[Mobile Application]
Security Research Center
Tracking device admin accessibility services
Guardsquare recommended technique
Technique summary | |
Technique | Tracking decide admin accessibility services |
Against | Malicious accessibility services |
Limitations | None |
Side effects | None |
Recommendations | Recommended for use combined with other techniques for older devices |
This technique is an extension of accessibility services allow-listing.
A common malware workflow pattern is to obtain accessibility service rights, and later also device admin rights. Therefore, a strategy could be to check applications that have both privileges.
This code can be used to enumerate accessibility services:
The next block of code would enumarate device admin apps:
And finally, this block of code will check whether there is any app in both lists:
Guardsquare
Connect with the author
Table of contents