Accessibility delegates

      Technique summary
    Technique Accessibility delegates
    Against Malicious accessibility services
    Limitations None
    Side effects Views that use protection based on accessibility delegates, will not be available for legitimate accessibility services as well, which causes reduced functionality for the users relying on accessibility services
    Recommendations Only use for views that users with accessibility needs do not need to work with

    Accessibility delegates in Android are a vital feature for customizing app accessibility. They allow developers to define or improve the accessibility of their views that may not be adequately served by the default accessibility services provided by Android.

    Accessibility delegates can be used to fine-tune defense against malicious accessibility services. For example, malicious accessibility services can access text in Android Views.


    Accessing view text with a11y services

    The defense solution constitutes registering delegates in sensitive views to modify the way accessibility events will originate from those views.

    For example, to prevent accessibility services from accessing the view text, create a class inheriting from View.AccessibilityDelegate, and override the callbacks onPopulateAccessibilityEvent and onInitializeAccessibilityNodeInfo. In these callbacks, modify the text from the AccessibilityEvent object and from the AccessibilityNodeInfo object. This way, the accessibility events will be modified at their source, and no accessibility service will have access to the original text. Note that both callbacks need to be overridden, as each one of them protects against a different type of data recovery.

    public class MyA11yDelegate extends AccessibilityDelegate { // (...) @Override public void onPopulateAccessibilityEvent(View host, AccessibilityEvent event) { super.onPopulateAccessibilityEvent(host, event); if (event.getText().size() > 0) { event.getText().clear(); event.getText().add("CENSORED"); } } @Override public void onInitializeAccessibilityNodeInfo(View host, AccessibilityNodeInfo info) { super.onInitializeAccessibilityNodeInfo(host, info); if (info.getText().toString().length() > 0) { info.setText("CENSORED"); } } }

    Assign the delegate to sensitive views:

    MyA11yDelegate delegate = new MytA11yDelegate(); emailView.setAccessibilityDelegate(delegate); passwordView.setAccessibilityDelegate(delegate);


    Failed view text access


    Table of contents