Android 14 Beta 1 Has Builtin Protections Against Sneaky Screenreading Malware
Android 14 is packed with tons of new features, and we've been testing the latest since the first public beta launched this week. The update also includes some accessibility improvements, such as better high-contrast text that works with Material You. Unfortunately, the accessibility API is often abused by hackers, such as the notorious Android malware such as Nexus and Cerberus. Fortunately, with Android 14, Google has a new strategy to prevent these bad actors from stealing your personal information.
Accessibility services often rely on APIs to make Android easier for people with disabilities to use by performing multiple operations with less user intervention. Notable examples include Talkback, Voice Access, and Select to Speak, but individual programs may also have their own services.
To accomplish this task, Accessibility Services uses advanced permissions, such as the ability to read screen content from other applications. But the same accessibility API that makes screen readers possible allows Android malware to read and steal two-factor authentication codes. This approach has even compromised the delivery of secure 2FA codes through apps like Google Authenticator.
Android expert Mishal Rahman explained that Android 14 may use a new attribute implementation that prevents potentially malicious login tools from accessing security-critical screens, such as displaying 2FA codes. Android doesn't allow you to easily enable accessibility services for manually downloaded apps outside of the app store. This system does its best to warn users to confirm that they trust the app and really want to install its accessibility services, which will prevent potential misuse of the app. By API hackers.
Rahman notes that the methods for blocking the use of the Accessibility API have changed slightly between Android 14 Developer Preview 2 and the first public beta. While the feature works the same, it's a bit smarter in the new beta, allowing the Android system to determine if the data is sensitive and automatically block access services. There are also some features where app developers can disable accessibility services.
This app allows accessibility features like Talkback to work, but blocks potentially malicious services in downloaded apps that can steal 2FA codes. Autoconfiguration in beta should make Android more secure from the start, even if individual app developers don't try to use the new designs.
While Google deserves credit for its work, it's important to remember that checkout can't help you if you don't manage your Android device. Most security measures are just barriers, and hackers will eventually find another way to attack you. So be careful and always install apps only from trusted sources like Google Play Store and APKMirror.
