Google is testing a new Android 17 security control that blocks certain non-accessibility apps from using the Accessibility Services API when Android Advanced Protection Mode (AAPM) is enabled. The change appears in Android 17 Beta 2 and was first reported by Android Authority, with further details published by The Hacker News.
The feature targets a long-running Android abuse path. Accessibility services are designed for assistive technologies, but malware has repeatedly used them to read on-screen content, simulate taps, approve prompts, and automate actions inside other apps. That has made the framework a common tool for banking trojans, spyware, and fraud operations that rely on user-enabled permissions rather than OS exploits.
AAPM was introduced in Android 16 as a hardened mode for users who need stronger device protections. In Android 17 Beta 2, Google appears to be extending that model by restricting accessibility access to apps with a legitimate assistive purpose, reducing the ability of unrelated apps to request or retain one of Android’s most powerful capabilities. No CVE is tied to the change because it is a platform hardening measure, not a fix for a single vulnerability.
The impact could be meaningful for mobile threat defense. Accessibility abuse has been one of the easiest ways for Android malware to bypass consent screens and interfere with banking, messaging, and authentication apps. Blocking that path under AAPM may reduce the success rate of mobile fraud and force attackers toward noisier techniques that are easier to detect. For enterprises, the feature may also make AAPM more attractive for executives, journalists, and other higher-risk users. Users who travel or work on untrusted networks may pair hardened device settings with a VPN, though that does not replace OS-level protections.
The main tradeoff will be compatibility. Legitimate accessibility developers may need to verify that their apps still work as expected under Android 17’s tighter controls, and Google will need to avoid blocking tools used by people with disabilities. Still, the direction is clear: rather than relying only on malware detection, Android is moving to limit high-risk system features that attackers have abused for years.
