Abuse Accessibility Features
A malicious app could abuse Android's accessibility features to capture sensitive data or perform other malicious actions.
Adversaries may abuse accessibility features on Android devices to evade defenses by repeatedly clicking the "Back" button when a targeted app manager or mobile security app is launched, or when strings suggesting uninstallation are detected in the foreground. This effectively prevents the malicious application from being uninstalled.
Enterprises could perform app vetting before allowing apps to be installed on devices and search for abuse of accessibility features as part of the analysis, or otherwise use mobile app reputation services to search for known malicious apps.
An EMM/MDM can use the Android
|Use Recent OS Version||
Android 7.0 and higher includes additional protections against this technique.