Android 13’s Restricted setting feature will block malicious apps from accessing your notifications

Android 13’s Restricted setting feature will block malicious apps from accessing your notifications

Google is introducing a change with Android 13 that will prevent sideloaded apps from abusing the Accessibility APIs. The Restricted Setting feature will block the user from enabling the accessibility service for malicious applications. Upon identifying such an app, the Accessibility settings for that app will become inaccessible, and users will see a “Restricted setting” dialog stating that the setting is currently unavailable. But that’s not all there is to the new feature.

According to Mishaal Rahman, the Restricted setting feature will also block users from enabling an app’s Notification Listener. For the unaware, Android’s NotificationListenerService API lets apps intercept and interact with all notifications on a user’s behalf. If a malicious app gets access to the API, it can read all incoming notifications and get access to sensitive information. Android 13’s Restricted setting feature prevents that for all apps sideloaded using a non-session-based package installer.

XDA VIDEO OF THE DAY

Since most app stores use the session-based package installer, this restriction won’t apply to apps downloaded from app stores. It will only block apps that users sideload from outside of app stores, like through a browser or messaging app. However, there is a workaround to prevent the feature from blocking access for sideloaded apps.

Rahman notes that it’s “possible to acknowledge the restricted setting dialog and then re-enable access” to the Accessibility settings. You can learn more about the workaround in this blog post.


Featured image credit: Mishaal Rahman

About author

Pranob Mehrotra
Pranob Mehrotra

A Literature and Linguistics graduate with a keen interest in everything Android. When not writing about tech, Pranob spends most of his time either playing League of Legends or lurking on Reddit.

We are reader supported. External links may earn us a commission.