Accessibility services allowlisting

  Technique summary
Technique Accessibility services allowlisting
Against Malicious accessibility services
Limitations None
Side effects Accessibility services that do not belong to the allowlist will not work
Recommendations Recommended for use combined with other techniques

Simple allowlisting

A simple strategy for application developers to detect potentially malicious applications present on the device can be to list all applications that have enabled accessibility services and check them against a predefined list.

The code in the snippet below will return true if apps that are not in the allowlist are found to have enabled accessibility services:

static boolean hasDisallowedA11yServices(Context context) { Set<String> allowedServices = Set.of( "com.mytrusted.assistant", "com.trusted.package"); AccessibilityManager am =(AccessibilityManager) context.getSystemService(Context.ACCESSIBILITY_SERVICE); List<AccessibilityServiceInfo> services = am.getEnabledAccessibilityServiceList( FEEDBACK_ALL_MASK); for (AccessibilityServiceInfo asi : services) { if (!allowedServices.contains(asi.getId())) return true; } return false; } fun hasDisallowedA11yServices(context: Context): Boolean { val allowedServices = setOf( "com.mytrusted.assistant", "com.trusted.package" ) val am = context.getSystemService(Context.ACCESSIBILITY_SERVICE) as AccessibilityManager val services = am.getEnabledAccessibilityServiceList( FEEDBACK_ALL_MASK ) for (asi in services) { if (!allowedServices.contains(asi.id)) return true } return false }

Extensions

See also:

Guardsquare

Table of contents