With Android 13, Google will implement a change prohibiting the Accessibility APIs from being abused by sideloaded applications. Through the use of the “Restricted Setting” function, the user will be prevented from activating the accessibility service for potentially harmful apps. Once it’s been determined that an app fits this description, the Accessibility settings for that app will be rendered inaccessible, and users will be presented with a “Restricted setting” prompt indicating that the setting cannot be accessed at this time.
The discovery was made by Esper’s Mishaal Rahman, who shared the news on Twitter. He stated that the feature also prevents users from enabling the Notification Listener of said application, whose API would normally give that app the ability to intercept and interact with all notifications on behalf of the user. This can be extremely troubling if a malicious app gains access and is, in turn, able to read all incoming messages, including ones that include sensitive information. Android 13 will thankfully not let that happen – at least for sideloaded apps.
This restriction will not apply to applications downloaded from app stores because most app stores employ the session-based package installer. Therefore, only apps that users sideload from websites or sources other than app stores, such as a web browser or a chat app, will be blocked. This is a very important distinction and protection for Android users who do not consider themselves power users and are susceptible to unknowingly installing malware. It’s good to see Android tightening security measures as more mainstream users transition into the platform.
Source: XDA Developers
Original Source by [author_name]