After all the criticism, which Google Play Store received because of malware apps in Play Store, it has now taken a firm stand to address the security issues. Google is now reviewing all the apps on Play Store to check for those that use Google’s Accessibility Service. The ones found to use these services unnecessarily will be removed from Play Store.
They have already started to contact app developers who use Android’s Accessibility Service, API. This is the copy of the email which app developers are receiving from Google:
Hi Developers at “Company Name”,
We’re contacting you because your app, “app name”, with package name “package name” is requesting the ‘android.permission.BIND_ACCESSIBILITY_SERVICE.’ Apps requesting accessibility services should only be used to help users with disabilities to use Android devices and apps. Your app must comply with our Permissions policy and the Prominent Disclosure requirements of our User Data policy.
Action required: If you aren’t already doing so, you must explain to users how your app is using the ‘android.permission.BIND_ACCESSIBILITY_SERVICE’ to help users with disabilities use Android devices and apps. Apps that fail to meet this requirement within 30 days may be removed from Google Play. Alternatively, you can remove any requests for accessibility services within your app. You can also choose to unpublish your app.
If you need to make changes to your apps, please follow these steps:
- Read through the Permissions and User Data policies for more details, and make sure your app complies with all policies listed in the Developer Program Policies.
- If you don’t need the BIND_ACCESSIBILITY_SERVICE permission in your app or the permission is being used for something other than helping users with disabilities use Android devices and apps:
- Remove your request for this permission from your app’s manifest.
- Sign in to your Play Console and upload your modified, policy-compliant APK.
- Or, if you need the BIND_ACCESSIBILITY_SERVICE permission in your app to help users with disabilities use Android devices and apps:
- Include the following snippet in your app’s store listing description: “This app uses Accessibility services.”
- Provide prominent user-facing disclosure of this usage before asking the user to enable this permission within your app. Your disclosure must meet each of the following requirements:
- Disclosure must be provided via the android:summary and android:description elements of the AccessibilityServiceInfo class
- Disclosure must describe the functionality that the Accessibility Service permission is enabling for your app. Each feature used with the Accessibility Service request must be declared in your disclosure with justification.
Alternatively, you can choose to unpublish the app.
All violations are tracked. Serious or repeated violations of any nature will result in the termination of your developer account, and investigation and possible termination of related Google accounts.
If you’ve reviewed the policy and feel we may have been in error, please reach out to our policy support team. One of my colleagues will get back to you within 2 business days.
The Google Play Review Team
For users who are not much aware about Accessibility services, these are special services meant to help app developers design apps that can help the Android users with disabilities. However, with time many developers started to misuse this provision for their benefit. Until now Google never objected to any developer using these services. Greenify and LastPass are some big names which use Google’s Accessibility Services.
Why The Strictness?
With recent malware attacks, Google has become cautious about these services. These services can be easily used by developers who make malicious apps to extract user data or phishing attack. Cloak and Dagger exploit and Toast Message Overlay attacks are some recent examples which take the advantage of Android’s Accessibility Services for evil means.
How Will This Impact App Developers?
Google has not left option for the developers but to comply with Google’s latest policy. They need to change the way they were using the services as not doing so, will lead to the removal of app from Play Store, along with termination of Google account. Therefore, developers will have to comply with the latest guidelines no matter how much that affects the usability of the app.