Accessibility service abuse is the misuse of Android’s accessibility features, which are designed to help users interact with apps through screen reading, UI navigation, and gesture automation. A legitimate accessibility service can inspect interface elements, detect what is on screen, and perform actions on behalf of the user.
Attackers abuse these capabilities because they can turn a helpful feature into a spying or control tool. Malicious apps may read text from login screens, monitor when a banking app is opened, click buttons, approve prompts, or guide victims into entering credentials into fake overlays. This makes accessibility abuse valuable in banking trojans and credential-stealing malware, especially when combined with phishing or overlay attacks. Defenders treat accessibility permissions as high risk: users should only grant them to trusted apps, and security tools can flag suspicious services that request broad UI visibility or automation without a clear purpose.



