Request pricing
En
    Request pricing

    Login

      Accessibility services allowlisting

        Technique summary
      Technique Accessibility services allowlisting
      Against Malicious accessibility services
      Limitations None
      Side effects Accessibility services that do not belong to the allowlist will not work
      Recommendations Recommended for use combined with other techniques

      Simple allowlisting

      A simple strategy for application developers to detect potentially malicious applications present on the device can be to list all applications that have enabled accessibility services and check them against a predefined list.

      A list of the activities with enabled accessibility services can be obtained with the code in the snippet below:

      static boolean isAccessibilityServiceAllowed(Context context) { List allowedServices = Arrays.asList("com.mytrusted.assistant", "com.trusted.package"); AccessibilityManager am =(AccessibilityManager) context.getSystemService(Context.ACCESSIBILITY_SERVICE); List services = am.getEnabledAccessibilityServiceList(FEEDBACK_ALL_MASK); for (AccessibilityServiceInfo asi : services) { if (!allowedServices.contains(asi.getId())) return false; } return true; }

      Extensions

      See also:

      Guardsquare

      Table of contents