Accessibility Service Detection
| Plan | Platforms | MASVS |
|---|---|---|
| Team | Android | MASVS-PLATFORM-3 |
Overview
Accessibility Service Detection identifies suspicious Android accessibility services that may be able to observe screen content, inject input, automate actions, or manipulate user workflows. Legitimate accessibility services are essential for many users, so this control is designed to focus on suspicious service behavior rather than blocking accessibility broadly.
When suspicious accessibility risk is detected, AppTego applies your configured response.
When To Use It
Use this control for:
- Banking, wallet, trading, lending, healthcare, identity, or enterprise apps.
- Apps that display credentials, OTPs, account data, or approval screens.
- Workflows vulnerable to automated taps, phishing overlays, or unauthorized form completion.
- Risk scoring where suspicious accessibility services should trigger step-up or restrictions.
How It Works
The protected app monitors enabled Android accessibility services and evaluates them for suspicious characteristics associated with abuse, automation, or runtime manipulation. AppTego intentionally does not publish package substrings, service identifiers, monitoring cadence, or matching logic in public documentation.
The control does not disable accessibility services on the device. It provides detection and response so the app can guide or restrict the session based on your policy.
How to Enable the Control
Navigate to Detection & Response from the AppTego portal, and expand the Screen And Input Detection section. Under this section you will find the Accessibility Service Detection control. Click Enable Configuration, choose the response action, and save the configuration for the next build or for it to be applied with a live push (if enabled).
API Configuration Example
{
"AccessibilityServiceDetectionResponse": {
"detection": true,
"action": "alert",
"title": "Accessibility Risk Detected",
"message": "A suspicious accessibility service may be active on this device.",
"buttons": ["OK"],
"actions": ["close"],
"redirects": [""]
}
}| Field | Purpose |
|---|---|
detection | Enables or disables suspicious accessibility service detection. |
action | Selects the response style, such as alert, close, log, or warn. |
title / message | User-facing text shown when a response is displayed. |
buttons / actions / redirects | Defines the available response buttons and their outcomes. |
Compatibility Notes
- Do not treat all accessibility use as suspicious. Screen readers, switch access, voice access, and assistive tools are legitimate and often legally important.
- Password managers and enterprise accessibility tooling may be expected in some environments.
- Start with logging if you need to understand your users' accessibility-service mix before enforcing restrictions.
- Pair this control with Overlay Detection, Screen Recording Detection, and Clipboard Protection for stronger UI abuse coverage.