Google has contacted developers using the Accessibility Service on Android with a pretty clear warning: stop using this service improperly, or we’ll remove your app from the Play Store.
All manner of apps use the Accessibility service for things that they probably shouldn’t, including controlling user input, detecting whether particular things are happening and more. For many users, this is or can be useful. For some apps, it can probably be a bit mischievous.
Developers have been warned that:
We’re contacting you because your app, appName, with package name com.app.name is requesting ‘android.permission.BIND_ACCESSIBILITY_SERVICE’. Apps requesting accessibility services should only be used to help users with disabilities use Android devices and apps. Your app must comply with our Permissions policy and the Prominent Disclosure requirements of our User Data policy.
Action required: If you aren’t already doing so, you must explain to users how your app is using the ‘android.permission.BIND_ACCESSIBILITY_SERVICE’ to help users with disabilities use Android devices and apps. Apps that fail to meet this requirement within 30 days may be removed from Google Play. Alternatively, you can remove any requests for accessibility services within your app. You can also choose to un-publish your app.
If you need to make changes to your apps. please follow these steps:
- Read through the Permissions and User Data policies for more details and make sure your app complies with all policies listed in the Developer Program Policies.
- If you don’t need the BIND_ACCESSIBILITY_SERVICE permission in your app or the permission is being used for something other than helping users with disabilities use Android devices and apps:
- Remove your request for this permission from your app’s manifest
- Sign In to Console and upload your modified, policy-compliant APK.
- Or, if you need the BIND_ACCESSIBILITY_SERVICE permission in your app to help users with disabilities use Android devices and apps:
- Include the following snippet in your app’s store listing description: ”This app uses Accessibility services”
- Provide prominent user-facing disclosure of this usage before asking the user to enable this permission within your app. Your disclosure must meet each of the following requirements:
- Disclosure must be provided via the android:summary and android:description elements of the AccessibilityServiceInfo class.
- Disclosure must describe the functionality that the Accessibility Service permission is enabling for your app. Each feature used with the Accessibility Service request must be declared in your disclosure with justification.
Alternatively, you can choose to unpublish the app.
There’s a number of apps that might be affected, including those that allow users to customise the Bixby button, to display notification icons on custom launchers, and an app called Status which is how this email came to light.
The move from Google’s perspective is hardly surprising. The company has been at pains to secure user data more recently, and the new Android 8 Oreo removal of system overlays is another step in this direction. Google wants to control the functionality that apps can use, and restricting accessibility services is one way in which apps can be made to respect a consistent Android user experience.
Of course, the collateral damage is that some very useful apps for those who like to tweak things a bit further than standard apps allow will no longer be able to work this way.
The development is getting a bit of traction on Reddit, and we’re keen to see where this leads. What are your favourite apps that require an Accessibility Service to do what they do?
This is bad.
There are thousands, if not more, apps that rely on this.
Whether it’s intended for disabled people or not, it has enriched Android is countless ways.
This is why I’ve made a new request about it here:
https://issuetracker.google.com/issues/69211494
Please consider starring it and optionally provide your own insight and ideas.
Password managers also getting this notification: https://github.com/bitwarden/mobile/issues/166
Tasker also uses Accessibility Services for app context control. Though I’m sure they could argue their app can be used for assisting disabled people.
As I understand, all password-filling apps pre-Oreo use this, e.g. LastPass.
On Oreo, they have an API for it. On earlier versions of the OS, you’re right.