Apps like LastPass and Tasker could be in danger because of this.
If you've ever used apps like LastPass, Tasker, Clipboard Actions, or Universal Copy, you've likely benefitted from Android's Accessibility Services. Accessibility Services were initially created as a way for app developers to create special tools and features to make their applications or games easier to use for those with disabilities, but certain titles have been tapping into Accessibility Services to allow for features that all users can take advantage of.
Unfortunately, according to emails that Google is sending out to numerous developers whose apps use Accessibility Services, some changes will need to be made soon.
In emails that these developers are receiving, Google states that applications using Accessibility Services should only make use of the system if they're directly benefiting those that have disabilities. Developers are told that they need to explain how using the service benefits these users, and if they don't meet requirements Google has created, their apps stand to be removed from the Play Store.
Within the email under the subtitle of "Action required", Google states –
If you aren't already doing so, you must explain to users how your app is using the 'android.permission.BIND_ACCESSIBILITY_SERVICE' to help users with disabilities use Android devices and apps. Apps that fail to meet this requirement within 30 days may be removed from Google Play. Alternatively, you can remove any requests for accessibility services within your app. You can also choose to unpublish your app.
Along with this, Google continues by saying that "serious or repeated violations of any nature will result in the termination of your developer account, and investigation and possible termination of related Google accounts."
As someone that uses LastPass's App Fill feature on a daily basis, this is worrisome news. Users on Reddit have expressed plenty of concern over this move, and while this concern is justified, Joao Dias (the developer of AutoTools) told Android Police that Google's statement on this is too vague to be taken literally at the moment.
Google has yet to respond to the complaints following this news, but we'll be sure to let you know if/when they do.
Reader comments
Apps using Accessibility Services improperly could be removed from the Play Store
Don't they even dare to touch Join..
Why? What difference would it make? The information is there, so why not let anyone use it that wants to? It's not like parking in a handicap space at a grocery store, it's not like this is preventing other services from using it at the same time??
There have been a number of malware apps that have used the Accessibility Services system to steel passwords and data. Googles most likely going to lock them the hell down requiring manual review of any apps that want to use the API and only let it used for intended reason. I think The new autofill api that last pass uses in oreo in place of Accessibility Services and the google assistant routines are going to be filling in some of the holes. but this will only be on Oreo phones. Older phones are going to get screwed.
It's a bad idea to continue to let developers create apps that use Accessibility Services for apps that are not actually targeted at accessibility. It creates a system in which users get used to giving apps accessibility permission, which is something that can be a security vulnerability.
They could just have a second version of the app not listed in the play store you could sideload. In the Play Store app they could just show a link with an explanation of how to sideload it and it would work just fine for these special case apps like Lastpass. They're popular enough that it probably wouldn't even hurt the download numbers.
Not sure there is anything to see here as doesn't Oreo have a new function that addresses this for apps such as password managers?
Oreo is only installed on 0.2% of devices right now. So people like LastPass would be alienating a lot of customers if they only switched over to the AutoFill framework in Oreo.
Yeah, but like someone pointed out above, I can see how accessibility could be missed for malicious intent. I permit Nova Launcher and RoboForm to use accessibility because I like the apps but at the same time it does send a shiver up my spine because I always speculated they could be compromising my security. I like the fact that Oreo is adding form filling and that Google is going to clamp down on accessibility.
Well, I will make backups of the apps I have installed right now. Just in case Google goes ahead and, God forbid, bans Tasker, or LastPass, or...! Once I have the apks Google can do whatever they want to.
I have a hard time believing that Google would pull legitimate apps like LastPass, Dashlane, etc. Perhaps some other utility type apps that are on the fringe maybe, but not mainstream ones.
"Apps using Accessibility Services "
Apps abusing Accessibility Services would be more appropriate in my opinion. In my opinion it's a necessary step because those apps often have a horrible impact on the device performance or are even a security risk.
Lastpass asks for so many permissions its outrageous. why does a password manager need location services?? compare this to 1password and you see why google is getting tough of developers.
So they should tackle LastPass and not blanket destroy password managers.
Maybe Google is planning to release a password manager and not just in chrome.
The biggest danger is app developers releasing their working app as a sideloader, bypassing the store altogether and getting users used to sideloading. Changing attitudes to thinking it normal to sideloade, or even just moving that switch to allow it, is altogether way more dangerous than having apps downloaded through the play store.