Slashdot Mirror
Google To Kill a Bunch of Useful Android Apps That Rely On Accessibility Services (androidpolice.com)
Slashdot reader Lauren Weinstein writes from a blog: My inbox has been filling today with questions regarding Google's new warning to Android application developers that they will no longer be able to access Android accessibility service functions in their apps, unless they can demonstrate that those functions are specifically being used to help users with "disabilities" (a term not defined by Google in the warning). Beyond the overall vagueness when it comes to what is meant by disabilities, this entire approach by Google seems utterly wrongheaded and misguided. "While the intended purpose is for developers to create apps for users with disabilities, the API is often used for other functionality (to overlay content, fill in text fields, etc.)," reports Android Police. "LastPass, Universal Copy, Clipboard Actions, Cerberus, Signal Spy, Tasker, and Network Monitor Mini are just a few examples of applications heavily using this API." It's likely Google is cracking down on apps that use Accessibility Services due to the security risks they pose. "Once granted the right permissions, the API can be used to read data from other apps," reports Android Police.
The developer of BatterySaver received the following message from Google:
We're contacting you because your app, BatterySaver System Shortcut, with package name com.floriandraschbacher.batterysaver.free is requesting the 'android.permission.BIND_ACCESSIBILITY_SERVICE.' Apps requesting accessibility services should only be used to help users with disabilities use Android devices and apps. Your app must comply with our Permissions policy and the Prominent Disclosure requirements of our User Data policy.
Action required: If you aren't already doing so, you must explain to users how your app is using the 'android.permission.BIND_ACCESSIBILITY_SERVICE' to help users with disabilities use Android devices and apps. Apps that fail to meet this requirement within 30 days may be removed from Google Play. Alternatively, you can remove any requests for accessibility services within your app. You can also choose to unpublish your app.
Alternatively, you can choose to unpublish the app. All violations are tracked. Serious or repeated violations of any nature will result in the termination of your developer account, and investigation and possible termination of related Google accounts.
If you've reviewed the policy and feel we may have been in error, please reach out to our policy support team. One of my colleagues will get back to you within 2 business days.
Regards,
The Google Play Review Team
The developer of BatterySaver received the following message from Google:
We're contacting you because your app, BatterySaver System Shortcut, with package name com.floriandraschbacher.batterysaver.free is requesting the 'android.permission.BIND_ACCESSIBILITY_SERVICE.' Apps requesting accessibility services should only be used to help users with disabilities use Android devices and apps. Your app must comply with our Permissions policy and the Prominent Disclosure requirements of our User Data policy.
Action required: If you aren't already doing so, you must explain to users how your app is using the 'android.permission.BIND_ACCESSIBILITY_SERVICE' to help users with disabilities use Android devices and apps. Apps that fail to meet this requirement within 30 days may be removed from Google Play. Alternatively, you can remove any requests for accessibility services within your app. You can also choose to unpublish your app.
Alternatively, you can choose to unpublish the app. All violations are tracked. Serious or repeated violations of any nature will result in the termination of your developer account, and investigation and possible termination of related Google accounts.
If you've reviewed the policy and feel we may have been in error, please reach out to our policy support team. One of my colleagues will get back to you within 2 business days.
Regards,
The Google Play Review Team
some of these cover gaps in android and make it suck less
when my devices are sluggish and quirky greenify is great
how about google fixes android suck before breaking viable work-arounds?
Is cracking down on apps that use accessibility services as a way of getting around not having root access. Google really isn't very friendly to users having control over their own device. So much for "Don't be evil".
Google is going to kill a bunch of disabled people with Androids? What?
As someone who is disabled and depending on speech recognition, I've often wondered how to reconcile the need for security with accessibility systems need for deep access into applications. I think the industry is taking the approach of telling disabled people "sucks to be you, go make a living selling pencils on the street corner".
Deep access is needed because the information present in a GUI is insufficient for building grammars speech recognition environments. But even if we could live with the GUI, accessibility needs are wide open holes in system security. When you're disabled, you need to automate common tasks and you need to make decisions about state of the application in order to do the right thing. For example, if I want to download bank statements from the bank, I should be able to automate and automate naming the given PDF the right name but I can't. However giving me that capability would transfer enormous power not just to me but to any attacker.
It's time to start spending all of those tech billions to sending disabled people to that happy farm in the country where your parents sent your dog when it got old. I'm all for this cause I'm tired of arguing with developers about why accessibility is a needed and important part of giving a disabled person independent and satisfying life.
Can't do that any more unless you have permission from the higher-ups, I guess. So much for my computer, my rules.
That is correct.
Billions of people have voted against "my computer, my rules" by buying devices with phone-home level control given to someone else. Thus, the market provided what those people voted for with their dollars.
The personal computer era is over. What we have now is the spy-device and content-consumption-device era.
Google seems to be saying "tell us how your app helps access" not sucks to be you.
They're making a small hurdle to have apps distributed in the official store, they don't seem to be eliminating the API or blocking apps that actually are for access.
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
>>>I've often wondered how to reconcile the need for security with accessibility systems need for deep access into applications
The easiest way that springs to mind is to NOT make the accessibility features of the OS available unless the user specifically asks for them. I'm temporarily able-bodied, so I don't need such features - and preventing every app under the sun from using them makes for a more secure system. If 75% of the systems don't support accessibility, the amount of malware targeting accessibility will be vanishingly small.
That said, having accessibility "Off" be default is no excuse for app developers to not support it. Yes, you can write an app and not support accessibility - but it's an anti-social thing to do.
And the worms ate into his brain.
They're not stopping you doing anything with your own device. You can load any app you wish without the Play Store.
They're stopping apps using accessibility services for the wrong purpose. They've been criticised for the security issues related to these API's in the past.
No Android device stops you side-loading apps.
Perhaps I'd find this sudden concern about security a bit more believable if Google hadn't allowed every app that's come down the pipe since the Stone Age basically to rape whatever device it's installed on. Why does just about every game in the app store "need" access to my contacts, or permission to read my browser history?
I have only one Android device, a tablet. The first thing I did after getting it home was to root it and install CyanogenMod.
I wish I could believe this move by Google meant they intended to reexamine a corporate mindset apparently dedicated to the utter destruction of any vestige of privacy among those using its ubiquitous services.
Sadly, I can harbour no such illusions. That's unfortunate, because this admittedly security-related measure will hurt many people who don't regard themselves as "disabled", but who need easy access to the services affected.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
As someone who is disabled...
I'm also disabled, but I don't need speech recognition. I'm partially deaf, with tinnitus, so what I often need is more text, less voice. And, I'm diabetic, which is considered a disability, but I don't need any special technology for that. The point here is, there are many kinds of disability, and different people need different forms of assistance to work around them. There's no way this can fit into a One Size Fits All package, although I'd not be at all surprised to learn that that's exactly what Google is trying to do.
Good, inexpensive web hosting
I'm unimpressed at Google trying to weed out "casual" users of their accessibility in order to minimize a security issue that's their problem.
How is the security issue 'their problem' ?
Its a catch-22. If I give a screen-reader app access to read my screen when using other apps, then it can read the text my screen... even when I'm looking at my saved passwords in my password app.
If you write an app that asks for accessibility permissions, how do i know it isn't scraping my screen and sending my passwords to your mothership?
You can't 'fix' that. That's the nature of the accessibility functionality. The only thing that is reasonable is what they are doing... looking at the apps that are asking for accessibility permission and verifying that they need it.
At least that way I can't write a flashlight / fart app... give it accessibility support, and rip off your passwords. I'm going to at least have to come up with some actual utility for the accessibility API to justify using those APIs.
If anything, it needs to go further, more granular access to the API, and deeper audits of any programs using them.
could not some of these apps realistically just offer apps outside the Play store?
Yes. There are numerous apps that do exactly this.
My personal opinion is that, given that app stores are designed to cater to people who want to treat their phones as an "appliance" rather than a computer, it makes sense to lock them down tightly enough so that my grandma won't get into trouble if she stays with the app store.
The rest of us, who use our phones as computers, can get our apps outside of that walled garden.
I really can't see any other way to make the phones secure enough for the clueless and still powerful enough for the clueful.
The easiest way that springs to mind is to NOT make the accessibility features of the OS available unless the user specifically asks for them.
That's already how it is. You have to go into settings and flip a switch, which then prompts a scary warning about how the app can pwn your device, which you then have to agree to. Only after all that will the app have these features available. Apparently that is not safe enough?
Why does a screen reader for the blind needs network access?
Because ....
- it uses a cloud service to assist with text to speech.
- it uses a cloud service to sync your settings and preferences between other instances of the screen reader you have on other devices.
- it has a remote assist feature you can invoke to manually send a screenshot to our support team and a human will verify / correct the machine interpretation -- super handy if the screenreader is reading out gibberish and you need help!
- I could go on...
You are a stupid shit, so whether you try (and fail) to learn to program is immaterial.
Google isn't stopping you from using these APIs in your own apps on your own device.
Autofill API: https://blog.lastpass.com/2017...