With Android 13, Google will implement a change prohibiting accessibility APIs from being misused by downloaded apps. Through the use of the “Restricted Settings” function, the user will not be able to activate the accessibility service for potentially dangerous applications. Once it has been determined that an application matches this description, this app’s accessibility settings will be made inaccessibleand users will see a “Setting Restricted” prompt indicating that the setting is not accessible at this time.
The discovery was made by Esper’s Mishaal Rahman, who shared the news on Twitter. He said the feature also prevents users from activating said app’s notification listener, whose API would normally give that app the ability to intercept and interact with all notifications on the user’s behalf. It can be extremely disturbing if a malicious application gains access to it and is, in turn, able to read all incoming messages, including those containing sensitive information. Thankfully, Android 13 won’t let that happen — at least for sideloaded apps.
This restriction will not apply to apps downloaded from app stores because most app stores use session-based package installer. Therefore, only apps that users load from websites or sources other than app stores, such as a web browser or chat app, will be blocked. This is a very important distinction and protection for Android users who do not consider themselves power users and are likely to install malware unknowingly. It’s good to see Android beefing up security measures as more and more mainstream users switch to the platform.
Source: XDA Developers