Safety is foundational to Android. We companion with you to maintain the platform protected and shield person knowledge by providing highly effective safety instruments and options, like Credential Supervisor and FLAG_SECURE. Each Android launch brings efficiency and safety enhancements, and with Android 16, you possibly can take easy, important steps to strengthen your app’s defenses. Try our video or proceed studying to be taught extra about our enhanced protections for accessibility APIs.
Shield your app from snooping with a single line of code
The accessibilityDataSensitive flag lets you explicitly mark a view or composable as containing delicate knowledge. While you set this flag to true in your app, you might be basically blocking doubtlessly malicious apps from accessing your delicate view knowledge or performing interactions on it. Right here is the way it works: any app requesting accessibility permission that hasn’t explicitly declared itself as a reliable accessibility instrument (isAccessibilityTool=true) is denied entry to that view.
This easy however efficient change helps to stop malware from stealing info and performing unauthorized actions, all with out impacting customers’ expertise of reliable accessibility instruments. Word: If an app just isn’t an accessibility instrument however requests accessibility permissions and units isAccessibilityTool=true, Play will reject it and Google Play Shield will block it on person gadgets.
Automated, enhanced safety for setFilterTouchesWhenObscured safety
We’ve already built-in this new accessibilityDataSensitive safety performance with the present setFilterTouchesWhenObscured technique.
For those who already use setFilterTouchesWhenObscured(true) to guard your app from tapjacking, your views are routinely handled as delicate knowledge for accessibility. By enhancing the setFilterTouchesWhenObscured technique with accessibilityDataSensitive protections, we’re immediately giving everybody a further layer of protection with no additional work.
Getting began
We suggest that you simply use setFilterTouchesWhenObscured, or alternatively the accessibilityDataSensitive flag, on any display that accommodates delicate info, together with login pages, fee flows, and any view displaying private or monetary knowledge.
For Jetpack Compose
For View-based apps
In your XML structure, add the related attribute to the delicate view.
Alternatively, you possibly can set the property programmatically in Java or Kotlin:
Learn extra concerning the accessibilityDataSensitive and setFilterTouchesWhenObscured flags within the Tapjacking information.
Partnering with builders to maintain customers protected
We labored with builders early to make sure this characteristic meets real-world wants and integrates easily into your workflow.
“We have at all times prioritized defending our clients’ delicate monetary knowledge, which required us to construct our personal safety layer towards accessibility-based malware. Revolut strongly helps the introduction of this new, official Android API, because it permits us to steadily transfer away from our customized code in favor of a strong, single-line platform protection.”
– Vladimir Kozhevnikov, Android Engineer at Revolut
Collectively, we will construct a safer and reliable expertise for everybody.