[不作恶]Google将从Play市场下架带无障碍服务的应用
https://www.xda-developers.com/g ... ervices-play-store/不少知名应用使用了无障碍服务的API来实现功能,例如记录按键、例如音量键切歌、提供额外的导航键,等等。该现状或将不再,Google Play市场团队正以email通知开发者,除非遵循官方指引,否则他们将不被允许使用无障碍服务API。
XDA这文详细解释了该类API为何能实现强大功能,在此不细说,先说说可能受影响的部分应用名单:
[*]绿色守护(国产) – 通过强制关闭来自动休眠应用,大量同类应用亦然;
[*]Type Machine – 记录键入内容;
[*]Inputting+(国产) – 检测到键盘应用被激活则显示悬浮按钮,也能记录键入内容;
[*]LastPass – 扫描网页上的用户和密码输入栏(Android Oreo之后可用另一套通用API解决);
[*]Swiftly Switch – 实现后退键功能,大量同类应用亦然;
[*]Tasker – 检测特定应用的开启,以此为触发。
个人所知还有冻结类应用的自动冻结功能,搜索Lite的监视剪贴板、屏幕取词等。
具体来说,Google要求相关开发者在30天内移除应用内相关服务的使用需求,否则会被下架,屡犯者会被删除账号。(链接内有Email全文,然而其中部分字眼触发了S1的过滤系统所以……)
除了造成卡顿,上面提到的键录、密码嗅探等功能表明,这些服务API的滥用很容易威胁到用户的安全,例如恶意软件Cloak & Dagger和Toast通知阶层攻击。根据Google自己的说法,无障碍服务的设计初衷是用来帮助残障用户,而上述许多应用并非如此。(手残和脑残也是残啊)
所以Google这次收紧限制不难理解,但对于有需求的用户,这事还是挺遗憾的。 本帖最后由 pgain2004 于 2017-11-13 18:39 编辑
Email原文,原来又是因为带con tent这个词而中招……
Hi Developers at ****,
We’re contacting you because your app, ****, with package name **** is requesting the ‘android.permission.BIND_ACCESSIBILITY_SERVICE.’ Apps requesting accessibility services should only be used to help users with disabilities use Android devices and apps. Your app must comply with our Permissions policy and the Prominent Disclosure requirements of our User Data policy.
Action required: If you aren’t already doing so, you must explain to users how your app is using the ‘android.permission.BIND_ACCESSIBILITY_SERVICE‘ to help users with disabilities use Android devices and apps. Apps that fail to meet this requirement within 30 days may be removed from Google Play. Alternatively, you can remove any requests for accessibility services within your app. You can also choose to unpublish your app.
If you need to make changes to your apps, please follow these steps:
[*]Read through the Permissions and User Data policies for more details, and make sure your app complies with all policies listed in the Developer Program Policies.
[*]If you don’t need the BIND_ACCESSIBILITY_SERVICE permission in your app or the permission is being used for something other than helping users with disabilities use Android devices and apps:
[*]Remove your request for this permission from your app’s manifest.
[*]Sign in to your Play Console and upload your modified, policy-compliant APK.
[*]Or, if you need the BIND_ACCESSIBILITY_SERVICE permission in your app to help users with disabilities use Android devices and apps:
[*]Include the following snippet in your app’s store listing description: “This app uses Accessibility services.”
[*]Provide prominent user-facing disclosure of this usage before asking the user to enable this permission within your app. Your disclosure must meet each of the following requirements:
[*]Disclosure must be provided via the android:summary and android:description elements of the AccessibilityServiceInfo class
[*]Disclosure must describe the functionality that the Accessibility Service permission is enabling for your app. Each feature used with the Accessibility Service request must be declared in your disclosure with justification.
Alternatively, you can choose to unpublish the app.
All violations are tracked. Serious or repeated violations of any nature will result in the termination of your developer account, and investigation and possible termination of related Google accounts.
If you’ve reviewed the policy and feel we may have been in error, please reach out to our policy support team. One of my colleagues will get back to you within 2 business days.
Regards,
The Google Play Review Team
今天看完这个,还是蛮震惊的 http://blog.trendmicro.com/trendlabs-security-intelligence/toast-overlay-weaponized-install-android-malware-single-attack-chain/ 本来这个就权限太高,太危险了
—— 来自 samsung SM-G9350, Android 7.0上的 S1Next-鹅版 v1.3.1.0-play 照这么说,lastpass以后的版本要8.0以上才能用了? 按一楼的解释,lastpass只要在8.0以下版本的安卓去除“扫描网页上的用户和密码输入栏”,也就是自动填充功能就没事,影响不大。虽然我最近已经把手机上的lastpass换成keepass。 这是个马甲 发表于 2017-11-13 19:24
没有绿色守护玩个屁,要我一个个关进程?真傻逼,这下真是不ROOT不能用了
-- 来自 能看大图的 Stage1官 ...
用老版本呗 这是个马甲 发表于 2017-11-13 19:24
没有绿色守护玩个屁,要我一个个关进程?真傻逼,这下真是不ROOT不能用了
-- 来自 能看大图的 Stage1官 ...
只是Play市场下架,又不是关了api,将來绿色守护应该会出个非play版,反正android一直可以直接下apk安裝 黑域也要完了? 哎哟卧槽了 发表于 2017-11-13 21:39
黑域也要完了?
黑域没用这些api
—— 来自 samsung SM-N9500, Android 7.1.1上的 S1Next-鹅版 v1.3.2.1-play 挺好的 九条樱子 发表于 2017-11-13 21:07
标题不对,应该是不助纣为虐,话说锤子的那个专为视障人群开发的功能…… ...
其实是因为我选译时对原文情绪做了不少缓和处理……
原标题是Google is Threatening to Remove Apps with Accessibility Services from the Play Store,概述是Google Sends a Grim Reminder that Developers are at their Mercy。
我说的是遗憾,而原文是It makes sense, but it really sucks because this move will kill the functionality of a lot of innovative apps. 谷歌疯了吧눈_눈没有辅助功能很多应用不就相当于报废了
—— 来自 Sony F5321, Android 7.1.1上的 S1Next-鹅版 v1.3.2.1 本来无障碍API的设计初衷就不是这样,包括绿色守护的使用方式都算钻空子,权限太高太危险了。 Hint 发表于 2017-11-14 00:58
本来无障碍API的设计初衷就不是这样,包括绿色守护的使用方式都算钻空子,权限太高太危险了。 ...
尽管如此,但这次的权限收紧也是有点过分的,因为以前这个服务并不限于给残障人士提供方便:
Google’s developer documents for building an Accessibility Service appear to contradict this new focus by the Google Play Store team. The page has the following wording at the time of this writing:
An accessibility service is an application that provides user interface enhancements to assist users with disabilities, or who may temporarily be unable to fully interact with a device. For example, users who are driving, taking care of a young child or attending a very loud party might need additional or alternative interface feedback.
Furthermore, if you compare the wording on the page to an archived version of the page from July, you’ll find that the note about building Accessibility Services only to assist users with disabilities does not exist.
可以理解谷歌是为了更多人的安全性着想而做的这次更改,但个人以为应该可以采取更加灵活一点的做法,比如根据下载量以及评分(甚至人工方式)来给app做评估,可信的、口碑好的就继续存活,否则就下架 感觉无障碍API的设计挺失败的, 这种级别的权限本来不应该开放给第三方应用
学IOS一样收到系统功能里算了 威尼斯炮舰 发表于 2017-11-14 01:11:49
尽管如此,但这次的权限收紧也是有点过分的,因为以前这个服务并不限于给残障人士提供方便:
Google’s...人工很贵的 还是一刀切
-- 来自 能看大图的 Stage1官方 Android客户端 慕名而来老司机 发表于 2017-11-14 10:12
人工很贵的 还是一刀切
-- 来自 能看大图的 Stage1官方 Android客户端
那就人工智能吧 tasker和绿色守护不让用真是不方便啊 和国内安卓市场没什么关系,大家该驯猴驯猴。 为什么会认为没影响?绿色守护本就只一个付费渠道,PLAY不准上说不定别人就没心情继续维护了呢。
类似的还有TASKER之类。
页:
[1]