Accessibility services are invaluable to many users with disabilities or other impediments that prevent them from fully interacting with their electronic devices. Such, accessibility services may assist users by audibly reading displayed content (e.g., emails, web pages, selectable objects, etc.) to users, transcribing audible user input into text, and executing various actions in response to audible user commands. In order to interact with devices, such accessibility services must have access to content displayed on a screen. Additionally, accessibility services must be able to execute various actions on devices on behalf of the user without the user providing user input through conventional techniques (e.g., interactive screen input, keyboard input, mouse input, etc.).
Unfortunately, because accessibility services often operate in the background, devices using such accessibility services may be vulnerable to malicious attacks that exploit the accessibility services to make unauthorized changes to the devices without a user's knowledge or consent. For example, a user may unknowingly grant broad permissions to a malicious application enabling the malicious application to make unauthorized changes to a user computing device. An accessibility service running on a device may be exploited to automatically install malicious applications on a device, to grant dangerous device permissions to malicious applications, or to disable security applications on a device without a user's knowledge. Additionally, applications that are not necessarily malicious may utilize accessibility services to make changes on user devices that negatively impact the performance or functionality of the devices. The instant disclosure, therefore, identifies and addresses a need for systems and methods for preventing unauthorized access to computing devices implementing computer accessibility services.