- 865
- 238
Google is introducing new functionality to improve the security of Android apps. Now, developers can more easily protect users of their apps from surveillance and theft of confidential data. Specifically, Android 16 introduces a new flag—accessibilityDataSensitive.
Android developers described this new feature in their blog post. Malware is known to frequently exploit OS accessibility features ( Accessibility Services ) to intercept passwords and other sensitive information. For example, the Anatsa
banking Trojan and the Copybara malware actively exploit this loophole to steal data from app screens and transmit it to operators. Using the accessibilityDataSensitive flag , developers can mark interface elements that contain sensitive information. Setting this flag to true prevents illegitimate apps with access to Accessibility Services (unless they have the isAccessibilityTool=true flag set) from accessing this data. Google has already implemented this flag in setFilterTouchesWhenObscured . This means that in apps that have already used this method to protect against tapjacking, elements will automatically be considered protected. This adds protection without requiring any effort from developers. Google recommends using either setFilterTouchesWhenObscured or accessibilityDataSensitive for all screens displaying sensitive data—for example, login pages, payment forms, and other elements containing personal information. For more information, see Google's article on tapjacking .
Android developers described this new feature in their blog post. Malware is known to frequently exploit OS accessibility features ( Accessibility Services ) to intercept passwords and other sensitive information. For example, the Anatsa
banking Trojan and the Copybara malware actively exploit this loophole to steal data from app screens and transmit it to operators. Using the accessibilityDataSensitive flag , developers can mark interface elements that contain sensitive information. Setting this flag to true prevents illegitimate apps with access to Accessibility Services (unless they have the isAccessibilityTool=true flag set) from accessing this data. Google has already implemented this flag in setFilterTouchesWhenObscured . This means that in apps that have already used this method to protect against tapjacking, elements will automatically be considered protected. This adds protection without requiring any effort from developers. Google recommends using either setFilterTouchesWhenObscured or accessibilityDataSensitive for all screens displaying sensitive data—for example, login pages, payment forms, and other elements containing personal information. For more information, see Google's article on tapjacking .