Researchers at Georgia Tech have developed an innovative cloud-powered tool called DVa, aimed at detecting and helping users eliminate malware that exploits smartphone accessibility features.
Originally designed to assist individuals with disabilities, accessibility services—such as screen readers and voice commands—have significantly improved smartphone usability for users with visual, auditory, or motor challenges. Unfortunately, these same features are increasingly being manipulated by malicious software to carry out unauthorized actions.
Malware abusing accessibility permissions can secretly perform operations like clicking buttons, accessing private data, or approving financial transactions—often without the user’s knowledge. In more severe cases, it can even block users from uninstalling the infected app, leading to persistent infections and posing serious risks to banking apps and cryptocurrency wallets.
“These attacks can happen silently and quickly,” explained Brendan Saltaformaggio, an associate professor at Georgia Tech’s School of Cybersecurity and Privacy. He stressed the importance of involving security experts in the design of accessibility systems to prevent misuse.
DVa operates by conducting a comprehensive cloud-based analysis of the user’s device, identifying malware that leverages accessibility services. It produces a detailed report highlighting infected apps, instructions for safe removal, and a list of legitimate applications that may be impacted. The report also includes contact details for affected companies so users can seek further support.
Additionally, DVa automatically sends its findings to Google to help flag and potentially remove dangerous apps from the Play Store.
The research team, in collaboration with cybersecurity firm Netskope, tested the system using malware samples installed on five Google Pixel phones. The tests revealed how accessibility-focused malware can subtly compromise system integrity.
While DVa marks a critical step forward in combating this growing cybersecurity issue, researchers are also mindful of the need to preserve the core purpose of accessibility tools.
“It’s not just about removing the malware,” said Saltaformaggio, “it’s about making sure we don’t erode the accessibility these features are meant to provide.”
