Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse
Google is implementing a new security feature in Android 17 Beta 2 within Advanced Protection Mode (AAPM) that blocks non-accessibility apps from accessing the accessibility services API to prevent malware abuse. The restriction automatically revokes existing accessibility permissions when AAPM is enabled, exempting only verified accessibility tools like screen readers and voice input systems. This addresses widespread exploitation of the API by threat actors to steal sensitive data from compromised Android devices.
Summary
Google is implementing a new security feature in Android 17 Beta 2 within Advanced Protection Mode (AAPM) that blocks non-accessibility apps from accessing the accessibility services API to prevent malware abuse. The restriction automatically revokes existing accessibility permissions when AAPM is enabled, exempting only verified accessibility tools like screen readers and voice input systems. This addresses widespread exploitation of the API by threat actors to steal sensitive data from compromised Android devices.
Full text
Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse Ravie LakshmananMar 16, 2026Mobile Security / Data Protection Google is testing a new security feature as part of Android Advanced Protection Mode (AAPM) that prevents certain kinds of apps from using the accessibility services API. The change, incorporated in Android 17 Beta 2, was first reported by Android Authority last week. AAPM was introduced by Google in Android 16, released last year. When enabled, it causes the device to enter a heightened security state to guard against sophisticated cyber attacks. Like Apple's Lockdown Mode, the opt-in feature prioritizes security at the cost of diminished functionality and usability so as to minimize the attack surface. Some of the core configurations include blocking app installation from unknown sources, restricting USB data signaling, and mandating Google Play Protect scanning. "Developers can integrate with this feature using the AdvancedProtectionManager API to detect the mode's status, enabling applications to automatically adopt a hardened security posture or restrict high-risk functionality when a user has opted in," Google noted in its documentation outlining Android 17's features. The latest restriction added to the one-tap security setting aims to prevent apps that are not classified as accessibility tools from being able to leverage the operating system's accessibility services API. Verified accessibility tools, identified by the isAccessibilityTool="true" flag, are exempted from this rule. According to Google, only screen readers, switch-based input systems, voice-based input tools, and Braille-based access programs are designated as accessibility tools. Antivirus software, automation tools, assistants, monitoring apps, cleaners, password managers, and launchers do not fall under this category. While AccessibilityService has its legitimate use cases, such as assisting users with disabilities in using Android devices and apps, the API has been extensively abused by bad actors in recent years to steal sensitive data from compromised Android devices. With the latest change, any non-accessibility app that already has the permission will have its privileges automatically revoked when AAPM is active. Users will also not be able to grant apps permissions to the API unless the setting is turned off. Android 17 also comes with a new contacts picker that allows app developers to specify only the fields they want to access from a user's contact list (e.g., phone numbers or email addresses) or allow users to share certain contacts with a third-party app. "This grants your app read access to only the selected data, ensuring granular control while providing a consistent user experience with built-in search, profile switching, and multi-selection capabilities without having to build or maintain the UI," Google said. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE Tweet Share Share Share SHARE Accessibility, Android, cybersecurity, data protection, Google, Malware, mobile security, operating system, Privacy Trending News ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 ⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack and Vibe-Coded Malware ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine and More Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday Popular Resources Self-Hosted WAF: Block SQLi, XSS, and Bots Before They Reach Your Apps 19,053 Confirmed Breaches in 2025 – Key Trends and Predictions for 2026 Read CYBER360 2026: From Zero Trust Limits to Data-Centric Security Paths Identity Controls Checklist: Find Missing Protections in Apps