Is Twilight’s Accessibility service a thread to my privacy?

Posted on

Twilight now allows to cover the whole screen with the filter applied to the lock screen, keyboard or even notifications and the status bar. But this comes with the necessity to allow Twilight’s accessibility service in Phone Settings > Accessibility.

Doing so will result in the following scary dialog (see below). Android warns you about Twilight being able to read your screen or tracking your app interactions etc..

In fact this is a generic dialog which Android will show whenever you enable any accessibility service regardless of whether is actually can do these things or not.

In fact Twilight accessibility service is just a dummy accessibility service doing nothing and thus having no privacy impact. The only reason the app needs to have the an accessibility service enabled is, this gives it access to your entire screen to draw on.

But Twilight explicitly states in the service config file that it won’t have any access to your screen content and in fact it does not even process any of the accessibility service events..

If you would unpack the Twiligh’s APK file, under /res/serviceconfig.xml you would find the following service setup.

<?xml version="1.0" encoding="utf-8"?>
<accessibility-service xmlns:android="http://schemas.android.com/apk/res/android"
    android:summary="@string/accessibility_service_allow_summary"
    android:description="@string/accessibility_service_allow_summary"
    android:accessibilityEventTypes=""
    android:settingsActivity="com.urbandroid.lux.MainActivity"
    android:accessibilityFeedbackType="feedbackGeneric"
    android:notificationTimeout="1000"
    android:canRetrieveWindowContent="false"
    android:packageNames="com.urbandroid.lux"
    android:canRequestTouchExplorationMode="false"
    android:canRequestFingerprintGestures="false"
    android:canRequestEnhancedWebAccessibility="false"
    android:canRequestFilterKeyEvents="false"
    android:canControlMagnification="false"
    android:canPerformGestures="false"
    />

Everything which can be turned off is turned off not just for privacy, but also to make sure there are absolutely none performance implication.

The relevant config lines highlighted above in bold text show the app has no access to your window content and does not listen to any events.

If you have any further questions, please contact support@urbandroid.org.

Leave a Reply

Your email address will not be published. Required fields are marked *