• GeneralSolved
  • FR: toggle flashlight with long press powerbutton with display off

  • [deleted]

Dumdum yes, that is possible but not a fact. The fact is that we a being recommended to eat a diet that makes us all sick so that Big Pharma can benefit from management of our health issues instead of addressing the root cause. Anyway, the thread is marked solved. No further input necessary.

tjk What if I am 100% confident that the app is not malicious?

There is no 100%.
App developers could turn malicious or their machines could be exploited. Could also sell or pass the app to a new malicious developer. Same things could happen with the developers of any libraries the app uses. Theres numerous recorded cases of these things happening with all kinds of software.

Whoever builds the version of the app you use could be malicious or compromised.

As a final possibility the app on your device could be exploited.

An app granted accessibility services has more control of the device than the user. It is much more dangerous than granting an app all the standard permissions as it can block the user from doing things, operate the device, use apps and display whatever it likes on the screen to hide what is really happening.

tjk Why not provide some sort of way to achieve this sort of functionality securely?

By the nature of the privileges required to perform the accessibility tasks there is no way to easily make a more secure implementation.

Unless you need genuine accessibility aids its not hard to avoid using apps, or the functionality within apps, which require it being granted the ability to act as an accessibility service. That is the way to address this security concern.

    Carlos-Anso

    Carlos-Anso There is no 100%.
    App developers could turn malicious or their machines could be exploited

    True but that could be said of any software in existence including GOS. Thats why I mention a "chain of trust" in my suggestion of GOS providing an app like this in their store. In that scenario, the only way that app would be untrustworthy is if GOS got compromised, in which case we would have bigger problems than an app just exploiting the accessibility settings lol.

    I understand your point about the accessibility settings better now though, and your points make a lot of sense, thanks for the info.

    Maybe providing an app for this wouldnt be advisable because it could give certain users the idea that they could trust different apps from other developers that request accessibility permissions, but there seems to be quite a few users (including myself previously) who use these permissions without being aware of the security issues with them. I know this doesnt rise to the level of being an urgent issue, but in my opinion it seems that something should be done about it one way or another. Maybe some sort of accessibility scopes feature (like the other scoped permissions) where the end user could have finer control over which accessibility features an app is actually allowed to use. Im sure that would be a lot more difficult that the other permission scope-ing features so far, but im interested to hear if that is at all viable. Thanks!

    17 days later

    I'd say, it's a security concern, if you first have to illuminate and blind yourself and focus on your phone before you can illuminate and blind whatever's around you and focus on that.