How to Prevent abuse of Android AccessibilityService for compromising Android apps

Learn 3 easy steps to prevent fraudsters from abusing Android AccessibilityService to elevate privileges in order to compromise Android apps, create backdoors, and remotely control Android apps and devices.

What is Android AccessibilityService?

AccessibilityServices are OS settings/features in Android that are designed to help users with disabilities (eg: screen readers, speech to text, touch events). They run in the background and receive callbacks by the system when accessibility events are fired, making them capable of reacting to a state transition in the UI (eg: focus has changed, button was clicked, or content in the active window was queried). These services also typically run with a higher level of administrative privilege. For this reason, AccessibilityServices are often used for different purposes for which they were not intended and targeted by hackers to exploit. When abused, they are used to perform click actions (either to commit click-fraud or to cheat in mobile games), read and write SMS messages and emails, intercept and read Two-Factor Authentication codes, steal cryptocurrency keys, control mobile devices or apps remotely and more.

How to Prevent Abuse of Android AccessibilityService

Appdome is a no-code mobile app security platform designed to add security features, like Detect Accessibility Abuse to any Android app without coding. This KB shows mobile developers, DevSec and security professionals how to use Appdome’s simple ‘click to build’ user interface to quickly and easily prevent Accessibility Abuse.

Appdome Detect AccessibilityService detects installed applications with AccessibilityService permission enabled. If detected, the default behavior is for the protected app to exit/close after displaying a message to the user. Optionally, developers can instrument different enforcement/response actions by using Appdome Threat Events.

3 Easy Steps to Detect Accessibility Abuse in Android apps

Please follow these 3 easy steps to protect Android apps using Detect Accessibility Abuse

Upload an Android App to Appdome’s no code security platform (.apk or .aab)
In the Build Tab, Select Anti-Fraud click on Mobile Fraud Prevention toggle on Detect Accessibility Abuse (shown below)
Click Build My App

detect accessibility abuse

Congratulations! The Android app is now protected against Accessibility Abuse.

Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android apps against Accessibility Abuse. When a user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.

Prerequisites to Detect AccessibilityService

Appdome account (If you don’t have an Appdome account, create a free Appdome account here)
A license to Detect Accessibility Abuse
Mobile App binary
Signing Credentials (e.g., signing certificates and provisioning profile)

No Coding Dependency

Using Appdome, there are no development or coding prerequisites to build secured apps using Detect Accessibility Abuse to prevent mobile fraud. There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, stores, and logic to the app automatically, with no manual development work at all.

How to Sign & Publish Mobile Secured Mobile Apps Using Appdome

After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:

Signing Secure iOS and Android apps
Customizing, Configuring & Branding Secure Mobile Apps
Deploying/Publishing Secure mobile apps to Public or Private app stores

Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome.

How to Learn More

Here are a few related resources:

How to Block Overlay Attacks on Android Apps

How to Prevent Malicious Misuse of Android Debug Bridge (ADB)

Check out the Appdome Mobile Fraud Prevention solution page.

Check out Appdome’s Mobile App Security Suite or request a demo at any time.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Alan Bavosa