Slashdot Mirror
Google To Kill a Bunch of Useful Android Apps That Rely On Accessibility Services (androidpolice.com)
Slashdot reader Lauren Weinstein writes from a blog: My inbox has been filling today with questions regarding Google's new warning to Android application developers that they will no longer be able to access Android accessibility service functions in their apps, unless they can demonstrate that those functions are specifically being used to help users with "disabilities" (a term not defined by Google in the warning). Beyond the overall vagueness when it comes to what is meant by disabilities, this entire approach by Google seems utterly wrongheaded and misguided. "While the intended purpose is for developers to create apps for users with disabilities, the API is often used for other functionality (to overlay content, fill in text fields, etc.)," reports Android Police. "LastPass, Universal Copy, Clipboard Actions, Cerberus, Signal Spy, Tasker, and Network Monitor Mini are just a few examples of applications heavily using this API." It's likely Google is cracking down on apps that use Accessibility Services due to the security risks they pose. "Once granted the right permissions, the API can be used to read data from other apps," reports Android Police.
The developer of BatterySaver received the following message from Google:
We're contacting you because your app, BatterySaver System Shortcut, with package name com.floriandraschbacher.batterysaver.free is requesting the 'android.permission.BIND_ACCESSIBILITY_SERVICE.' Apps requesting accessibility services should only be used to help users with disabilities use Android devices and apps. Your app must comply with our Permissions policy and the Prominent Disclosure requirements of our User Data policy.
Action required: If you aren't already doing so, you must explain to users how your app is using the 'android.permission.BIND_ACCESSIBILITY_SERVICE' to help users with disabilities use Android devices and apps. Apps that fail to meet this requirement within 30 days may be removed from Google Play. Alternatively, you can remove any requests for accessibility services within your app. You can also choose to unpublish your app.
Alternatively, you can choose to unpublish the app. All violations are tracked. Serious or repeated violations of any nature will result in the termination of your developer account, and investigation and possible termination of related Google accounts.
If you've reviewed the policy and feel we may have been in error, please reach out to our policy support team. One of my colleagues will get back to you within 2 business days.
Regards,
The Google Play Review Team
The developer of BatterySaver received the following message from Google:
We're contacting you because your app, BatterySaver System Shortcut, with package name com.floriandraschbacher.batterysaver.free is requesting the 'android.permission.BIND_ACCESSIBILITY_SERVICE.' Apps requesting accessibility services should only be used to help users with disabilities use Android devices and apps. Your app must comply with our Permissions policy and the Prominent Disclosure requirements of our User Data policy.
Action required: If you aren't already doing so, you must explain to users how your app is using the 'android.permission.BIND_ACCESSIBILITY_SERVICE' to help users with disabilities use Android devices and apps. Apps that fail to meet this requirement within 30 days may be removed from Google Play. Alternatively, you can remove any requests for accessibility services within your app. You can also choose to unpublish your app.
Alternatively, you can choose to unpublish the app. All violations are tracked. Serious or repeated violations of any nature will result in the termination of your developer account, and investigation and possible termination of related Google accounts.
If you've reviewed the policy and feel we may have been in error, please reach out to our policy support team. One of my colleagues will get back to you within 2 business days.
Regards,
The Google Play Review Team
Google is going to kill a bunch of disabled people with Androids? What?
As someone who is disabled and depending on speech recognition, I've often wondered how to reconcile the need for security with accessibility systems need for deep access into applications. I think the industry is taking the approach of telling disabled people "sucks to be you, go make a living selling pencils on the street corner".
Deep access is needed because the information present in a GUI is insufficient for building grammars speech recognition environments. But even if we could live with the GUI, accessibility needs are wide open holes in system security. When you're disabled, you need to automate common tasks and you need to make decisions about state of the application in order to do the right thing. For example, if I want to download bank statements from the bank, I should be able to automate and automate naming the given PDF the right name but I can't. However giving me that capability would transfer enormous power not just to me but to any attacker.
It's time to start spending all of those tech billions to sending disabled people to that happy farm in the country where your parents sent your dog when it got old. I'm all for this cause I'm tired of arguing with developers about why accessibility is a needed and important part of giving a disabled person independent and satisfying life.
No, what they're really doing is making Android more secure.
After your emotions settle and your knee-jerk rant that seems equivalent to "Bwaaaaa they're taking away my favorite app! QQ", you might eventually realize that removing gaping security holes is a good thing.
Google seems to be saying "tell us how your app helps access" not sucks to be you.
They're making a small hurdle to have apps distributed in the official store, they don't seem to be eliminating the API or blocking apps that actually are for access.
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
I don't WANT a random app to be able to skirt around not having root access by claiming to need permissions for "Accessibiliy". Google is doing the right thing here, even if the approach may be a bit clumsy or ham-fisted. They were rightly panned a while back (right here on Slashdot) when shown how the Accessibility API could lead to security issues and they dismissed it as "not a bug / working as intended".
Android developers were using an API for purposes it was clearly never intended for. Only now it's understood that those APIs have security implications, so those "clever" hacks may no longer be viable. Google is now working to close those loopholes a bit by making sure app developers justify the use of those APIs, and the response is "Google Evil!" Perfect proof that you can twist *anything* to make it sound nefarious.
Irony: Agile development has too much intertia to be abandoned now.
Perhaps I'd find this sudden concern about security a bit more believable if Google hadn't allowed every app that's come down the pipe since the Stone Age basically to rape whatever device it's installed on. Why does just about every game in the app store "need" access to my contacts, or permission to read my browser history?
I have only one Android device, a tablet. The first thing I did after getting it home was to root it and install CyanogenMod.
I wish I could believe this move by Google meant they intended to reexamine a corporate mindset apparently dedicated to the utter destruction of any vestige of privacy among those using its ubiquitous services.
Sadly, I can harbour no such illusions. That's unfortunate, because this admittedly security-related measure will hurt many people who don't regard themselves as "disabled", but who need easy access to the services affected.
I've calculated my velocity with such exquisite precision that I have no idea where I am.