| Technique summary | |
| Technique | Accessibility delegates |
| Against | Malicious accessibility services |
| Limitations | None |
| Side effects | Views that use protection based on accessibility delegates, will not be available for legitimate accessibility services as well, which causes reduced functionality for the users relying on accessibility services |
| Recommendations | Only use for views that users with accessibility needs do not need to work with |
Accessibility delegates in Android are a vital feature for customizing app accessibility. They allow developers to define or improve the accessibility of their views that may not be adequately served by the default accessibility services provided by Android.
Accessibility delegates can be used to fine-tune defense against malicious accessibility services. For example, malicious accessibility services can access text in Android Views.
Accessing view text with a11y services
The defense solution constitutes registering delegates in sensitive views to modify the way accessibility events will originate from those views.
For example, to prevent accessibility services from accessing the view text, create a class inheriting from View.AccessibilityDelegate, and override the callbacks onPopulateAccessibilityEvent and onInitializeAccessibilityNodeInfo. In these callbacks, modify the text from the AccessibilityEvent object and from the AccessibilityNodeInfo object. This way, the accessibility events will be modified at their source, and no accessibility service will have access to the original text. Note that both callbacks need to be overridden, as each one of them protects against a different type of data recovery.
Assign the delegate to sensitive views:
Failed view text access
Table of contents
