're really doing... by Anonymous Coward · · Score: 0

      Greenify doesn't shut down your phone. You can still receive calls and texts.
      Your phone can reject advertising and not report your location to random app writers without being "a worthless paperweight."

    7. Re:What they're really doing... by nasch · · Score: 2

      I don't WANT a random app to be able to skirt around not having root access by claiming to need permissions for "Accessibiliy".

      If my experience with LastPass is indicative, you really have to go out of your way to grant an app this kind of access, the app can't make it happen on its own.

      And if there isn't a woraround I may cancel my LastPass subscription, because most of what makes the mobile app useful is its ability to fill in usernames and passwords in other apps.

    8. Re:What they're really doing... by dns_server · · Score: 1

      There is a proper API for doing this so you no longer need to use the accessibility workaround to get this working.
      I believe Lastpass does use this api.

      From what I have heard every application needs to be updated to specify that it is a username and password input field and your password manager application can be used to query this information.

    9. Re:What they're really doing... by nasch · · Score: 1

      I realized even if they pull the app from the Play store, I still have it, and they can still distribute it from their web site.

      From what I have heard every application needs to be updated to specify that it is a username and password input field

      So functionality would be hit or miss based on what third party developers are doing. Sounds like a major step backward.

    10. Re:What they're really doing... by Anonymous Coward · · Score: 0

      Accessibility Services have to be manually enabled. It's up to the user to decide whether an app is allowed to use Accessibility or not. There are many very useful apps that use Accessibility to provide great features for power users. If the app is trustworthy, there is no security implication whatsoever.

      As an aside, security is only one reason Google is doing this. Another reason is protecting their grip on customer analytics, which are used for Google's advertising business. Other companies were partnering with some apps using Accessibility to gather analytics. Google feels it's their exclusive right to know everything about what users do with their phones. I would consider this to be a misuse of Accessibility, but we should also ask why is it okay for Google to compile so much info about users.

      Anyway, what happened to Slashdot? Siding with huge corporations against the freedom of users to decide for themselves how to use their device.

    11. Re:What they're really doing... by Hognoxious · · Score: 1

      Android developers were using an API for purposes it was clearly never intended for.

      It makes me think, "If what it was doing was so useful to so many people, then why wasn't there an API that was intended for that purpose?"

      Then again, I have more intellectual curiosity than a slug.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    12. Re:What they're really doing... by Anonymous Coward · · Score: 0

      'Don't be evil' was google in 1999.
      They are pure evil since they sold out to investors.
      Like every company that does that.

    13. Re:What they're really doing... by Merk42 · · Score: 1

      Perfect proof that you can twist *anything* to make it sound nefarious.

      This is slashdot, "$Company does $thing" is always met with anger, even, as the case here, when $Company does the opposite of $thing

    14. Re:What they're really doing... by Anonymous Coward · · Score: 0

      He proceeded to take all of his clothes off, and get completely naked, and started masturbating.

    15. Re:What they're really doing... by Anonymous Coward · · Score: 0

      fyi: Google dropped the whole "Don't be evil" in 2015.

    16. Re:What they're really doing... by Anonymous Coward · · Score: 0

      I get this, but there are specific applications I want to be able to do these things.

      I want Lightflow to be able to read my notifications and change the color of an LED.

      I want SignalSpy to be able to open the dialer and enter a string of text.

      Both of these are very important to how I use my phone, moreso SignalSpy than Lightflow, because I live in an area with "weird" cell coverage and need to use SignalSpy sometimes 30-40 times a day to switch carriers. (eg. it's more convenient to just push the Sprint button or T-Mobile button and everything is done than it is to open my dialer, dial *#*#344636#*#*, press call, open the dialer again, dial either *#*#34777#*#* or *#*#34866#*#* depending on the results of the first code, press call again)

      It's only a security hole if I go out of my way to give the application permission to do these things, which you have to do for them to work. They aren't taking away anyones favorite app, they're taking away the users ability to use their favorite app in the way they want to use it.

      P.S. LUDDITES.

    17. Re:What they're really doing... by AuMatar · · Score: 1

      Because a lot of times they're pushing the boundaries of what Google has even thought of doing.

      For example, I wrote some software that uses accessibility to get the text of other apps and send it to Google translate so I can get in app translation of things not written in English. There's no API to do that.

      --
      I still have more fans than freaks. WTF is wrong with you people?
    18. Re:What they're really doing... by Fencepost · · Score: 1

      Perhaps.

      But what they're doing in effect is saying "We're going to give you 30 days notice that apps purchased by millions of people will stop working until they're rewritten - and those rewrites will work on phones purchased recently-enough directly from Google and on the Samsung Galaxy S8 family running beta firmware."

      Which phones have Oreo already? Not very many. Which existing phones are going to get it? Some of them, someday, maybe, but based on past performance fewer than you'd hope for.

      I currently have and use at least 5 paid apps or subscribed services that either do or can use these permissions, and I don't think any of them are outside the mainstream of what people use or should expect to have working - AVG, LastPass, Join, Tasker, Calcy IV (my hidden shame! though it prompts every time for an overlay instead of globally requesting via Accessibility). Lookout (AV) and Nova Launcher are both also on the list that could have Accessibility turned on but don't.

      This seems like a remarkably hostile move by Google considering the well-documented other problems they've had and continue to have with apps on the Play store.

      --
      fencepost
      just a little off
    19. Re:What they're really doing... by kaizendojo · · Score: 1
      Not to mention that this statement isn't really accurate:

      Perhaps I'd find this sudden concern about security a bit more believable if Google hadn't allowed every app that's come down the pipe since the Stone Age basically to rape whatever device it's installed on. Why does just about every game in the app store "need" access to my contacts, or permission to read my browser history?

      Google isn't allowing it, you are when you install it. Google tells you about it and lets you decide.

    20. Re:What they're really doing... by omnichad · · Score: 1

      Yes - the Autofill API:
      https://blog.lastpass.com/2017...

    21. Re:What they're really doing... by farble1670 · · Score: 1

      Google really isn't very friendly to users having control over their own device.

      1. You can turn on "allow non-market apps" on any Android device and load whatever app you want.
      2. If that's not enough, you can root any Android device, including Google's Pixel phones, and really do whatever you want.

    22. Re:What they're really doing... by farble1670 · · Score: 1

      "We're going to give you 30 days notice that apps purchased by millions of people will stop working until they're rewritten

      Did you read this?

      Action required: If you aren't already doing so, you must explain to users how your app is using the 'android.permission.BIND_ACCESSIBILITY_SERVICE' to help users with disabilities use Android devices and apps. Apps that fail to meet this requirement within 30 days may be removed from Google Play. Alternatively, you can remove any requests for accessibility services within your app. You can also choose to unpublish your app.

      They aren't going to stop working. You just won't get updates from the Play store anymore.

    23. Re:What they're really doing... by lexman098 · · Score: 1

      I don't WANT a random app to be able to skirt around not having root access by claiming to need permissions for "Accessibiliy".

      They can't. You would have to specifically go into the accessibility settings and move the slider to "on" for that app. Just don't do that. What I don't WANT is privacy nuts like you demanding a reduction in currently functionality that I happen to find extremely useful.

    24. Re:What they're really doing... by Hognoxious · · Score: 1

      Google aren't omniscient? WTF? Was that mentioned in the EULA?

      But rather that's my point. I quite like your and I think it could be useful - but why isn't there a vanilla, non- accessibility, API to get the text?

      It's like an os where there's no grep, but only an accessibility-grep.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  4. So I don't get to write the program that I want by innocent_white_lamb · · Score: 1, Insightful

    So I don't get to write the program that I want even though the functionality is there.

    Remind me again why it's worth learning to write programs. I always thought it was so I could create the functionality that I wanted to create; something is missing here that I want or can use so I'll make a program to fill in that gap.

    Can't do that any more unless you have permission from the higher-ups, I guess. So much for my computer, my rules.

    --
    If you're a zombie and you know it, bite your friend!
    1. Re:So I don't get to write the program that I want by Anonymous Coward · · Score: 2, Informative

      Can't do that any more unless you have permission from the higher-ups, I guess. So much for my computer, my rules.

      That is correct.

      Billions of people have voted against "my computer, my rules" by buying devices with phone-home level control given to someone else. Thus, the market provided what those people voted for with their dollars.

      The personal computer era is over. What we have now is the spy-device and content-consumption-device era.

    2. Re:So I don't get to write the program that I want by Anonymous Coward · · Score: 0

      Only affects the Play Store, so you have a harder time with distribution and selling it to others, it does not prevent you from coding whatever you want personally.

    3. Re:So I don't get to write the program that I want by viperidaenz · · Score: 2

      They're not stopping you doing anything with your own device. You can load any app you wish without the Play Store.
      They're stopping apps using accessibility services for the wrong purpose. They've been criticised for the security issues related to these API's in the past.

      No Android device stops you side-loading apps.

    4. Re:So I don't get to write the program that I want by Ayano · · Score: 1

      Then side load, and root. There's nothing really stopping you..

      --
      I don't read AC
    5. Re:So I don't get to write the program that I want by Anonymous Coward · · Score: 0

      The few spoil it - See, what happens is there are a lot of legit uses for this stuff (lastpass etc).

      But then... some apps come along and do stupid things. (The Windows ecosystem is terrible for this - people asking "how do I write my installer so that it adds to the system tray area" and similar obnoxious behaviour. Some idiot in a suit thinks that it's the right thing that THEIR application is somehow more important than the user's experience.

      Operating system developers fight back with putting apps in sandboxes so they are technologically confined to acceptable behaviour. Problem is, sometimes, an app CAN be trusted with more power than the sandbox allows, but sadly the OS developers have to take a one size for all approach least they get sued.

    6. Re:So I don't get to write the program that I want by Anonymous Coward · · Score: 0

      And it's better that way. The personal computer era promised much and never delivered. The appliance computing device era did.

    7. Re:So I don't get to write the program that I want by Dog-Cow · · Score: 2

      You are a stupid shit, so whether you try (and fail) to learn to program is immaterial.

      Google isn't stopping you from using these APIs in your own apps on your own device.

    8. Re:So I don't get to write the program that I want by Anonymous Coward · · Score: 0

      Care to share with the class exactly what "appliance computing" has promised and delivered?

    9. Re:So I don't get to write the program that I want by thejynxed · · Score: 1

      Some do. It depends on the manufacturer and if they hid those settings or not, especially once they set SELinux Strict. There are a few LG and Samsung models that I am well aware of that don't allow you to load any apps outside of either the official Play Store or in Samsung's case, their own market as well. Those particular models also have locked bootloaders and can't be rooted.

      --
      @Mindless Drivel: 100% of Twitter posts ever Tweeted.
    10. Re:So I don't get to write the program that I want by farble1670 · · Score: 1

      Can't do that any more unless you have permission from the higher-ups, I guess. So much for my computer, my rules.

      You can do anything you want with your device. Side load apps. Root it. Put it in a blender. Whatever you want.

  5. What? by JoeDuncan · · Score: 3, Funny

    Google is going to kill a bunch of disabled people with Androids? What?

    1. Re: What? by Anonymous Coward · · Score: 0

      Was drinking water and read this... Floor is a mess now ðYðYðY

    2. Re:What? by 93+Escort+Wagon · · Score: 1

      Google is going to kill a bunch of disabled people with Androids? What?

      That was the plan - but, perhaps fortunately, Larry and Sergei lost interest and now it's been EOL'ed.

      --
      #DeleteChrome
    3. Re:What? by l0n3s0m3phr34k · · Score: 1

      The new program is call Secure Key Yields Network Environmental Trusts...SKYNET for short.

    4. Re:What? by Anonymous Coward · · Score: 0

      No no.. Google is going to kill a bunch of Androids with disabled people!

      or wait.. was it ... Google is going to kill a bunch of APPs with disabled people?

      Or maybe.... Google is going to kill a bunch of disabled APPS with people?! I get confused now!

    5. Re:What? by Anonymous Coward · · Score: 0

      or maybe google is going to kill luddite software with appy apps?

  6. Isn't this OK because Android is not a walled gard by SuperKendall · · Score: 1

    So this is a serious question, since people can side load android apps more easily than jailbreaking an iPhone, could not some of these apps realistically just offer apps outside the Play store? I know it would cut down a great deal on people willing to bother but at least it's still a path.

    Or would Google frown on this and start shutting down developer accounts?

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  7. It's unfortunate truth about accessibility feature by layabout · · Score: 5, Informative

    As someone who is disabled and depending on speech recognition, I've often wondered how to reconcile the need for security with accessibility systems need for deep access into applications. I think the industry is taking the approach of telling disabled people "sucks to be you, go make a living selling pencils on the street corner".

    Deep access is needed because the information present in a GUI is insufficient for building grammars speech recognition environments. But even if we could live with the GUI, accessibility needs are wide open holes in system security. When you're disabled, you need to automate common tasks and you need to make decisions about state of the application in order to do the right thing. For example, if I want to download bank statements from the bank, I should be able to automate and automate naming the given PDF the right name but I can't. However giving me that capability would transfer enormous power not just to me but to any attacker.

    It's time to start spending all of those tech billions to sending disabled people to that happy farm in the country where your parents sent your dog when it got old. I'm all for this cause I'm tired of arguing with developers about why accessibility is a needed and important part of giving a disabled person independent and satisfying life.

  8. Re:It's unfortunate truth about accessibility feat by AvitarX · · Score: 4, Insightful

    Google seems to be saying "tell us how your app helps access" not sucks to be you.

    They're making a small hurdle to have apps distributed in the official store, they don't seem to be eliminating the API or blocking apps that actually are for access.

    --
    Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
  9. Re:It's unfortunate truth about accessibility feat by FrankSchwab · · Score: 2

    >>>I've often wondered how to reconcile the need for security with accessibility systems need for deep access into applications

    The easiest way that springs to mind is to NOT make the accessibility features of the OS available unless the user specifically asks for them. I'm temporarily able-bodied, so I don't need such features - and preventing every app under the sun from using them makes for a more secure system. If 75% of the systems don't support accessibility, the amount of malware targeting accessibility will be vanishingly small.

    That said, having accessibility "Off" be default is no excuse for app developers to not support it. Yes, you can write an app and not support accessibility - but it's an anti-social thing to do.

    --
    And the worms ate into his brain.
  10. Re:Isn't this OK because Android is not a walled g by Anonymous Coward · · Score: 0

    It's a path to get it, but for the most part only existing fans of the apps are going to use them. Depending on the app, there may be other play services that may require being listed in the Play Store (such as advertising hooks), so this could eat into their income and/or cause the app to end up using less trustworthy advertising networks.

    Additionally, installing apps from random places is just not as secure. It's one of the primary ways Windows and even Android ends up with malware.

    Unlikely Google would shut down any accounts over it. Besides, if the developer is only doing one main thing, there is no developer account needed. That's only to be listed in the store.

  11. "Her" blog? by 110010001000 · · Score: 1

    I'm so confused.

    1. Re:"Her" blog? by 93+Escort+Wagon · · Score: 1

      BeauHD got confused because Lauren didn't include his middle name, Francis.

      --
      #DeleteChrome
    2. Re:"Her" blog? by Anonymous Coward · · Score: 0

      BeauHD got confused with the name Lauren and thought it was a chick.

      Who wants to bet that the only reason this made the front page was cause Beau thought it was a chick. Cause this is otherwise a nonstory. Frankly even if it was a story, it would be GOOD. Lock apps out of accessibility unless the end user opts in would be ideal.

  12. The ability for an app to read another's data... by Ayano · · Score: 1

    .. especially in a permission per app restricted environment, is dangerous. Root your device and do what you will, but this is a secure move for the public facing store where the general layman won't know what completely entails 'accessibility' permissions.

    --
    I don't read AC
  13. that shiny new device you just 'bought'? by Anonymous Coward · · Score: 0

    it's not yours... it's OURS

  14. Re:It's unfortunate truth about accessibility feat by MouseR · · Score: 1

    It's also a problem for accessibility laws.

    On iOS, we use accessibility identifiers as UI identifiers for the UI automated tests that run as part of every build upon a commit. Same thing happens for our Android version.

    I'm unimpressed at Google trying to weed out "casual" users of their accessibility in order to minimize a security issue that's their problem. Even if an app has marginal support for accessibility, it's still a good thing as opposed to not having accessibility altogether.

  15. So "fix" the problem... by frank_adrian314159 · · Score: 1

    Add some bullshit accessibility feature to your app and then you have a reason to use the API. And you can use it to your devious heart's content. Better yet, do the disabled people in the world a service and add decent accessibility features to your app. Then you'd be doing good and have earned the moral (if not legal) right to abuse (at least in its corporate owners' eyes) the API.

    --
    That is all.
  16. Google's concern seems a bit hollow by hyades1 · · Score: 3, Interesting

    Perhaps I'd find this sudden concern about security a bit more believable if Google hadn't allowed every app that's come down the pipe since the Stone Age basically to rape whatever device it's installed on. Why does just about every game in the app store "need" access to my contacts, or permission to read my browser history?

    I have only one Android device, a tablet. The first thing I did after getting it home was to root it and install CyanogenMod.

    I wish I could believe this move by Google meant they intended to reexamine a corporate mindset apparently dedicated to the utter destruction of any vestige of privacy among those using its ubiquitous services.

    Sadly, I can harbour no such illusions. That's unfortunate, because this admittedly security-related measure will hurt many people who don't regard themselves as "disabled", but who need easy access to the services affected.

    --
    I've calculated my velocity with such exquisite precision that I have no idea where I am.
    1. Re:Google's concern seems a bit hollow by Anonymous Coward · · Score: 0, Troll

      Never fear, mate, Google Asshole Shawn Willden would assure you that the utter destruction of privacy is a Really Good Thing!!!

    2. Re:Google's concern seems a bit hollow by Anonymous Coward · · Score: 1

      " Why does just about every game in the app store "need" access to my contacts"

      It doesn't, but the same privilege controls access to accounts on the device. This includes your google account to login to the Google Play Games in order to access achievements and leader-boards etc. Most games cope fine if you refuse the permission.

      Blame Google for some of the questionable bundling decisions they made, but to be fair, they only bundled them because people kept complaining they had too many permissions.

    3. Re:Google's concern seems a bit hollow by Anonymous Coward · · Score: 0

      Don't creimer the swilden you worthless troll!

    4. Re:Google's concern seems a bit hollow by farble1670 · · Score: 1

      Perhaps I'd find this sudden concern about security a bit more believable if Google hadn't allowed every app that's come down the pipe since the Stone Age basically to rape whatever device it's installed on.

      Because you granted it that access when you were shown the permissions at pre-install time and chose to install the app anyway?

      Why does just about every game in the app store "need" access to my contacts, or permission to read my browser history?

      Browser history is not a permission. It's private data to the browser app and no app can read another app's private data without being signed with the same cert.

      I have only one Android device, a tablet. The first thing I did after getting it home was to root it and install CyanogenMod.

      Great job. By rooting it you just opened the doors wide open for an app to literally do anything it wants including reading the memory space of other apps.

  17. Equal Rights by jlgreer1 · · Score: 0

    According to the US EEOC, a disability is any medical condition that interferes with a major life function. The intent is for a broad interpretation not one that has to be litigated in the courts. The intent is to provide accommodations for individuals that need them. Individuals are not required to prove their disability. I can see this as a class action against Google composed of individuals that are being discriminated against due to their disability. Basis = disability. Issue = prevention of necessary accommodations. Resolution = provide accommodations.

  18. R o T f L m A o... apk by Anonymous Coward · · Score: 0

    See subject & what you said (lol) - picture that!

    * I ordinarily don't "go for" posts like yours, but "ya got me"!

    APK

    P.S.=> Very funny JoeDuncan... apk

  19. Re:It's unfortunate truth about accessibility feat by techno-vampire · · Score: 2

    As someone who is disabled...

    I'm also disabled, but I don't need speech recognition. I'm partially deaf, with tinnitus, so what I often need is more text, less voice. And, I'm diabetic, which is considered a disability, but I don't need any special technology for that. The point here is, there are many kinds of disability, and different people need different forms of assistance to work around them. There's no way this can fit into a One Size Fits All package, although I'd not be at all surprised to learn that that's exactly what Google is trying to do.

    --
    Good, inexpensive web hosting
  20. Re:It's unfortunate truth about accessibility feat by vux984 · · Score: 2

    I'm unimpressed at Google trying to weed out "casual" users of their accessibility in order to minimize a security issue that's their problem.

    How is the security issue 'their problem' ?

    Its a catch-22. If I give a screen-reader app access to read my screen when using other apps, then it can read the text my screen... even when I'm looking at my saved passwords in my password app.

    If you write an app that asks for accessibility permissions, how do i know it isn't scraping my screen and sending my passwords to your mothership?

    You can't 'fix' that. That's the nature of the accessibility functionality. The only thing that is reasonable is what they are doing... looking at the apps that are asking for accessibility permission and verifying that they need it.

    At least that way I can't write a flashlight / fart app... give it accessibility support, and rip off your passwords. I'm going to at least have to come up with some actual utility for the accessibility API to justify using those APIs.

    If anything, it needs to go further, more granular access to the API, and deeper audits of any programs using them.

  21. Re:Isn't this OK because Android is not a walled g by JohnFen · · Score: 2

    could not some of these apps realistically just offer apps outside the Play store?

    Yes. There are numerous apps that do exactly this.

    My personal opinion is that, given that app stores are designed to cater to people who want to treat their phones as an "appliance" rather than a computer, it makes sense to lock them down tightly enough so that my grandma won't get into trouble if she stays with the app store.

    The rest of us, who use our phones as computers, can get our apps outside of that walled garden.

    I really can't see any other way to make the phones secure enough for the clueless and still powerful enough for the clueful.

  22. Re:It's unfortunate truth about accessibility feat by nasch · · Score: 2

    The easiest way that springs to mind is to NOT make the accessibility features of the OS available unless the user specifically asks for them.

    That's already how it is. You have to go into settings and flip a switch, which then prompts a scary warning about how the app can pwn your device, which you then have to agree to. Only after all that will the app have these features available. Apparently that is not safe enough?

  23. Problem solved by Anonymous Coward · · Score: 0

    Every android user has a mental disability, otherwise they won't be using android in the first place.

    1. Re:Problem solved by desdinova+216 · · Score: 1

      and I presume iPhone users do not?

  24. Yes by Anonymous Coward · · Score: 0

    And homeless people make *great* wifi hotspots. Fuck Google.

  25. Re:It's unfortunate truth about accessibility feat by Ichijo · · Score: 1

    If you write an app that asks for accessibility permissions, how do i know it isn't scraping my screen and sending my passwords to your mothership? You can't 'fix' that.

    Why does a screen reader for the blind needs network access? Does it take a screenshot and send it to India where someone reads it and sends the audio back to your app?

    So maybe the fix is to prohibit an app from having both network access and accessibility permissions. It can have one or the other but not both.

    --
    Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
  26. Review Team don't know anything about programming by Anonymous Coward · · Score: 0

    Can't just @GooglePlayDev add special section for usage of Accessibility Service to approve a feature inside apps and then give a sign to eligible apps!? (Like #AndroidWear)

  27. Re:It's unfortunate truth about accessibility feat by vux984 · · Score: 2

    Why does a screen reader for the blind needs network access?

    Because
    - it uses a cloud service to assist with text to speech.
    - it uses a cloud service to sync your settings and preferences between other instances of the screen reader you have on other devices.
    - it has a remote assist feature you can invoke to manually send a screenshot to our support team and a human will verify / correct the machine interpretation -- super handy if the screenreader is reading out gibberish and you need help! ....

    - I could go on...

  28. Re:It's unfortunate truth about accessibility feat by tepples · · Score: 1

    1. Do the text to speech directly on the pocket computer rather than relying on a service on the other side of the Internet that won't be available on an offline tablet anyway. Pocket computers nowadays are over a thousand times faster than the 8-bit MOS 6502 clocked at 1.02 MHz on which SAM (Software Automatic Mouth) ran.
    2. Sync the settings only when the settings activity is frontmost. Open no sockets when the settings activity is not frontmost.
    3. Seek Google's permission to whitelist the "remote assist feature" for your Google Play Store publishing account.

  29. Re: It's unfortunate truth about accessibility fea by liefer · · Score: 1

    What are you talking about? He never said anything like that

  30. RIP gaming by Anonymous Coward · · Score: 0

    I used some accessibility app to disable the app switcheroo button because I kept touching it while gaming. Fucking alphabet SJW commie cunts.

  31. Re: It's unfortunate truth about accessibility fea by AvitarX · · Score: 1

    I guess I misread the end of the first paragraph, and unreasonably tied it to the article.

    --
    Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
  32. Bixby button by Anonymous Coward · · Score: 0

    Thank you Google, for helping Samsung prevent us from remapping the Bixby button to something useful.

  33. Re: It's unfortunate truth about accessibility fea by Anonymous Coward · · Score: 0

    Sorry, just to clarify - I meant he never said anything like that except for the part where he specifically did say that. There, happy now, Mr. Pedantic?

  34. Google Always Said Other Use Cases Were Ok by joaomgcd · · Score: 1

    Since at least when I started working on AutoInput Google have said that accessibility services could be used for other situations other than to help disabled people. Even now this page lists other use cases: https://developer.android.com/... You can see how there's a note there: Note: Your app should use platform-level accessibility services only for the purpose of helping users with disabilities interact with your app. This note was only added very recently. Check out this version of the page from July: https://web.archive.org/web/20... This means that until a few months ago developers were using these APIs exactly how they were meant to be used: in a way that helps people use their devices in situations that they can't physically touch or otherwise handle their Android device.

  35. Re:It's unfortunate truth about accessibility feat by Hognoxious · · Score: 1

    And, I'm diabetic, which is considered a disability, but I don't need any special technology for that.

    You don't need it yet. A common side effect is eye damage but you knew that, I hope.

    The point here is, there are many kinds of disability, and different people need different forms of assistance to work around them.

    And what's a necessity to the disabled can still be a great convenience for the able-bodied. Wheelchair ramps is great if you're carting a baby around.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  36. Re:It's unfortunate truth about accessibility feat by theCoder · · Score: 1

    For example, if I want to download bank statements from the bank, I should be able to automate and automate naming the given PDF the right name but I can't.

    Why should I have to be disabled to be able to automate a thing like that? Downloading the bank statement and naming it right is an annoyingly long process, not least of which is because the bank's server doesn't suggest a name ending with ".pdf" so the save file dialog shows existing files that end in ".aspx' instead.

    Other things like screen readers or screen magnifiers are useful for people with otherwise fine sight under some circumstances.

    So basically, the things that are necessary for some disabled people to use the service are also often useful for able bodied people. Those developers you're arguing with should realize that they can make a better experience for EVERYONE by making their app/website/whatever more accessible.

    --
    "Save the whales, feed the hungry, free the mallocs" -- author unknown
  37. Re:It's unfortunate truth about accessibility feat by Jerry+Atrick · · Score: 1

    It's not safe enough because the average Android user blindly clicks through even the scary warnings after years of too many apps having to work round missing APIs. If nothing else Google will get a clearer idea what's still missing in their API.

    As an app developer I don't hurry to switch working functionality to use newer APIs, we need a kick sometimes to do it. Especially when we've used hacky tricks to get stuff done.

  38. Re:It's unfortunate truth about accessibility feat by Merk42 · · Score: 1

    1. Do the text to speech directly on the pocket computer rather than relying on a service on the other side of the Internet that won't be available on an offline tablet anyway. Pocket computers nowadays are over a thousand times faster than the 8-bit MOS 6502 clocked at 1.02 MHz on which SAM (Software Automatic Mouth) ran. 2. Sync the settings only when the settings activity is frontmost. Open no sockets when the settings activity is not frontmost. 3. Seek Google's permission to whitelist the "remote assist feature" for your Google Play Store publishing account.

    Wouldn't #2 still require that the app needs network access?

  39. Re:It's unfortunate truth about accessibility feat by Anonymous Coward · · Score: 0

    Why does a screen reader for the blind needs network access?

    Because it's not screen readers for the blind they are banning.

    It's all the crap that promises to do one thing, which may need network permission, but even though it's NOT a screen reader, it still needs access to the screen reader API.

  40. Re:It's unfortunate truth about accessibility feat by tepples · · Score: 1

    Wouldn't [sync of an accessibility app's settings between devices while the sync activity is in foreground] still require that the app needs network access?

    It requires network access for the separately downloaded sync app, not for the TTS app with which it communicates through same-publisher IPC. Those who don't want sync can choose not to download the optional sync feature.

  41. Re:Isn't this OK because Android is not a walled g by AuMatar · · Score: 1

    They can- but they lose the easiest way of advertising and promoting their apps. Getting people to do it from the playstore is hard enough, getting people to do it from a website is an order of magnitude harder.

    --
    I still have more fans than freaks. WTF is wrong with you people?
  42. Re:It's unfortunate truth about accessibility feat by AuMatar · · Score: 1

    Yeah- the number of people who would actually understand and download two apps to get the full features of one app is approximately 0. I'd be confused and not trust it as a programmer- forget nontech savy

    --
    I still have more fans than freaks. WTF is wrong with you people?
  43. Re:It's unfortunate truth about accessibility feat by vux984 · · Score: 1

    "1. Do the text to speech directly on the pocket computer rather than relying on a service on the other side of the Internet that won't be available on an offline tablet anyway. Pocket computers nowadays are over a thousand times faster than the 8-bit MOS 6502 clocked at 1.02 MHz on which SAM (Software Automatic Mouth) ran."

    Sure I could do it directly on the device, and will even fall back to that, but I can do it better in the cloud.

    "2. Sync the settings only when the settings activity is frontmost. Open no sockets when the settings activity is not frontmost."

    My malicious app just stores the data it wants to send out and it goes out 'when the settings activity is frontmost'. I don't know why you thought this was a solution.

    "3. Seek Google's permission to whitelist the "remote assist feature" for your Google Play Store publishing account."

    Precisely. This is basically what google has done, you need to ask google to whitelist your use of the accessibility feature. You have to justify it, and it still comes down to trust. My app could still be malicious.

    But at least I have to put in the work of making a useful TTS app to get whitelisted. I can't just clone some popular game, and include some accessibility malware to rip off your passwords, without so much as a by-your-leave.

    Its not fool proof... but its progress.

  44. Lastpass by Tighe_L · · Score: 1

    Now that Google has their own version of Lastpass of course they would want to gimp Lastpass...

    1. Re:Lastpass by omnichad · · Score: 2

      Autofill API: https://blog.lastpass.com/2017...

    2. Re:Lastpass by Tighe_L · · Score: 1

      Thanks! I have Android 8 and while the option is there the only service currently available is "Autofill with Google." I'm using the most current version of Lastpass too.

  45. This will break LastPass by Anonymous Coward · · Score: 0

    It uses the disability system. FUCK!

    1. Re:This will break LastPass by bill_mcgonigle · · Score: 1

      By pure coincidence, Google has just integrated a LastPass competitor into Chrome. You should send all of your passwords to Google and stop being cautious about putting too much trust in any one vendor. #badsecurityadvice

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  46. Re:It's unfortunate truth about accessibility feat by tepples · · Score: 1

    My malicious app just stores the data it wants to send out and it goes out 'when the settings activity is frontmost'. I don't know why you thought this was a solution.

    You have a point. Let me revise my mitigation:

    Do not obtain assistive apps from Google Play Store. Instead, obtain them from F-Droid, which rebuilds each package from source code before making it available to users, and audit the source code that F-Droid built.

  47. Re:It's unfortunate truth about accessibility feat by vux984 · · Score: 1

    Heh, ok. I like f-droid too, and I agree this is the best technical solution.

    I'm not sure its a practical solution, in that, if you are blind and need a text reader, limiting yourself to f-droid may not really be a viable solution.

    (And of course there is the catch-22 that a blind person can't audit the source without first obtaining a good text reader. But hopefully we can rely on some sighted friends or security researchers.)

  48. Re:It's unfortunate truth about accessibility feat by techno-vampire · · Score: 1

    You don't need it yet. A common side effect is eye damage but you knew that, I hope.

    Yes, I had a friend who had that happen. I've always taken care of myself, and after fifteen years, there's no retinopathy or neuropathy, although I have had cataracts removed.

    --
    Good, inexpensive web hosting
  49. Re:Isn't this OK because Android is not a walled g by farble1670 · · Score: 1

    So this is a serious question, since people can side load android apps more easily than jailbreaking an iPhone, could not some of these apps realistically just offer apps outside the Play store? I know it would cut down a great deal on people willing to bother but at least it's still a path.

    Yes, and you can even sideload a different app store such as F-Droid, same as how the Amazon app store works.
    https://f-droid.org/

    Or would Google frown on this and start shutting down developer accounts?

    There are thousands of developers that work outside of the Play store. I think we would have heard about it.

  50. Re:It's unfortunate truth about accessibility feat by farble1670 · · Score: 1

    I'm unimpressed at Google trying to weed out "casual" users of their accessibility in order to minimize a security issue that's their problem. Even if an app has marginal support for accessibility, it's still a good thing as opposed to not having accessibility altogether.

    Um, what? They are weeding out uses of accessibility APIs for non-accessibility purposes. If your app has a legitimate use for accessibility all that's required is a description of that sent to Google.