Accessibility services allowlisting

      Technique summary
    Technique Accessibility services allowlisting
    Against Malicious accessibility services
    Limitations None
    Side effects Accessibility services that do not belong to the allowlist will not work
    Recommendations Recommended for use combined with other techniques

    Simple allowlisting

    A simple strategy for application developers to detect potentially malicious applications present on the device can be to list all applications that have enabled accessibility services and check them against a predefined list.

    A list of the activities with enabled accessibility services can be obtained with the code in the snippet below:

    static boolean isAccessibilityServiceAllowed(Context context) { List allowedServices = Arrays.asList("com.mytrusted.assistant", "com.trusted.package"); AccessibilityManager am =(AccessibilityManager) context.getSystemService(Context.ACCESSIBILITY_SERVICE); List services = am.getEnabledAccessibilityServiceList(FEEDBACK_ALL_MASK); for (AccessibilityServiceInfo asi : services) { if (!allowedServices.contains(asi.getId())) return false; } return true; }


    See also:


    Table of contents