Abuse Accessibility Features

A malicious app could abuse Android's accessibility features to capture sensitive data or perform other malicious actions[1].

ID: T1453

Tactic Type:  Post-Adversary Device Access

Tactic: Collection, Credential Access

Platform:  Android

Version: 1.1

Mitigations

MitigationDescription
Application VettingEnterprises could perform app vetting before allowing apps to be installed on devices and search for abuse of accessibility features as part of the analysis, or otherwise use mobile app reputation services to search for known malicious apps.
Use Recent OS VersionAndroid 7.0 and higher include additional protections against this technique.

Examples

NameDescription
SpyDealer

SpyDealer abuses Android Accessibility features to steal messages from popular apps such as WeChat, Skype, Viber, and QQ.[2]

References