The Accessibility APIs will no longer be used by sideloaded programs in Android 13 due to a change made by Google. “Restricted Setting” prevents the user from enabling the accessibility service for potentially hazardous applications. Users will be provided with a “Restricted setting” prompt when they try to access an app’s Accessibility settings if it has been determined that the app falls within this category.
Mishaal Rahman, an Esper employee, discovered the finding and publicized it on Twitter. That app’s Notification Listener API ordinarily allows it to intercept and interact with all alerts on behalf of the user; but, the feature blocks users from activating that API, according to him. If a rogue software obtains access and is able to view all incoming messages, even those containing sensitive information, this may be highly worrisome. At the very least, for sideloaded applications, Android 13 won’t allow this to happen.
Most app stores utilize the session-based installer, thus this limitation won’t apply to apps downloaded directly from the store. Users may still use online browsers and chat applications, but they will be restricted from installing programs that are not downloaded from official app stores. Android users who don’t consider themselves power users and are at risk of unintentionally downloading malware would appreciate this differentiation and protection. Since Android has become more popular, it’s wonderful to see the company improving its security safeguards.