Thursday, 23 November 2017
Latest news
Main » Toast overlay being used by malicious Android apps to install additional malware

Toast overlay being used by malicious Android apps to install additional malware

15 November 2017

Many developers have built Android apps that rely on the Accessibility Services API for purposes that may not necessarily be specific to helping users with disabilities.

News broke over the weekend that Google was instructing Android developers that don't use Accessibility Services for its intended objective to strip away that functionality from apps. Google's sudden policy change seems like it will also reduce the functionality of myriad useful apps and could outright kill others. Hopefully Google release this solution before they begin pulling apps requiring Accessibility Services from the Play Store.

More news: Denver becomes one of several U.S. cities to ban cat declawing

The apps cited by Trend Micro have been removed from the Play Store.

Google's new policy will hurt a large swath of power-user apps. Luckily, this is Android, so the developers can always just distribute their applications outside of the Play Store through sideloading, but that's not exactly a secure solution for most people - and let's be honest, not being in the Play Store will be the death knell for most developers. Developers have 30 days to meet accessibility services usage requirements.

More news: Blake Shelton named People's 2017 'Sexiest Man Alive'

UCWeb has also claimed that Indian users make up 100 million of its total monthly active users from around the world, with the latter figure reportedly reaching 420 million, per reports from 2016.

"All violations are tracked". Although, the question that remain is how well does UC Browser fare against Google Chrome? "Serious or repeated violations of any nature will result in the termination of your developer account, and investigation and possible termination of related Google accounts", the email reads further. For example, LastPass uses accessibility services to enable their app's password auto-fill functionality.

More news: 25 injured by collision between two trains at Singapore's Joo Koon station

With the accessibility API, apps can access lots of powerful commands that let them function a bit like a system-level app, and the legitimate, non-accessibility uses are nearly endless. So, their credentials can be used for malicious purposes.

Toast overlay being used by malicious Android apps to install additional malware