Android offers an Accessibility Service API that exposes certain system events to apps. The API is incredibly powerful, as it lets apps listen for events such as when a user clicks on a link, views a window, and much more. As its name suggests, the API is only meant for apps that solve an accessibility need, but it has been misused by malicious apps in the past. Due to this, Google once tried to restrict apps from using the API back in 2017. And the company is now trying to do it again.
In the past, malicious apps have used the Accessibility Service API to spy on users by intercepting inputs, tricking them with fake overlays, etc. As a result, Google tried to restrict which apps could use the API in 2017. However, the company faced a ton of backlash for this move from developers whose apps made legitimate use of the API. Google subsequently backtracked on the restriction. A lot has changed since then, and now a lot of the features that apps implemented using the Accessibility Service API have recommended alternatives. Therefore, it seems that Google is finally ready to move forward with restricting its use once again.
In the most recent update to the Google Play policy guidelines, Google has added a new Permissions policy to provide requirements for using the Accessibility API. In a support page regarding the same, the company says that "only services that are designed to help people with disabilities access their device or otherwise overcome challenges stemming from their disabilities are eligible to declare that they are accessibility tools."
As examples, Google lists features like screen readers, switch-based input systems, voice-based input systems, and Braille-based access systems. Other tools that support people with disabilities as their primary purpose are also allowed. Google explicitly states that the following types of apps will not be considered accessibility tools: antivirus software, automation tools, assistants, monitoring apps, cleaners, password managers, and launchers.
The company further highlights that apps that don't meet the new definition of an accessibility tool but wish to use the Accessibility Service API anyway must complete a Permission Declaration Form to receive approval. They must also prominently disclose what data they access or collect, how that data is used and/or shared, and require affirmative user action for consent. While this will undoubtedly cut down on the number of apps that abuse the API for nefarious purposes, it will unfortunately also result in apps removing innovative features that use the API.
This update to the Permissions policy will take effect on October 15, 2021. Developers are required to submit the form mentioned above before the deadline, or Google may remove their app from the Play Store.