Android 17 Beta 2 Blocks Non-Accessibility Apps from Accessibility API

Google is tightening Android security with a new restriction in Android 17 Beta 2 that blocks apps not explicitly classified as accessibility tools from using the AccessibilityService API when Advanced Protection Mode is enabled, Google said.

Advanced Protection Mode, introduced by Google in Android 16, is an opt-in setting that places a device in a heightened security posture to reduce the risk of sophisticated attacks. Google noted developers can detect the mode through the AdvancedProtectionManager API and adapt app behavior accordingly, saying ‘Developers can integrate with this feature using the AdvancedProtectionManager API to detect the mode’s status, enabling applications to automatically adopt a hardened security posture or restrict high-risk functionality when a user has opted in.’

Under the new policy, only verified accessibility tools that declare isAccessibilityTool=”true” will retain access to the AccessibilityService API while Advanced Protection Mode is active. Google specified that screen readers, switch-based input systems, voice-based input tools, and Braille access programs are considered legitimate accessibility tools. Antivirus apps, automation utilities, launchers, password managers, and system cleaners do not qualify, Google added.

Google has warned that AccessibilityService can be abused because it allows apps to read screen content, observe interactions, and perform gestures on a device. To reduce this attack surface, Android 17 will automatically revoke accessibility privileges from non-accessibility apps when Advanced Protection Mode is switched on. Users also will be prevented from granting that permission to apps while the mode remains active, Google said.

Android Authority reported testing the change and found that apps which rely on accessibility access for interface features lose functionality with Advanced Protection enabled. For example, Android Authority tried dynamicSpot, an app that emulates Dynamic Island behavior, on a Pixel 9a running Android 17 Beta 2 and could not grant the app the accessibility permission while Advanced Protection was active. The outlet noted the same app continued to work under Android 16 with Advanced Protection enabled on a different device.

The move is part of a broader trend by Google to balance accessibility needs and platform safety. Google emphasized that apps which properly declare themselves as accessibility services will continue to work as intended. At the same time, the change forces users to choose between stronger protections and the convenience of third-party apps that rely on accessibility capabilities.

Android 17 also introduces a more granular contacts picker, which Google said ‘grants your app read access to only the selected data, ensuring granular control while providing a consistent user experience with built-in search, profile switching, and multi-selection capabilities without having to build or maintain the UI.’ This change aims to limit unnecessary data exposure to apps.

For users concerned about targeted attacks or apps abusing system APIs, enabling Advanced Protection Mode provides an extra layer of defense. However, users should be aware that enabling the mode may break some apps that depend on AccessibilityService functionality, Android Authority cautioned.

As Android 17 moves toward a stable release, the new restriction is likely to appear broadly on devices running the finalized build. Users and developers should review Google’s documentation on Advanced Protection Mode and the AdvancedProtectionManager API to understand the tradeoffs and prepare compatible accessibility tools.

For practical steps on protecting yourself from app-based abuse and other online threats, see the guide on how to protect yourself from cyber-attacks in 10 easy steps.

#Android17 #AndroidSecurity #AdvancedProtectionMode #MobileSecurity