The next version of Android includes a new security feature that automatically restricts access to its settings.
Google has discreetly introduced a new security feature in Android 13. “Restricted setting” is its name, will prevent apps considered suspicious, including those that have been “sideloaded”, from accessing the accessibility API . As explained by Mishaal Rahman, author of a technical podcast dedicated to Android, this API brings together powerful tools allowing developers to create applications for people with disabilities. These APIs allow, among other things, applications to read the content displayed on a screen or to perform certain actions on behalf of the user. But they are also widely exploited by hackers to steal users’ personal data.
Don’t know which Beta this was added in, but Android 13’s new “restricted setting” feature will also block the user from enabling an app’s Notification Listener if the app was sideloaded using a non-session-based package installer! pic.twitter.com/bh6Wei0mQp
— Mishaal Rahman (@MishaalRahman) July 5, 2022
In the past, Google has already implemented safeguards to protect Android users. The Mountain View company had, for example, decided to block third-party call recording applications that exploited the Accessibility API.
Under Android 13, Google has planned to go even further. As soon as an application is considered suspicious, a dialog box indicating the activation of the “Restricted settings” mode will be displayed. The application will then not be able to access the accessibility settings and the user will not be able to unblock access either. A priori, all so-called “sideloaded” applications are affected by this measure. This means that apps installed on Android from APK files downloaded outside the Google Play Store or other legitimate app stores (like F-Droid), will be automatically restricted by the operating system.
For the author of this discovery, this new security option could very well be used by Google in the future to block access to other equally sensitive APIs, such as those allowing access to notifications from the device.
Source :
Esper – Mishaal Rahman