According to Android Police reports, Android’s accessibility services are designed to help users with disabilities, but the set of tools is so powerful that other apps often use it to enable compelling features.
Unfortunately, accessibility services are often also portals for malware to take control of phones or gain access to personal data. In Android 13, Google is further cracking down on access to accessibility services, making it harder for sideloaded apps to gain access.
Android 13 introduces new restrictions on sideloading apps that prevent users from granting them access to accessibility services. Given that many phishing and malware attacks are carried out by tricking users into installing APKs from outside the app store, this could make it harder for bad actors to hijack an unsuspecting user’s phone.
Google isn’t completely preventing sideloaded apps from using accessibility services, though. Once in the dialog stating that accessibility services for the app in question are restricted, you can activate access via the “Allow restricted settings” menu entry under the app info screen in the top right corner, so if you’re interested in using a legitimate app Advanced users of program-enhanced phones can still do so.
This appears to be a vulnerability that malicious apps could circumvent by instructing users to enable restricted settings. So it’s still possible that Google will change this behavior before stable Android 13 goes live.
The new rules affect apps that users also have on the Play Store. When we sideloaded an older version of Sleep as Android from APK Mirror, which used accessibility services to prevent turning off the phone when trying to turn off the alarm, the accessibility services could not be enabled, even after updating it to the latest version available through the Play Store.
While users can still access accessibility services in Android 13 Beta 1 using the workaround described earlier, it’s an extra step for those who sideloaded apps to the latest state before the Play Store rollout.
It’s also important to note that Google only restricts sideloading apps. If you use an alternative app distribution platform like F-Droid or the Amazon App Store, you won’t run into accessibility restrictions, and Google may consider apps in the App Store to be at least somewhat screened.
At the same time, by default, apps distributed in the Google Play Store cannot use accessibility services at all, unless they are specifically created for accessibility. While other app developers can go through the lengthy process to prove to Google that their apps have been greatly enhanced by accessibility services, they can still ask for exemptions, but in general, Google strongly discourages the use of accessibility services. In fact, call recording apps are the latest to feel these limitations, and Google no longer allows them to use the accessibility service to record phone calls.