Google is testing a new cybersecurity feature in Android 17 that restricts how apps can access the operating system’s Accessibility API—an update aimed at preventing malware from exploiting the system.
The security change, currently available in Android 17 Beta 2, is part of the platform’s strengthened protection tools designed to reduce cyberattack risks on mobile devices.
New Restrictions on Accessibility Services
The update is tied to Android Advanced Protection Mode (AAPM), a high-security setting first introduced in Android 16. When enabled, the feature places devices in a hardened security state to defend against sophisticated cyber threats.
Under the new rule, only verified accessibility tools will be allowed to use the Accessibility API while Advanced Protection Mode is active.
Approved accessibility tools include:
- Screen readers
- Switch-based input systems
- Voice-based accessibility tools
- Braille-based access programs
Apps outside these categories—such as antivirus software, automation tools, launchers, cleaners, and password managers—will no longer be able to access the API while the protection mode is turned on.
Why Google Is Tightening the Rules
The Accessibility API was originally designed to help people with disabilities interact with Android devices more easily. However, cybersecurity researchers have warned that malicious apps frequently exploit the feature.
Attackers can abuse accessibility permissions to:
- Monitor user activity
- Capture passwords or sensitive data
- Control device functions remotely
With the new update, any non-accessibility app that previously had access will automatically lose the permission if Advanced Protection Mode is enabled. Users will also be unable to grant such access unless the protection feature is turned off.
Stronger Security, With Some Trade-Offs
Like Lockdown Mode in Apple devices, Android’s Advanced Protection Mode prioritizes security over convenience.
When activated, the feature can also:
- Block installations from unknown sources
- Restrict USB data transfers
- Require scanning through Google Play Protect
Developers can detect when the feature is active using the AdvancedProtectionManager API and automatically adjust their apps’ functionality to meet the stricter security requirements.
New Privacy Control for Contacts
In addition to the accessibility restrictions, Android 17 introduces a new contact picker system that gives users greater control over personal data.
The feature allows apps to request only specific contact fields—such as phone numbers or email addresses—instead of accessing the entire contact list. Users can also choose individual contacts to share with third-party apps.
Google says the update improves privacy while providing developers with a consistent interface that includes search, profile switching, and multi-selection options.
Strengthening Android’s Security Ecosystem
With cybercriminals increasingly targeting mobile devices, these changes signal a broader effort by Google to tighten Android’s security architecture.
By limiting access to sensitive system features and introducing more granular privacy controls, Android 17 aims to reduce the opportunities for malware to exploit legitimate tools built into the operating system.
