Hackers have found a way to bypass Android’s “Restricted Settings” and install malware on a victim’s devices.
Restricted Settings is a security feature first introduced in Android 13 that prevents apps downloaded from non-vetted sources (i.e. places other than the Google Play Store, or sideloaded apps) from accessing key Android settings, such as Accessibility, or Notification Listener.
Apps that are granted Accessibility features can perform additional actions on the device such as installing other apps, grabbing text and other data, recording audio and video, and more. Almost all malicious apps require Accessibility options to be enabled, which is one of the best red flags possible. Notification Listener does exactly what it sounds like it’s doing, and hackers can use it to steal multi-factor authentication codes, especially those coming in via SMS.