Google has taken a bold step to protect users' privacy and security by limiting what apps can use an Accessibility Service. This move aims to curb malicious apps that have misused this powerful API in the past, compromising user experience.

The Android Accessibility Service API is incredibly potent, allowing apps to tap into system events like clicks, views, and more. Initially designed for accessibility-focused apps, it has been exploited by bad actors to spy on users or trick them with fake overlays. In response, Google initially tried to restrict access in 2017 but faced backlash from developers whose legitimate apps relied on the API. After reconsidering, they chose not to enforce the restriction, allowing the abuse to continue.

Fast forward to today, and a significant shift has occurred. Many features that previously relied on the Accessibility Service API now have recommended alternatives. With this change in landscape, Google is once again looking to restrict the API's use to ensure app user experience doesn't suffer at the hands of malicious apps.

Google's recent update to the Play policy guidelines introduces a new Permissions policy, outlining requirements for using the Accessibility API. According to their support page, only services designed to help people with disabilities access their device or overcome challenges related to their disabilities are eligible to declare themselves accessibility tools. Examples of legitimate use cases include screen readers, switch-based input systems, and voice-based input systems.

Google explicitly highlights that certain types of apps will not be considered accessibility tools, such as antivirus software, automation tools, assistants, monitoring apps, cleaners, password managers, and launchers. These non-compliant apps must complete a Permission Declaration Form to receive approval, which requires them to disclose data access, usage, and sharing, as well as obtain affirmative user consent.

While this update will undoubtedly reduce the number of malicious apps abusing the API, it may also lead some apps to remove innovative features that rely on the API. The new policy takes effect on October 15, 2021, and developers are required to submit the form mentioned above before the deadline or risk having their app removed from the Play Store.

By restricting abusive app behavior, Google is committed to enhancing user experience and promoting a safer online environment for everyone.