As Google clamps down, 'Droid developer warns 'breaking day' is coming
The Chocolate Factory plugs accessibility fudge
Mobile app developers are being forced to rewrite their code as Google attempts to tame Android's Wild West.
The developer of the power management app Greenify has been given 30 days to alter its code by the gatekeepers at Google's Play Store, and stop using Google's accessibility framework.
The framework is used by legitimate utilities to simulate text entry or screen taps, but it's also something nefarious app developers can exploit too. For example, it's used by criminal sites for ad fraud, generating fake clicks without the user being aware of it. This hits Google's bottom line.
Earlier this year, Google threw out an entire class of apps that had been lurking in its Play Store for years over ad fraud.
(Ad blockers have very little take-up on mobile.)
To remedy this, last week Google introduced a formal Autofill framework and said password managers would need to work with Google to certify their apps. The consequences for those who continued to use the accessibility APIs as a kludge were not made explicit in Google's Autofill announcement.
Greenify's Hangzhou-based developer Oasis Feng has explained how the app uses the framework in a blog post. Feng stressed that his use of the accessibility framework is an optimisation and not core to Greenify's functionality.
Greenify only enables its accessibility service during the hibernation operation and disable it immediately afterwards. That means, if no other accessibility service enabled, you will have no performance problem of accessibility service at all while still enjoy the power of Greenify.
However, Feng doubts that the new framework will be effective, and fears for the openness of Android. "I don't know if Google Play team represents the attitude of Android team at Google. If so, it will then be the breaking day for all Android developers, when Google starts to use its power to judge the 'proper use' of Android API, even if it's not used by malware," he writes.
Until 2014, Greenify required root access. The app sends power-guzzling apps into hibernation, and could also block wakelocks – the signal an application sends the system requesting that the phone or tablet stays powered on. Greenify is less of a necessity these days as the system is more aggressive with its power management.
Google has some justification in trying to plug an obvious attack vector, and its Apple-like solution ("work with us or we'll ban you") causes iOS users few problems. But Android devs used to the system's greater freedom may point out that Android just got a little less open than it used to be.
Do you think Feng's "breaking day" is coming? ®
Sponsored: Becoming a Pragmatic Security Leader