With every new model of the Android working system, new options are added to guard customers from malware. For instance, Android 13 launched Restricted Settings. On this publish, we’ll focus on what this function entails, what it’s designed to guard towards, and the way successfully it does its job (spoiler: not very nicely).
What are Restricted Settings?
How do Restricted Settings function? Think about you’re putting in an software from a third-party supply — that’s, downloading an APK file from someplace and initiating its set up. Let’s suppose this software requires entry to sure features that Google considers significantly harmful (and for good cause — however extra on that later). On this case, the appliance will ask you to allow the required features for it in your working system settings.
Nonetheless, in each Android 13 and 14, this isn’t doable for functions put in by customers from APK recordsdata. Should you go to your smartphone’s settings and attempt to grant harmful permissions to such an software, a window titled Restricted Settings will seem. It’ll say “In your safety, this setting is presently unavailable”.
When an software put in from third-party sources requests harmful permissions, a window pops up with the title Restricted Settings
So, which permissions does Google take into account so hazardous that entry to them is blocked for any functions not downloaded from the shop? Sadly, Google isn’t dashing to share this data. We subsequently need to determine it out from impartial publications for Android builders. At current, two such restrictions are identified:
It’s doable that this record will change in future variations of Android. However for now plainly these are all of the permissions that Google has determined to limit for functions downloaded from unknown sources. Now let’s focus on why that is even vital.
Why Google considers Accessibility harmful
We beforehand talked about Accessibility in a current publish titled the Prime-3 most harmful Android options. In brief, Accessibility constitutes a set of Android options designed to help individuals with extreme visible impairments.
The preliminary concept was that Accessibility would allow functions to behave as mediators between the visible interface of the working system and people unable to make use of this interface however able to issuing instructions and receiving data by means of various means — usually by voice. Thus, Accessibility serves as a information canine within the digital area.
An software utilizing Accessibility can see every part taking place on the Android gadget’s display screen, and carry out any motion on the consumer’s behalf — urgent buttons, inputting information, altering settings, and extra.
That is exactly why the creators of malicious Android functions are so keen on Accessibility. This set of features permits them to do quite a lot of hurt: spy on correspondence, listen in on passwords, steal monetary data, intercept one-time transaction affirmation codes, and so forth. Furthermore, Accessibility additionally permits malware to carry out consumer actions inside different functions. For instance, it might probably make a switch in a banking app and make sure the transaction utilizing the one-time code from a textual content message.
For this reason Google deems the permission to entry Accessibility significantly perilous — and rightly so. For apps out there on Google Play, their use is topic to cautious scrutiny by moderators. As for packages downloaded from unknown sources, Android builders have tried to fully disable entry to this set of features.
Why Google restricts entry to notifications
We’ve coated Accessibility, so now let’s discuss what’s incorrect with functions accessing notifications (in Android, this perform is known as Notification Listener). The hazard lies in the truth that notifications could comprise plenty of private details about the consumer.
For instance, with entry to all notifications, a malicious app can learn virtually the entire consumer’s incoming correspondence. Particularly, it might probably intercept messages containing one-time codes for confirming financial institution transactions, logging in to numerous providers (reminiscent of messengers), altering passwords, and so forth.
Right here, two severe threats come up. Firstly, an app with entry to Notification Listener has a easy and handy strategy to monitor the consumer — very helpful for adware.
Secondly, a malicious app can use the knowledge obtained from notifications to hijack consumer accounts. And all this with none additional methods, complicated technical gimmicks, or costly vulnerabilities — simply exploiting Android’s built-in capabilities.
It’s not stunning that Google considers entry to notifications no much less harmful than entry to Accessibility, and makes an attempt to limit it for packages downloaded from exterior the app shops.
How Android malware bypasses Restricted Settings
In each Android 13 and 14, the mechanism to guard towards using harmful features by malicious apps downloaded from unknown sources operates as follows. App shops usually use the so-called session-based set up methodology. Apps put in utilizing this methodology are thought of secure by the system, no restrictions are positioned on them, and customers can grant these apps entry to Accessibility and Notification Listener.
Nonetheless, if an app is put in with out utilizing the session-based methodology — which may be very more likely to occur when a consumer manually downloads an APK — it’s deemed unsafe, and the Restricted Settings perform is enabled for it.
Therefore the bypass mechanism: even when a malicious app downloaded from an untrusted supply can not entry Accessibility or notifications, it might probably use the session-based methodology to put in one other malicious app! It will likely be thought of secure, and entry restrictions received’t be activated.
We’re not speaking concept right here – it is a actual drawback: malware builders have already realized to bypass the Restricted Settings mechanism within the newest variations of their creations. Subsequently, the restrictions in Android 13 and 14 will solely fight malware that’s outdated — not shield towards new malware.
How one can disable Restricted Settings when putting in an app from third-party sources
Despite the fact that it’s not secure, typically a consumer may have to grant entry to Accessibility or Notification Listener to an app downloaded from exterior the shop. We suggest excessive warning on this case, and strongly advise scanning such an software with a dependable antivirus earlier than putting in it.
To disable the restrictions:
- Open your smartphone settings
- Go to the Apps part
- Choose the app you need to take away entry restrictions for
- Within the higher proper nook, faucet on the three dots icon
- Choose Enable restricted settings
That’s it! Now, the menu possibility that allows you to grant the app the required permissions will turn into energetic.
How one can shield your Android smartphone
Since you’ll be able to’t depend on Restricted Settings, you’ll have to make use of different strategies to guard your self from malware that abuses entry to Accessibility or notifications:
- Be cautious of any apps requesting entry to those options — we’ve mentioned above why that is very harmful
- Attempt to set up functions from official shops. Generally malware can nonetheless be discovered in them, however the threat is far decrease than the prospect of selecting up trojans from obscure websites on the web
- Should you actually have to put in an app from an unreliable supply, keep in mind to disable this selection instantly after set up
- Scan all functions you put in with a dependable cell antivirus.
- Should you’re utilizing the free model of our safety device, keep in mind to do that manually earlier than launching every new software. Within the paid model of Kaspersky Safety & VPN, this scan runs robotically.
