Accessibility services allowlisting

Guardsquare recommended technique

	Technique summary
Technique	Accessibility services allowlisting
Against	Malicious accessibility services
Limitations	None
Side effects	Accessibility services that do not belong to the allowlist will not work
Recommendations	Recommended for use combined with other techniques

Simple allowlisting

A simple strategy for application developers to detect potentially malicious applications present on the device can be to list all applications that have enabled accessibility services and check them against a predefined list.

The code in the snippet below will return true if apps that are not in the allowlist are found to have enabled accessibility services:

static boolean hasDisallowedA11yServices(Context context) { Set<String> allowedServices = Set.of( "com.mytrusted.assistant", "com.trusted.package"); AccessibilityManager am =(AccessibilityManager) context.getSystemService(Context.ACCESSIBILITY_SERVICE); List<AccessibilityServiceInfo> services = am.getEnabledAccessibilityServiceList( FEEDBACK_ALL_MASK); for (AccessibilityServiceInfo asi : services) { if (!allowedServices.contains(asi.getId())) return true; } return false; }

fun hasDisallowedA11yServices(context: Context): Boolean { val allowedServices = setOf( "com.mytrusted.assistant", "com.trusted.package" ) val am = context.getSystemService(Context.ACCESSIBILITY_SERVICE) as AccessibilityManager val services = am.getEnabledAccessibilityServiceList( FEEDBACK_ALL_MASK ) for (asi in services) { if (!allowedServices.contains(asi.id)) return true } return false }

Extensions

Guardsquare

Table of contents

Security Research Center

Accessibility services allowlisting

Simple allowlisting

Extensions

Guardsquare