upnorth

Level 29
Content Creator
Trusted
Verified

Quote : " We showed how modern mobile malware can evade detection by malware scanners that rely on signatures, static and dynamic analysis approaches. Then, we uncovered a working Android malware PoC that can persistently monitor all of a victim’s activity, and allow attackers to read and possibly compose corporate emails and documents via the victim’s device, as well as elevate their permissions to remotely encrypt or wipe the device.

One of the most interesting traits of this kind of malware is its low footprint: it does not require rooting the device and asks for limited permissions upon installation. Yet, this malware is able to circumvent many of the protections that most users assume are reliably protecting their Android devices and compromise corporate resources used via the device. "

Source : “Accessibility Clickjacking” - The Next Evolution in Android Malware that Impacts More Than 500 Million Devices » Skycure

That's a reson why you should think twice about turn on Accessibility even if it's a long process as shown here :


Getting malicious apps available on Google app store is a totaly different question/topic...
 

Spawn

Administrator
Staff member
Verified
I was about to post a thread about "Do not use Accessibility Services on Android", then I saw your thread.

Full Article: Android device encryption user interface flaw

TL;DR:
Don't get tempted by any app asking you to enable its Accessibility Service. It will change your encryption password to the Android default one allowing everyone to decrypt the "encrypted" data. The PIN you enter at powering on your device may not be used for encryption at all - without a warning given.

If you use encryption on your Android device, follow these steps now:
  1. Open up the Accessibility settings menu.
  2. If a Accessibility Service is listed there at the top, disable it.
  3. Change your screen lock PIN/password/pattern whatever to reset the encryption password. Make sure to tick the "Require PIN to start device" option.

Above is one of the reason why I switched back to Bitdefender Free from AVAST Mobile Security, your Android AV app may impose a security risk to your Encrypted Android device. Think twice before enabling Accessibility Services for any app including your Antivirus for Android.
 
  • Like
Reactions: LabZero and upnorth

jamescv7

Level 61
Trusted
Verified
That feature is already big problem or loss, since its easy to create malware with the help of recording key strokes. A complement reason to choose another alternative mobile OS if you are concern on security.