Related
http://digitizor.com/2011/07/21/android-malware/
Android has had its fair share of malware problems. Whenever malware are detected, Google reacts swiftly and remove them. However, according to security researcher Neil Daswani, around 8% of the apps on the Android market are leaking private user data.
Neil Daswani, who is also the CTO of security firm Dasient, says that they have studied around 10,000 Android apps and have found that 800 of them are leaking private information of the user to an unauthorized server. Neil Daswani is scheduled to present the full findings at the Black Hat Conference in Las Vegas which starts on July 30th.
The Dasient researchers also found out that 11 of the apps they have examined are sending unwanted SMS messages.
Google needs to take charge
This malware problem on Android has become too much. One of the main reason that we see malicious apps in the market is because of the lack of regulation in the apps that get into the Android Market.
Sure, the lack of regulation can be good. It means that developers can make their apps without worrying if Google will accept their apps or not. It fits into the pre-existing application distribution model where anyone can develop and publish their own apps.
However, this comes at a price - the malware problem. Yes, most of the problems with these malicious apps can be avoided if only users read the permission requirements of the apps. But, what percentage of the users actually read the permission requirements of all the apps they download?
I think that it is time that Google make approval of the apps a requirement before it gets into the Market. They do not need to do it like Apple, but a basic security check before an app gets on the market will be nice.
If nothing is done about and this problem is allowed to grow, it will end up killing the platform.
Ur a good man
Sent from my PG86100 using XDA Premium App
Get an iPhone then.
Don't know if apple should approve or disaproove since that can slow down the release of new apps, but they need to check, that's for sure.
Yeah, just read permissions when installing applications. A lot of them will state access to personal data (such as contacts, browser history, etc.)
Such apps like MP3 downloaders contain ALOT of this malware.
if you're that paranoid.....LBE Privacy Guard + Droidwall = #winning
This article is very true in sense of lacking of control on big G part. My friend developed an app and he was able to get it into market almost instantly. I was very shocked to find that no scanning or checking was done.
Therefore, it's a risk that we take everyday to use these apps, specially, custom ROMs because who knows what it installed really. Users just need to be aware of their action, and don't use bank apps on rooted devices, or corporate email on rooted devices, or email yourself passwords to your online banking from your rooted devices. My thought is that, if it's out there then somebody can get it these days with all the technologies.
A little bit of common sense when installing apps can go a long way. You stifle the market too much when you cater to the lowest common denominator but then if you don't you get stuff like this.
+1 on Droidwall too, great app. Just don't turn it on and then forget about it before getting it set up properly, it's a pain figuring out why you can't use the internet on anything lol
xHausx said:
A little bit of common sense when installing apps can go a long way. You stifle the market too much when you cater to the lowest common denominator but then if you don't you get stuff like this.
+1 on Droidwall too, great app. Just don't turn it on and then forget about it before getting it set up properly, it's a pain figuring out why you can't use the internet on anything lol
Click to expand...
Click to collapse
hahaha, was tryna to download a new app and wondering why it just stalled kept on saying, downloading..... downloading paused....blah blah!!! lol
turns out it was droidwall (even with market enabled) lol
Yea when a simple clock widget wants to read your contact, data and location but has no ads or settings, I avoided that one.
I prefer the risk of an open system to the purgatory that is a closed system ruled by a draconian company any day.
Oh look iOS does this too.
/troll
DoctorComrade said:
Oh look iOS does this too.
/troll
Click to expand...
Click to collapse
hah, they're at almost 50%
I posted this in another forum but I want to know what you guys here think about android security.
How worried are you all about security on the android platform? Don't you find it a little unnerving that anybody could upload and app to the android market and there is no verification of the app like on IOS platform. Anybody could write an app that looks legit but does devious things. All this along with there are very very few security applications and they are in the infant state. Don't you find it very dangerous? How do you try to maintain security on your android device? Don't download apps? Only download from known publishers? Or do you roll the dice and download anything? If you use a security app which one?
the_main_app said:
I posted this in another forum but I want to know what you guys here think about android security.
How worried are you all about security on the android platform? Don't you find it a little unnerving that anybody could upload and app to the android market and there is no verification of the app like on IOS platform. Anybody could write an app that looks legit but does devious things. All this along with there are very very few security applications and they are in the infant state. Don't you find it very dangerous? How do you try to maintain security on your android device? Don't download apps? Only download from known publishers? Or do you roll the dice and download anything? If you use a security app which one?
Click to expand...
Click to collapse
There are viruses for Android.....right ?
Besides , if you're smart enough you can check whether an app needs such permissions when installing , through the Mart or an .apk .
I don't like the way iOS works , they give too limited functionality .
Forever living in my Galaxy Ace using XDA App
the_main_app said:
I posted this in another forum but I want to know what you guys here think about android security.
How worried are you all about security on the android platform? Don't you find it a little unnerving that anybody could upload and app to the android market and there is no verification of the app like on IOS platform. Anybody could write an app that looks legit but does devious things. All this along with there are very very few security applications and they are in the infant state. Don't you find it very dangerous? How do you try to maintain security on your android device? Don't download apps? Only download from known publishers? Or do you roll the dice and download anything? If you use a security app which one?
Click to expand...
Click to collapse
i dont use a security app, i use common sense.
a game doesn't need access to my contacts...
notepad app doesn't need access to my private information...
this is why android phones are for the power users and shouldn't be used by soccer moms and grandmas - because they have no clue what they are doing with these phones except for when a phone call or text message comes in... let them have the iphones.
but if you are tech savvy, and want to squeeze every bit of user capability out of your phone, a high end android phone is for you.
the people that are tech savvy also have the awareness because they treat their phone like a computer, and not a phone.
just my thoughts.
I think the best thing would be if android embraced that the user can choose which permissions to give to apps. I mean, an app may want to know your location, you denies it, and the app continnues happily without using that functionality, or quits saying its essantial.
cobraboy85 said:
i dont use a security app, i use common sense.
a game doesn't need access to my contacts...
notepad app doesn't need access to my private information...
this is why android phones are for the power users and shouldn't be used by soccer moms and grandmas - because they have no clue what they are doing with these phones except for when a phone call or text message comes in... let them have the iphones.
but if you are tech savvy, and want to squeeze every bit of user capability out of your phone, a high end android phone is for you.
the people that are tech savvy also have the awareness because they treat their phone like a computer, and not a phone.
just my thoughts.
Click to expand...
Click to collapse
very well put, unfortunately most dont think like this..
It is always a good habit to check the permissions an app needs before installation.I personally think that a system should be implemented in android market where all apps are erquested to give informaation on "Why they need certain permissions?".Certain apps do that.
An antivirus program is also useful in my opinion.I use Lookout antivirus,as i find it simple to use and does not slow down my phone.I tried avg but it slowed down my phone terribly.
hiitti said:
I think the best thing would be if android embraced that the user can choose which permissions to give to apps. I mean, an app may want to know your location, you denies it, and the app continnues happily without using that functionality, or quits saying its essantial.
Click to expand...
Click to collapse
But, as a matter of degree, this just what we wish. The fact may be far beyond our imagination. Sometimes, malware still run certain functionalities even you cancel it. It's worse that some apps run secretly in system. I'm a little scared about security issue based on my PC.
cobraboy85 said:
i dont use a security app, i use common sense.
a game doesn't need access to my contacts...
notepad app doesn't need access to my private information...
this is why android phones are for the power users and shouldn't be used by soccer moms and grandmas - because they have no clue what they are doing with these phones except for when a phone call or text message comes in... let them have the iphones.
but if you are tech savvy, and want to squeeze every bit of user capability out of your phone, a high end android phone is for you.
the people that are tech savvy also have the awareness because they treat their phone like a computer, and not a phone.
just my thoughts.
Click to expand...
Click to collapse
But a game might ask for internet/network permissions which you would probably accept. How do you guard against this? How can you prevent a malicious app that asks for relavent permissions but abuses them?
I never take the time to study the permissions required when I download an app from the market.
I tend to avoid the low number of d'load apps..... partly as there is less feedback to judge.... and partly as any app thats worth the download will have high stars and many d'loads.
Works for me so far.
Netquins running in the background just in case...... but whose to say they dont upload my contacts for spamming?
Prof Peach said:
I never take the time to study the permissions required when I download an app from the market.
I tend to avoid the low number of d'load apps..... partly as there is less feedback to judge.... and partly as any app thats worth the download will have high stars and many d'loads.
Works for me so far.
Netquins running in the background just in case...... but whose to say they dont upload my contacts for spamming?
Click to expand...
Click to collapse
But what about new apps that may be legit? They won't have any reviews yet or stars. If everybody did the same as you it would never get reviews or stars? There's got to be a better way, don't you agree?
the_main_app said:
But a game might ask for internet/network permissions which you would probably accept. How do you guard against this? How can you prevent a malicious app that asks for relavent permissions but abuses them?
Click to expand...
Click to collapse
That's the only question above that can't be answered by LBE Privacy Guard.
Someone mentioned a game that wants access to your contacts. What if you really want the game? You just don't allow it access to your contacts and then play it anyway.
Most apps ask for access to your IMEI (you'd be surprised how many!) With LBE they don't get it.
Antivirus software is all well and good, but it's not the same as on a PC where pattern matching can be used. AV software on Android basically opens the apk file and has a look round to see if anything looks suspicious. Other than that, there's nothing it can do to stop a clever developer bypassing it.
Seriously, if you have concerns then get LBE and start restricting permissions access on an app-by-app basis.
johncmolyneux said:
That's the only question above that can't be answered by LBE Privacy Guard.
Someone mentioned a game that wants access to your contacts. What if you really want the game? You just don't allow it access to your contacts and then play it anyway.
Most apps ask for access to your IMEI (you'd be surprised how many!) With LBE they don't get it.
Antivirus software is all well and good, but it's not the same as on a PC where pattern matching can be used. AV software on Android basically opens the apk file and has a look round to see if anything looks suspicious. Other than that, there's nothing it can do to stop a clever developer bypassing it.
Seriously, if you have concerns then get LBE and start restricting permissions access on an app-by-app basis.
Click to expand...
Click to collapse
this.
i was JUST about to say the same thing about the android "anti-virus" scam... not really a scam, but a false sense of security. as you said, not the same at ALL. people need to get out of the PC mindset with these phones. this is not windows, it's linux.
and i'm going to give LBE a shot. seems pretty legit.
for all of those running antivirus "software" on your phone, how many of you have actually run a virus scan and had it give a detailed description of a malicious "virus"....
Liking lookout
Sent from my GT-I9100 using XDA App
ummm, anyone ever heard of antiviruses (Kapersky, maybe?)? Or at least look up the app's access to things... If it accesses something you don't want it to access (or think the app doesn't need to access it), don't install it!
I know out-of-the-box Androids aren't so vunerable to viruses, compared to rooted ones... So...?
First look up the developer of the app, then if you trust him, install, if you never heard of him, google it (or look at the comments at where you're downloading from), and if you had experience with the developer before (and if the experience is bad, like trojans, etc.), don't install!
(I don't understand half of what I'm typing XD...Don't blame me for misspellings, please )
Cant say I can rave or not when it comes to the anti virus apps.
Have used Lookout in the past and currently using netquin.... neither of which ever flagged up a virus, malware or whatever.
Its nice to think its running in the background but dont know whether it will do anything if its needed.
I was tempted to download a load of apps in a zip file but 20 secs in my Avast siad there was a virus. I'd like to think the market would have its own precautions but having searched the site, cant see any mention of its security for the apps we download.
Its a different thing altogether but we cant take the fact that its the market and relax...... the worst virus my laptop ever had came in an update from Microsoft...... and another directly from google tools.
Kapersky for Android then? You can pick up free full non-trial versions on the web...
About the Market - yes, that's true. You'd expect them to check if apps are infected or at least leave a bot to do it...
Sorta lame...
The best security is the brain.akp just like brain.exe is on windows - best thing it's free, godgiven and everyone got a copy
Zeze21 said:
The best security is the brain.akp just like brain.exe is on windows - best thing it's free, godgiven and everyone got a copy
Click to expand...
Click to collapse
yeah but not everyone got the full version. A few of my friends got a corrupted exe and then this girl I know got the 30 day trial
not that good
Prawesome said:
It is always a good habit to check the permissions an app needs before installation.I personally think that a system should be implemented in android market where all apps are erquested to give informaation on "Why they need certain permissions?".Certain apps do that.
An antivirus program is also useful in my opinion.I use Lookout antivirus,as i find it simple to use and does not slow down my phone.I tried avg but it slowed down my phone terribly.
Click to expand...
Click to collapse
I have both Lookout and AVG, neither has stopped my phone from getting up to 10 junk downloads, you have won an ipad, iphone etc., a day, not sms or email, I have to have every form of external contact turned off, the moment I get wifi or mobile access it starts downloading spam.
If anyone knows of a way to stop it I would appreciate the feedback
Moved to proper section
GO Launcher seems to be the "go to" launcher of choice for many people, including well read, influential online publications, like lifehacker. I can't bring myself to trust GO Launcher EX though. Outside of the eye candy and polished interface, its aggressive pushing of its own storefronts, apps, libraries, and widgets, many of which request unusual permissions like log file access and root, leaves me feeling that it's very liberal with what it does with any information it collects or tries to collect.
To confirm my suspicions, I whitelisted the launcher in Droidwall and monitored the connections and packets it sent out using Android Network Log .
What I found wasn't all too surprising and honestly not that different from most of the fun "free" apps on the marketplace that phone home and monetize user data. It's just that GO Launcher is phoning home to servers in Bejing, as well as a Chinese operated personalized content delivery network (ChinaCache) with servers in the US (essentially the Chinese counterpart to our Akamai). Many of the packets were directed to 69.28.54.217, which is a ChinaCache Los Angeles CDN server. I'm sure those hundreds of packets was all very intredasting data that gets sent to Beijing, too. Which is why one of 3G.cn/GO Launcher's employees has a linkedin page, one where she obviously forgot to confer with her company's marketing/PR department prior to candidly listing some of her responsibilities which include, verbatim, "data mining". lol. I'm very sure it's to 'serve personalized ads, quality products, and actionable data to high value customers', but still, the writing is on the wall. With how active Chinese companies are in tailoring the online footprint/reputation of their products and software on various websites, I'm sure that linkedin page will be taken down or revised.
Western corporations that broker information vs state influenced Chinese corporations that broker information. While I view both as not the most trustworthy entities in regards to my privacy, I do feel that there are at least some restrictions that could be theoretically enforced to limit the scope of the data shared by corporations in the West.
While I can easily block outbound packets and revoke permissions from GO Launcher EX, I just don't feel like I want to bother using it anymore.
ADWLauncher EX, my main launcher on several of my Android devices, does not generating any outbound traffic and there are no indications that it is collecting or selling my data. A much friendlier option to privacy, in my opinion.
Should I be this paranoid? Should you? I was surprised that I didn't see too much information about GO Launcher's data collection on the web, so I thought I'd share. Thoughts?
Just stick with adw launcher. I use sock launcher to save battery but it is what you prefer to use so sick with it.
~-~-~-~-~-~-~-~-~-~-~-~-~
Phone: Samsung galaxy s2 t989
Rom: Jedi knight 6 4.0.4
Kernel: Jedi kernel 2
-~-~-~-~-~-~-~-~-~-~-~-~-
and you thought celebrities weren't smart. =P
Not paranoid at all. Good info, thanks for sharing.
Sent from my SAMSUNG-SGH-I997 using xda app-developers app
Very detailed and helpful post. I have always felt this about GO products, but thanks for doing your research and making it publicly known.
Sent from my Desire HD using xda premium
To be honest I don't trust Go products at all after they refused to say how their SMS app was able to remember someone used their app even after changing phones and phone numbers. We have to remember that there are things that are legal in China but not in the States which include monitoring of personal data.
Batcom2
zelendel said:
To be honest I don't trust Go products at all after they refused to say how their SMS app was able to remember someone used their app even after changing phones and phone numbers. We have to remember that there are things that are legal in China but not in the States which include monitoring of personal data.
Batcom2
Click to expand...
Click to collapse
That's definitely a very scary factoid. Can you link me to the thread or webpage where they did that? I have seen the developer be very active in shutting down any negative comments towards the software, with some explanations that no identifiable information is stored or accessed, which runs counter to what is actually happening.
One of the reasons I started more heavily scrutinizing app developers is that I've seen the American press increasingly lauding, praising, and recommending Chinese developed software products, without fully vetting just what these products do, or what kind of security concerns they possibly present. Of them, was a remote desktop access software called Splashtop, which inexplicably had numerous foreign field offices, several being in mainland China. Among those offices, one was literally next door to a "Party Member Service Office". Splashtop, for many years, used zero end to end encryption, without any valid reason. Remote desktop applications and launchers provide so much unfettered user whitelisted access to elevated privileges, file system, network communications, root access, and keystroke/input monitoring, that it seems unconscionable to voluntarily install such a huge backdoor.
With many millions of downloads to date, they have quite a lot of data immediately available, to entities whose endgame is unknown, in a country that lacks the kind of regulatory checks, balances, and accountability that, for the most part, have earned user's trust of Western corporations and developers.
A worst case scenario I can imagine is that with all of the unique device ID's stored in their database (GO Launcher also creates a copy of your device ID and places is it in the file system, in plain text, which remains after uninstall) and likely profiling of each user, a malevolent company could essentially push a custom software update on someone's phone that deploys a more aggressive/invasive payload. With today's level of technology and the state of rampant state sponsored corporate espionage, I see it definitely within the realm of possibility.
MifuneT said:
That's definitely a very scary factoid. Can you link me to the thread or webpage where they did that? I have seen the developer be very active in shutting down any negative comments towards the software, with some explanations that no identifiable information is stored or accessed, which runs counter to what is actually happening.
One of the reasons I started more heavily scrutinizing app developers is that I've seen the American press increasingly lauding, praising, and recommending Chinese developed software products, without fully vetting just what these products do, or what kind of security concerns they possibly present. Of them, was a remote desktop access software called Splashtop, which inexplicably had numerous foreign field offices, several being in mainland China. Among those offices, one was literally next door to a "Party Member Service Office". Splashtop, for many years, used zero end to end encryption, without any valid reason. Remote desktop applications and launchers provide so much unfettered user whitelisted access to elevated privileges, file system, network communications, root access, and keystroke/input monitoring, that it seems unconscionable to voluntarily install such a huge backdoor.
With many millions of downloads to date, they have quite a lot of data immediately available, to entities whose endgame is unknown, in a country that lacks the kind of regulatory checks, balances, and accountability that, for the most part, have earned user's trust of Western corporations and developers.
A worst case scenario I can imagine is that with all of the unique device ID's stored in their database (GO Launcher also creates a copy of your device ID and places is it in the file system, in plain text, which remains after uninstall) and likely profiling of each user, a malevolent company could essentially push a custom software update on someone's phone that deploys a more aggressive/invasive payload. With today's level of technology and the state of rampant state sponsored corporate espionage, I see it definitely within the realm of possibility.
Click to expand...
Click to collapse
Search for the Go sms thread. I and another Mod brought it up in the thread and they tried to BS us. Then toss in a keylogger that was found (and removed?) in the Go keyboard and it has given me enough not to trust them.
of course you can, but I prefer Apex
zelendel said:
Search for the Go sms thread. I and another Mod brought it up in the thread and they tried to BS us. Then toss in a keylogger that was found (and removed?) in the Go keyboard and it has given me enough not to trust them.
Click to expand...
Click to collapse
Didn't know that. Never used their products but shouldn't that be enough to merit a ban from XDA? Bugless Pete was booted for less (source code issues but nothing as malicious as a keylogger).
We need solid proof and they will be.
Batcom2
zelendel said:
We need solid proof and they will be.
Batcom2
Click to expand...
Click to collapse
With the aggressive number of "updates" they immediately push once you install one of their products or add ons, I don't imagine it shouldn't be too difficult to find something of interest to confirm or deny suspicions. I did find it odd in that GO SMS thread that there were some mentions of whitelisting GO SMS to prevent AV from interfering with it.
I'll see about installing GO on one of my spare devices and routers after work, along with something like wireshark, so I can analyze packet data. This isn't something that I'm too familiar with so it may be a little bit while I re-acclimate myself to the program. If anyone is more familiar with packet analysis and wants to run tests alongside, it can build a stronger case for or against the dev.
Bump. I use go sms, so I would really like to know if this app is doing any other malicious things.
Sent from my XT720 using xda premium
good thread, :good:
anyway i hate this launcher since the day i have an android device.
its tooooooooooo overloaded with useless things.
its my opinion,i prefer apex,adw or holo.less wheight in data,ram,battery usage and looks more cool as the parishilton go launcher a.....s........ssss.lol.
Well, I'm running cm9, and for whatever reason, it won't let me download picture messages with the stock messenger. I actually use google voice for my texts, but that doesn't get mms. Go sms is the only thing that actually let's me download the pictures that get sent to me, so I just use it for that specifically.
Sent from my XT720 using xda premium
i stop using Go Products since they force people to use their CLOUD storage to backup people sms on Go SMS.
i dont know about now, local backup is back or not.
it was really fishy back there.
and many other thing, like many permission things needed for something like launcher and sms app.
their looks are cartoonish iphoney and cute (like many asian app) which is not my taste at all.
also overloaded with a bunch of crap.
that's my opinion.
---
Sent from Android Device
marhensa said:
i stop using Go Products since they force people to use their CLOUD storage to backup people sms on Go SMS.
i dont know about now, local backup is back or not.
it was really fishy back there.
and many other thing, like many permission things needed for something like launcher and sms app.
their looks are cartoonish iphoney and cute (like many asian app) which is not my taste at all.
also overloaded with a bunch of crap.
that's my opinion.
---
Sent from Android Device
Click to expand...
Click to collapse
Too true. The last product I used years back was GO SMS, and I stopped after they started insisting on registering for their Go Chat service and backing up SMS. I couldn't even unregister from Go Chat once I logged in by mistake, and they never responded to my emails about deleting my account. Very shady behaviour.
Sent from my Desire HD using Tapatalk 4
sashank said:
Too true. The last product I used years back was GO SMS, and I stopped after they started insisting on registering for their Go Chat service and backing up SMS. I couldn't even unregister from Go Chat once I logged in by mistake, and they never responded to my emails about deleting my account. Very shady behaviour.
Sent from my Desire HD using Tapatalk 4
Click to expand...
Click to collapse
Go Launcher + EX were my first "custom" ones but after reading about their data-collection-stories I've decided to go and stick with Apex Launcher never regretted doing so. I always thought Go was and is too agressive in pushing their widgets, services I don't like that
frankgreimes said:
Go Launcher + EX were my first "custom" ones but after reading about their data-collection-stories I've decided to go and stick with Apex Launcher never regretted doing so. I always thought Go was and is too agressive in pushing their widgets, services I don't like that
Click to expand...
Click to collapse
Exactly. I used Go Launcher EX & Go SMS Pro a lot on CM7. They were good till they became creepy. And most of the services were opt-out not opt-in. That's sucks.
Sent from my Nexus 7 using Tapatalk 4
A key question now is can the "Next" launcher be trusted? Can anybody run the same packet tests on this one? I'm officially ready to remove Go (launcher Ex from my old Tbolt and HD/Pad from my TF300) but I wonder if I'm also going to remove Next from a device.
NapalmDawn said:
A key question now is can the "Next" launcher be trusted? Can anybody run the same packet tests on this one? I'm officially ready to remove Go (launcher Ex from my old Tbolt and HD/Pad from my TF300) but I wonder if I'm also going to remove Next from a device.
Click to expand...
Click to collapse
Not sure, but just to be safe I'd stay awake from anything by the Go Dev Team. Too shady for my taste.
Like many other developers, I also received the 30-days deadline warning email from Google Play team about the potential "misuse" of accessibility service in Greenify.
As the very first developer who introduced this trick of "misusing" accessibility to achieve UI automation years ago, I'm very proud that many more creative tool apps followed this approach to enable fantastic functionality beyond the imagination of the creator of Android, without root. It's a miracle bred from the openness and flexibility of Android.
Unfortunately, the supervisor of the dominant app market is now declaring its right of final interpretation, to judge the proper use of Android API and claim that this whole idea is unacceptable. At this point, I feel I have to say something.
Why accessibility service?
As we all know, root is the ultimate playground of super users in the Android community. But it also has its inconvenience and grey side, so I decided to make Greenify work for users with non-root device. I had been experimenting with many approaches for this purpose in almost the whole year 2013. Finally I found the magic of UI automation driven by accessibility service. With this approach, many more users now enjoy the improved battery life and smoothness brought by Greenify.
I know that accessibility service is not a perfect solution, considering the overall UI performance degradation involved (explained below). So I never gave up seeking alternative approaches ever since, (many of which might also be considered API "misusing" in strict speaking) but still no better approach found. If Android could provide any alternative solution, I would never prefer accessibility service in the first place.
The Good
Accessibility service is so powerful, that I have to admit it's some kind of Pandora's box.
With accessibility, developers could not only help people with disabled abilities, but also greatly benefit the general users with wonderful use cases, including:
• Remote assistant via touch interaction, without root. (seems like no such apps yet?)
• Automate the tedious operations inside not-well-designed apps, even possibly driven by Tasker or IFTTT, without root.
• Programatically trigger global actions (e.g. Back, Home).
• Overlay the whole screen including the notification shade on Android O.
• ……
I even wrote a small app with accessibility service to "fix" the bottom navigation bar of my wife's Moto X Style, whose touch screen is not reading touches any more in bottommost rows of pixels.
The Bad
With such power, accessibility service is also becoming the trending target of malware, endangering average users world-wide. A typical malware could deceive user to enable its accessibility service and then perform many dangerous actions without user consent, including gaining other sensitive privileges.
Together with screen overlay, this could even hide from average user's observation, effectively making it a seductive approach, thus highly dangerous in the wild.
The Ugly
The dangers above may not be a thread to advanced users, but the overall UI lag caused by accessibility service could be a real hurt.
Android delivers accessibility events to active accessibility service in two phases. Events are first generated in the current interacting app and immediately sent to system process, then dispatched to separate accessibility services, each in its own process.
If no accessibility services enabled, both phases are shutdown, thus no performance affection at all. If at least one accessibility service is enabled, the first phase is turned on, in full power, no matter which types of events are interested (declared by accessibility service). The second phase is taking that into consideration and only delivers the interested events to each accessibility service.
The performance lag comes mostly out of the first phase because some types of accessibility events are so heavy, considering how frequently they are triggered. For example, TYPE_WINDOW_CONTENT_CHANGED is generated and sent every tiny bit of UI content changes and TYPE_VIEW_SCROLLED is generated and sent every pixel your finger is moved across during scrolling, even if no accessibility services are interested in them.
Sounds crazy? Unfortunately that's the current situation. Although Android O took a step to address that, the situation is still not changed fundamentally. Maybe in Google's view, accessibility service is not intended for general users, so performance optimization is never in the priority.
How is Greenify doing
Performance is always Greenify's priority since it’s one of the purposes defining Greenify. So I took all the possibilities to improve that in the past years, even greatly pulled-back by Android system itself.
First of all, Greenify declares no interest of events at all at most of the time and only declares minimal interest of events (all are trivial to generate) and specific target (system settings app) required during the short period of on-going hibernation operation. This is implemented by dynamic registration, cutting the cost of the second phase to almost zero.
Due to the inefficient implementation in Android system, the first phase is still the bottleneck of UI performance. After a long time of trial and failure, I finally managed to eliminate that cost, in a tricky way. With necessary permission granted via ADB, Greenify only enables its accessibility service during the hibernation operation and disable it immediately afterwards. That means, if no other accessibility service enabled, you will have no performance problem of accessibility service at all while still enjoy the power of Greenify.
With above optimization, Greenify limited the events it could receive to the minimal, thus also effectively keeps the privacy of users in safety. I'm planning to bring this optimization to broader users who has little knowledge about ADB, and even to other apps with accessibility service hopefully.
My Concern
Accessibility service is a yard full of potential creativity and magic. It should never be a Pandora's Box if Android itself implement it with caution in the first place. I understand the complexity and historical reasons that lead to the current situation, but feel sorry and sad about how Google deals with this situation, by banishing popular tool apps. Will that make Android users more secure? I highly doubt.
I don't know if Google Play team represents the atitude of Android team at Google. If so, it will then be the breaking day for all Android developers, when Google starts to use its power to judge the "proper use" of Android API, even if it's not used by malware.
Will it come a day that the use of screen overlay besides showing information will be banned?
Will it come a day that the use of content provider not for providing data will be banned?
Will it come a day that the use of internal APIs will be banned?
oasisfeng said:
Like many other developers, I also received the 30-days deadline warning email from Google Play team about the potential "misuse" of accessibility service in Greenify.
As the very first developer who introduced this trick of "misusing" accessibility to achieve UI automation years ago, I'm very proud that many more creative tool apps followed this approach to enable fantastic functionality beyond the imagination of the creator of Android, without root. It's a miracle bred from the openness and flexibility of Android.
Unfortunately, the supervisor of the dominant app market is now declaring its right of final interpretation, to judge the proper use of Android API and claim that this whole idea is unacceptable. At this point, I feel I have to say something.
Why accessibility service?
As we all know, root is the ultimate playground of super users in the Android community. But it also has its inconvenience and grey side, so I decided to make Greenify work for users with non-root device. I had been experimenting with many approaches for this purpose in almost the whole year 2013. Finally I found the magic of UI automation driven by accessibility service. With this approach, many more users now enjoy the improved battery life and smoothness brought by Greenify.
I know that accessibility service is not a perfect solution, considering the overall UI performance degradation involved (explained below). So I never gave up seeking alternative approaches ever since, (many of which might also be considered API "misusing" in strict speaking) but still no better approach found. If Android could provide any alternative solution, I would never prefer accessibility service in the first place.
The Good
Accessibility service is so powerful, that I have to admit it's some kind of Pandora's box.
With accessibility, developers could not only help people with disabled abilities, but also greatly benefit the general users with wonderful use cases, including:
• Remote assistant via touch interaction, without root. (seems like no such apps yet?)
• Automate the tedious operations inside not-well-designed apps, even possibly driven by Tasker or IFTTT, without root.
• Programatically trigger global actions (e.g. Back, Home).
• Overlay the whole screen including the notification shade on Android O.
• ……
I even wrote a small app with accessibility service to "fix" the bottom navigation bar of my wife's Moto X Style, whose touch screen is not reading touches any more in bottommost rows of pixels.
The Bad
With such power, accessibility service is also becoming the trending target of malware, endangering average users world-wide. A typical malware could deceive user to enable its accessibility service and then perform many dangerous actions without user consent, including gaining other sensitive privileges.
Together with screen overlay, this could even hide from average user's observation, effectively making it a seductive approach, thus highly dangerous in the wild.
The Ugly
The dangers above may not be a thread to advanced users, but the overall UI lag caused by accessibility service could be a real hurt.
Android delivers accessibility events to active accessibility service in two phases. Events are first generated in the current interacting app and immediately sent to system process, then dispatched to separate accessibility services, each in its own process.
If no accessibility services enabled, both phases are shutdown, thus no performance affection at all. If at least one accessibility service is enabled, the first phase is turned on, in full power, no matter which types of events are interested (declared by accessibility service). The second phase is taking that into consideration and only delivers the interested events to each accessibility service.
The performance lag comes mostly out of the first phase because some types of accessibility events are so heavy, considering how frequently they are triggered. For example, TYPE_WINDOW_CONTENT_CHANGED is generated and sent every tiny bit of UI content changes and TYPE_VIEW_SCROLLED is generated and sent every pixel your finger is moved across during scrolling, even if no accessibility services are interested in them.
Sounds crazy? Unfortunately that's the current situation. Although Android O took a step to address that, the situation is still not changed fundamentally. Maybe in Google's view, accessibility service is not intended for general users, so performance optimization is never in the priority.
How is Greenify doing
Performance is always Greenify's priority since it’s one of the purposes defining Greenify. So I took all the possibilities to improve that in the past years, even greatly pulled-back by Android system itself.
First of all, Greenify declares no interest of events at all at most of the time and only declares minimal interest of events (all are trivial to generate) and specific target (system settings app) required during the short period of on-going hibernation operation. This is implemented by dynamic registration, cutting the cost of the second phase to almost zero.
Due to the inefficient implementation in Android system, the first phase is still the bottleneck of UI performance. After a long time of trial and failure, I finally managed to eliminate that cost, in a tricky way. With necessary permission granted via ADB, Greenify only enables its accessibility service during the hibernation operation and disable it immediately afterwards. That means, if no other accessibility service enabled, you will have no performance problem of accessibility service at all while still enjoy the power of Greenify.
With above optimization, Greenify limited the events it could receive to the minimal, thus also effectively keeps the privacy of users in safety. I'm planning to bring this optimization to broader users who has little knowledge about ADB, and even to other apps with accessibility service hopefully.
My Concern
Accessibility service is a yard full of potential creativity and magic. It should never be a Pandora's Box if Android itself implement it with caution in the first place. I understand the complexity and historical reasons that lead to the current situation, but feel sorry and sad about how Google deals with this situation, by banishing popular tool apps. Will that make Android users more secure? I highly doubt.
I don't know if Google Play team represents the atitude of Android team at Google. If so, it will then be the breaking day for all Android developers, when Google starts to use its power to judge the "proper use" of Android API, even if it's not used by malware.
Will it come a day that the use of screen overlay besides showing information will be banned?
Will it come a day that the use of content provider not for providing data will be banned?
Will it come a day that the use of internal APIs will be banned?
Click to expand...
Click to collapse
Well thanks for all you've done for the Android community!
Perhaps you and many other devs should just pull away from Google and switch to a different market like FDroid.
Google has done this sort of thing in the past, like with SCR Pro (screen recording software with internal audio support) because it changed SELinux Policy. If Google loses their cut money, maybe they would rethink that decision. Personally if I was Google, I'd just add a "Potential Security Issue" or a "Modifies Critical Security Settings" indicator to apps on the Play Store that use the Accessibility Services or change SELinux Policy, or other security related settings. Give the users the option of what they choose or not choose to run on their phones! They already have some sort of a system in place that already does this with the "Play Protect" system. Slowly but surely, Android is becoming more like iOS with less freedom.
Interesting update to original article on XDA
https://www.xda-developers.com/google-threatening-removal-accessibility-services-play-store/
"Update: LastPass has just responded to this news and states that there will be “no immediate impact” for their Android apps. Whether or not this means that other applications will be given leniency remains to be seen."
Accessibility Service options
If I may ask -- what are you going to do? Are you going to pre-emptively unpublish the app before the 30 day limit is up? Are you going to try to reach out to Google and ask them to clarify whether there is any changes / clarifications? (LastPass implies they have gotten some kind of assurance, but they don't directly state that). Or, are you going to try to get as compliant as possible (put the appropriate language in the appropriate places), and hope for the best?
As far as I'm concerned your app is one of the few mission critical apps in the android ecosystem. So I can only hope that this can be resolved amicably.
I think this change is aimed solely at Substratum, as I have heard (not confirmed) than in Android 8.1 without root/unlocking and only using accessibility services, OMS can be exploited for theming. So Google is using a shotgun to kill all apps using this service rather than narrow their focus.
@oasisfeng
An insightful, deliberate and extremely well written post! ?
Sent from my SM-G955W ??
I think its time of the developers make a big migration of the apps to the XDA store to save the lagacy of the -7.0
Sent from my Asus ZenFone 3 Deluxe using XDA Labs
divineBliss said:
Interesting update to original article on XDA
https://www.xda-developers.com/google-threatening-removal-accessibility-services-play-store/
"Update: LastPass has just responded to this news and states that there will be “no immediate impact” for their Android apps. Whether or not this means that other applications will be given leniency remains to be seen."
Click to expand...
Click to collapse
LastPass and Chrome enjoyed a cozy relationship in the past. That said I'm almost surprised at the news given Google could easily incorporate similar functionality into Android. Maybe Google and LogMeIn have something going on the side (new rumor...lol).
As much as i like to sympathize with developers using Accessibility to improve functionality of Android, I can't.
Because in last couple of months i have seen many crappy apps (cleaners n all) also start asking for same permission, and average user don't really understand or even care to read what impact or access they are giving and more than 95% of Android user falls in this category. We at XDA or other nerdy site don't like this fact but it's bare truth.
And from Google perspective, They can't monitor each and every App for eternity that which one is using this permission for good and which one isn't. So hammer of Banning all of it seems only solution for now on their part. especially considering Accessibility service was never meant to use for improving "Device Functionality" (Button Mapper, Battery Saver) it was always meant for "helping hand" in case normal functionally can't be used, not as "Replacement".
Also in my personal option, i think this ban is more due to App developers are trying to bypass each and every thing device manufacturers put (Bexby & Assistant Button) than apps trying to help with routine task (LastPass, Greenify).
Though they may not say explicitly OEM are not happy with their excursive feature are ruined by apps using accessibility as bypass and they (including Google in this case) can force Play Store to make restriction on this. (whether it's is Good practice or not is entire different topic so don't dwell into that debate in replies)
So in conclusion, Till Google come up with better solution (and i think they will, People working there are not fools they understand good that this access can do for Android as whole) , banning seems fair to me because security & stability of 95% users comes above 5% demanding modification & features.
Nerdy will always find a way but it's extremely difficultly to help understand average user why their phone suddenly start behaving abnormally
and that's what Google & OEM face daily.
jineshpatel30 said:
As much as i like to sympathize with developers using Accessibility to improve functionality of Android, I can't.
Because in last couple of months i have seen many crappy apps (cleaners n all) also start asking for same permission, and average user don't really understand or even care to read what impact or access they are giving and more than 95% of Android user falls in this category. We at XDA or other nerdy site don't like this fact but it's bare truth.
And from Google perspective, They can't monitor each and every App for eternity that which one is using this permission for good and which one isn't. So hammer of Banning all of it seems only solution for now on their part. especially considering Accessibility service was never meant to use for improving "Device Functionality" (Button Mapper, Battery Saver) it was always meant for "helping hand" in case normal functionally can't be used, not as "Replacement".
Also in my personal option, i think this ban is more due to App developers are trying to bypass each and every thing device manufacturers put (Bexby & Assistant Button) than apps trying to help with routine task (LastPass, Greenify).
Though they may not say explicitly OEM are not happy with their excursive feature are ruined by apps using accessibility as bypass and they (including Google in this case) can force Play Store to make restriction on this. (whether it's is Good practice or not is entire different topic so don't dwell into that debate in replies)
So in conclusion, Till Google come up with better solution (and i think they will, People working there are not fools they understand good that this access can do for Android as whole) , banning seems fair to me because security & stability of 95% users comes above 5% demanding modification & features.
Nerdy will always find a way but it's extremely difficultly to help understand average user why their phone suddenly start behaving abnormally
and that's what Google & OEM face daily.
Click to expand...
Click to collapse
Actually Google has fairly simple way to provide a solution, for example, Play services API to provide similar functionality with refined security and proper restriction. The new SMS verification API is a good example for app to avoid requesting SMS permission. Fairly speaking, SMS too was not designed for verification purpose.
They did nothing for a long time, but rush to ban all these apps in just 30 days. I think they just don't care that much about advanced user like the old days when Android was competing with iOS fiercely.
I’m the developer of Battery Overlay Percent. Not one of the big apps out there but it does got 500,000 downloads and about 30,000 active users.
I use accessibility services for hiding overlay when user pull status bar or on later release to resolve overlay breaking permission.
I’m quite sad with Google closing down on legitimate use cases. Personally from an open source OS we now live in a world of 2 pretty closed mobile environments.
And who’s collecting most data? Play Services of course.
Hope there will be a shift from this centerlized dark state we’re in.
oasisfeng said:
Actually Google has fairly simple way to provide a solution, for example, Play services API to provide similar functionality with refined security and proper restriction. The new SMS verification API is a good example for app to avoid requesting SMS permission. Fairly speaking, SMS too was not designed for verification purpose.
Click to expand...
Click to collapse
I thought something similar and i still think they will implement it but not before 30day timeline.
They did nothing for a long time, but rush to ban all these apps in just 30 days. I think they just don't care that much about advanced user like the old days when Android was competing with iOS fiercely.
Click to expand...
Click to collapse
True that. When you have 90% of market you don't need to expand it any more you just need to control it.
I don't mean to sound like I'm supporting them, but this what people do in general, when they have control on almost entire market.
Luckily for now (and unlike with ios) Android can still and probaly can always exist without the Google Play Store and Google Play Services and thats still a big win over ios! And as much as I hate this news, this is something I think will ultimately lead advanced users and advanced developers to become less dependant upon Google Play Store and Google Play Services.... and for users/devs like us, thats actually a good thing!
Maybe now Google Play Store will finally get some real competition!! Google has certainly with their actions have now got a significant chunk of users and devs properly motivated to look or create healthy alternatives for app licensing and license management on Android, thats for sure and to also kick it off with a healthly sample of some of the most prized apps android has ever seen, yikes!! Greenify is amazing but Tasker too; bigger yikes!!!
cantenna said:
Luckily for now (and unlike with ios) Android can still and probaly can always exist without the Google Play Store and Google Play Services and thats still a big win over ios! And as much as I hate this news, this is something I think will ultimately lead advanced users and advanced developers to become less dependant upon Google Play Store and Google Play Services.... and for users/devs like us, thats actually a good thing!
Maybe now Google Play Store will finally get some real competition!! Google has certainly with their actions have now got a significant chunk of users and devs properly motivated to look or create healthy alternatives for app licensing and license management on Android, thats for sure and to also kick it off with a healthly sample of some of the most prized apps android has ever seen, yikes!! Greenify is amazing but Tasker too; bigger yikes!!!
Click to expand...
Click to collapse
Exactly.
We need to stand our ground.
I have a feeling that alternate app stores are about to see a huge boost in users. Google is going to sorely regret their decisions.
betatest3 said:
Exactly.
We need to stand our ground.
I have a feeling that alternate app stores are about to see a huge boost in users. Google is going to sorely regret their decisions.
Click to expand...
Click to collapse
I admire your optimistic attitude - But... Alphabet is a Juggernaut and if it suits them - They'd probably just buy any potential problem ?
Sent from my SM-G955W ??
shaggyskunk said:
I admire your optimistic attitude - But... Alphabet is a Juggernaut and if it suits them - They'd probably just buy any potential problem ?
Click to expand...
Click to collapse
Not to mention the relatively small number of individuals that will be adversely impacted when all is said and done. Bigger players (eg: LastPass) will likely receive some form of dispensation. Niche tools like Greenify might take a hit but that is not where the revenue stream resides. Google ain't catering to the Android enthusiast community.
shaggyskunk said:
I admire your optimistic attitude - But... Alphabet is a Juggernaut and if it suits them - They'd probably just buy any potential problem ?
Click to expand...
Click to collapse
I dont think they'll be buying the amazon app store any time soon.
but to the point of the other user you quoted, you'll likely see the accessibility needing market move to another app store.
cantenna said:
I dont think they'll be buying the amazon app store any time soon.
but to the point of the other user you quoted, you'll likely see the accessibility needing market move to another app store.
Click to expand...
Click to collapse
Sure. There are a handful of reputable alternative app stores that cater to small communities that dare to venture off the beaten path. Niche market; don't think Google is worried. Nor is it likely Amazon will cater to Android enthusiasts.
If Alphabet/Google is serious about reining in potential abuses look for further adjustments in the successor to Android 8.
Can you on XDA Dev put an parallel market on the XDA Labs with PayPal account with less taxes (good for all) to maintaining and update webpage to conventional user going fu*k up the Google to the apps then will not survive on the Google rules on the market?
Put and good design market to the conventional use on XDA please.
Sent from my Asus ZenFone 3 Deluxe using XDA Labs
---------- Post added at 05:31 PM ---------- Previous post was at 05:20 PM ----------
If you on XDA Labs put a inner market in the app with an Market safe with PayPal the developers can update the Apps on the Market with no acessibility but make an link to be updated on the XDA Labs with a plugin or a new full version, we can free more people with xposed solutions to defeat Google Policy
Sent from my Asus ZenFone 3 Deluxe using XDA Labs
---------- Post added at 05:37 PM ---------- Previous post was at 05:31 PM ----------
Dev can update your apps and redirect to the external link in XDA Labs without violated google policy.
Sent from my Asus ZenFone 3 Deluxe using XDA Labs
---------- Post added at 05:50 PM ---------- Previous post was at 05:37 PM ----------
XDA Labs have power with an safe and free market scanning and checking malicious new apps to be so respected and Xposed so popular then I believed on the futere ASUS and Samsung make the ZenFone Deluxes and Galaxy S with Xposed on stock on the most expansive "and free" devices, absolutely. Please think renew the XDA webpage and XDA Labs to defeat the enemies of the freedom on coding.
Sent from my Asus ZenFone 3 Deluxe using XDA Labs
---------- Post added at 05:58 PM ---------- Previous post was at 05:50 PM ----------
Its time of the XDA webpage be more like Facebook on design and XDA Labs more like market on the safe and design to receive more redirected links to update and pay by apps on the XDA Labs with PayPal an Google Account if I like. Well if that happen we really will see if Google support free coding on open source.
Sent from my Asus ZenFone 3 Deluxe using XDA Labs
Interesting/digestible read; nothing new if you have been keeping up with the news on this topic.
https://www.howtogeek.com/333365/android-apps-using-accessibility-services-could-disappear/
I use restricted user profiles on the S3 to only allow my children to only access a restricted list of apps I download from the Play Store. It seems that any NEW apps that I download from the play store after the Oreo update do not show up in the list of apps (Settings > Cloud and accounts > Users, select a restricted user).
I did a factory reset this morning, and still no luck. Now only stock apps show up.
I chatted with Samsung this morning, and they want me to take it to the local walk-in Samsung clinic to have it looked at. This seems like a software issue - not a hardware issue. Perhaps Oreo changes the way this feature works - and it is an android issue not a Samsung one?
As a troubleshooting step, would any of you be willing to setup a restricted account on your S3, download a few play store apps and see if they show up to be able to enabled for the restricted account? No matter what I do, only the stock apps show up. It would be helpful to know if others have the problem as well.
I'm having the same problem, we're you able to find a solution? Only happened after the oreo update.
Nigle said:
I'm having the same problem, we're you able to find a solution? Only happened after the oreo update.
Click to expand...
Click to collapse
Thank you for reporting your experience with this to this thread. No solution as of yet. Now that I know someone else is having the same issue, I will try Samsung support again and let them know it is a problem with Oreo for all users - not just my tablet. Unfortunately, I'm guessing the best we can hope for is that it gets Samsung's attention to be included in the next update - which will likely be some time from now.
Update: I installed the Smart Tutor app from the Play Store which allowed a Samsung Support rep to see the issue. They agreed that it was not working as it should and opened issue ticket #2194272620. Hopefully this ticket will allow the issue to be noticed and fixed in a future update.
bthurber said:
Thank you for reporting your experience with this to this thread. No solution as of yet. Now that I know someone else is having the same issue, I will try Samsung support again and let them know it is a problem with Oreo for all users - not just my tablet. Unfortunately, I'm guessing the best we can hope for is that it gets Samsung's attention to be included in the next update - which will likely be some time from now.
Update: I installed the Smart Tutor app from the Play Store which allowed a Samsung Support rep to see the issue. They agreed that it was not working as it should and opened issue ticket #2194272620. Hopefully this ticket will allow the issue to be noticed and fixed in a future update.
Click to expand...
Click to collapse
Thanks for the quick follow up! It's good that they finally acknowledged the issue at least.
Stumbled upon pretty much the same issue when I wanted to create a new restricted user account.
Before the update to Oreo; I had already a restricted account. That one has still the possibility to change the 'run' permission for apps. Not sure if it also works for new installed - I haven't tested that.
de_perre said:
I had already a restricted account. That one has still the possibility to change the 'run' permission for apps. Not sure if it also works for new installed - I haven't tested that.
Click to expand...
Click to collapse
My experience was that new installed apps would not show up for the existing restricted accounts.
It will be interesting to see if the Tab S4 has this same problem
Hi all together!
Same problem here! This is a mandatory feature for me to share the tablet with my kids. Seems that the oreo update ****ed it up.
The bored Samsung support guy asked me to do a factory reset, and now, after 3 hours of configuration it still doesn't work.
Grrr !!! before the factory reset I had at least these apps working in the restricted profile I configured under android 7.
And ideas? Any update from Samsung ticket you opened?
Regards from cologne, Germany
Sui
No new ideas. I am USA but I noticed the korea build was a bit newer so I tried installing that. That didn't help but was interesting.
My understanding from the Samsung rep was that others could call and give the ticket number to get status and add a
"Me too" to it and that may help it get more attention
Having same issue on my Galaxy Tab S3 after Android 8.0.0 install. Did factor reset and still not working. Contacted Samsung using a Samsung Community of "Restricted Profile - New Apps not listed in App and Content Access Menu" and after Samsung suggesting a factory reset, which did not fix problem, they private messaged me to contact Google. I am struggling as there appears to be no way to contact Google for a response other than the mounds of help websites that do not acknowledge or provide fixes. As a parent who is trying to restrict my children's use of tablet to choke off internet and inappropriate items, I am at a loss for now and my kids are whining that they cannot play on any new apps without bugging me to let them use my signon; totally unacceptable.,
Same problem (Samsung Galaxy Tab A6, android oreo 8.1). Completely ruins my restricted account setup for the kids. They're not happy and neither am I!
Solution
"Same problem (Samsung Galaxy Tab A6, android oreo 8.1). Completely ruins my restricted account setup for the kids. They're not happy and neither am I!"
Give restricted account permission to use chrome and search for the app you require as an apk. Then install from that.
99% of apps can be found as an apk so it works as a solution until android gets there acts together and sorts it out.
Same here. I just upgraded my Galaxy Tab 10 A6 T580 to Oreo 8.1.
My kids keep asking when they can get the tablet back...
Same problem here after the Oreo update.
Old restricted accounts still have their previously enabled apps, new restricted accounts only get standard Google/Samsung apps.
New apps installed under Oreo from the Play Store do not show up in the app restrictions list.
Somehow, as restricted users also cannot use the Play Store directly, how are they supposed to get any app other than the standard ones?
This is a bug, not a feature.
If it should prevail, I will dump my Android devices and get Apple iOS phones/tablets for the rest of the family.
Same problem here too. I installed few apps after i upgraded my Galaxy Tab 10 A6 T580 to Oreo 8.1. They are not shown..so even resetted the device. Now all is gone on the redtricted users...
My kids also want to get the tablet back...
If anyone has a solution...pls let me know how!
I talked to the Samsung Germany support on Thursday. They know about and acknowledged the problem, however, there is no cure. The technician I talked to hypothesized about the upcoming Android P (roll-out to Samsung devices is planned for 2019) may fix the issue.
The point is, restricted users may also not use the Play Store to install new apps, so in effect, there is ABSOLUTELY NO WAY to get any apps except the standard stock apps into a restricted user's account. That does not make any sense at all.
Unless this is really intended (making the restricted account option useless), this looks like a gross oversight in QA on behalf of Samsung.
I'll see how this develops. My immediate solution is to use MobileFence to restrict my kids' accounts on mobiles and tablets (working with normal user accounts).
--j.
Scott_B1 said:
Having same issue on my Galaxy Tab S3 after Android 8.0.0 install. Did factor reset and still not working. Contacted Samsung using a Samsung Community of "Restricted Profile - New Apps not listed in App and Content Access Menu" and after Samsung suggesting a factory reset, which did not fix problem, they private messaged me to contact Google. I am struggling as there appears to be no way to contact Google for a response other than the mounds of help websites that do not acknowledge or provide fixes. As a parent who is trying to restrict my children's use of tablet to choke off internet and inappropriate items, I am at a loss for now and my kids are whining that they cannot play on any new apps without bugging me to let them use my signon; totally unacceptable.,
Click to expand...
Click to collapse
Same problem, Galaxy Tab A 10.5 (2018), Android 8.1.0 - massively frustrating!
Same problem here - is there any point in contacting Samsung to log this?
Any work around anyone can recommend? We use the tablets for a lot of lessons and set reading and the kids can't even access Kindle on it any more. I saw someone recommended Mobile Fence already, thanks.
It's causing major family tension because of how it's affecting Minecraft too. Huge frustrations.
Same here. I wonder why restricted user feature persists, it is useless now. A can assign only application installed before upgrade to Android 7.x, now on 8.1 and still no new app for assigning to restricted user.
Samsung Tab A6 (2016).
Same problem, subscribing to thread just to be able to see if there is any resolution.