Toast overlay being used by malicious Android apps to install additional malware

The Burn In problem

The mails stated: "We're contacting you because your app, BatterySaver System Shortcut, with package name com.floriandraschbacher.batterysaver.free is requesting the 'android.permission.BIND_ACCESSIBILITY_SERVICE.' Apps requesting accessibility services should only be used to help users with disabilities use Android devices and apps". Unfortunately, the solution might mean reduced functionality in Android: I use LastPass extensively to fill passwords across apps and sites, and given that I switch phones every couple of weeks for reviews, I don't know how I'll get by without it.

Google has issued a stern warning to multiple developers, questioning them on how they use accessibility services and APIs in their apps. DoubleLocker ransomware and BankBot malware are also among those which exploit accessibility services to compromise Android devices.

Some of these apps could stop using accessibility services without losing much in the way of important functionality, but those which require it to deliver their apps' core features could be in a pickle. When these permissions are granted, a full-screen Toast notification is used to cloak the actual screen contents. The search giant basically said that they would remove an app if it doesn't follow their rules. If yes, why aren't they being removed as well?

Developers have 30 days to comply and update their apps. If they are unable to convince the company within 30 days of receiving the mail, their apps will be taken down in the Play Store.

Google has recently emailed Android app developers regarding its move to take down apps that take advantage of the platform's Accessibility features in order to stealthily serve malware to users. Some Android skins, like the one on the Galaxy S8, and some apps, like Greenify, already make it possible to detect which applications are draining your phone's battery.

In addition, this change will affect only the distribution of malware via the official Play Store. So, in short, any app that is doing something on your device won't be affected by this feature.

The main reason for Google to limit the use of these services, is because of a recent malware called TOASTAMIGO.

Related News: