To stop malware from getting into Android 17, it blocks apps that arent accessible from the Accessibility API.

Google is trying out a new security feature in Android Advanced Protection Mode (AAPM) that stops some apps from using the accessibility services API This article explores protection mode aapm. . Android Authority was the first to report on the change, which was added to Android 17 Beta 2 last week.

Google added AAPM to Android 16, which came out last year. When turned on, it puts the device in a higher security state to protect it from advanced cyber attacks. The opt-in feature, like Apple's Lockdown Mode, puts security first, even if it makes the device less useful and functional, in order to reduce the attack surface. Some of the main settings are to stop apps from being installed from unknown sources, limit USB data signaling, and require Google Play Protect scanning.

Google's documentation on Android 17's features says, "Developers can use the AdvancedProtectionManager API to check the mode's status, which lets apps automatically take on a more secure posture or limit high-risk functionality when a user has opted in." The most recent change to the one-tap security setting is meant to stop apps that are not accessibility tools from using the operating system's accessibility services API. This rule doesn't apply to verified accessibility tools, which are marked with the isAccessibilityTool="true" flag.

Google says that only screen readers, switch-based input systems, voice-based input tools, and Braille-based access programs are accessibility tools.

This does not include antivirus software, automation tools, assistants, monitoring apps, cleaners, password managers, or launchers. AccessibilityService is useful for helping people with disabilities use Android devices and apps, but in recent years, bad actors have used the API a lot to steal sensitive data from Android devices that have been hacked. With the most recent change, any app that isn't accessibility-related and already has permission will automatically lose its privileges when AAPM is on.

Users won't be able to give apps access to the API either, unless they turn off the setting.

Android 17 also has a new contacts picker that lets app developers choose which fields from a user's contact list they want to access (like phone numbers or email addresses) or lets users choose certain contacts with a third-party app. "This lets your app read only the data you choose, giving you fine-grained control while also giving users a consistent experience with built-in search, profile switching, and multi-selection features without having to build or maintain the UI," Google said.