Android 13 imposes new sideloading restrictions and here’s why it’s a good thing

Long touted as one of the big benefits the Android ecosystem has over rivals like iOS, sideloading is about to get harder when Android 13 debuts, but for a good reason. Google is making sideloading apps safer for the user, and so starting with Android 13 sideloaded apps will not be able to use the Accessibility API on your phone.

The Accessibility API, as its name implies, was actually designed by Google to allow apps to support users with disabilities. However, it’s also a pretty powerful API, which gives an app a lot of administrative privileges over your smartphone such as the ability to view and control the screen as well as view and perform actions on your smartphone. This is great for apps such as TalkBack that reads the screen so that the visually impaired can still use their device, but it’s actually quite dangerous when sideloaded apps get this privilege.

As Esper’s Mishaal Rahman explains, typically when any app that wants to use the Accessibility API will need to go through a number of hoops before being able to get listed on the Google Play Store. For instance, apps developers who want their apps that use the Accessibility API on Android 12 devices will need to complete an extensive permission declaration form by Google, disclose to the user within their app the reasons behind using the Accessibility API and require the user to approve the use of the Accessibility API. One way to bypass these strict restrictions is to actually be an accessibility tool. Alternatively, by getting users to sideload their app, bad actors can get access to the Accessibility API without needing to go through Google’s strict requirements.

However, once Android 13 drops, sideloaded apps that try to request access to the system’s Accessibility API will now be greeted by a pop up dialog box that says it’s a restricted setting which, for your security, is currently unavailable. It’s important to note though that this won’t cover all sideloaded apps, as apps from a legitimate source such as F-Droid won’t be subjected to this, instead only affecting apps installed from APK files that are deemed unsafe by the system. Instead, this targets any potential malware-ridden fake apps by preventing them from being able to read your screen and thus stopping them from getting your details such as passwords, emails and personal data. Considering the rise of scammers using fake apps to target their victims, these new restrictions are perhaps for the best.

This is just the latest tweak Google has made with regards to the Accessibility API too. Just a couple of weeks back, Google made some policy changes that stated remote call audio recording apps are no longer allowed to misuse the Accessibility API for call recording functions, and instead should only be used to support users with disabilities.

[ SOURCE ]