Web Shield with Accessibility: Permissions

[PPPPPPPPP]

Hello

I previously purchased a mobile phone with Android to use for just phone calls and messages. To that end I did not install Anti Virus software but I did encrypt the phone.

Now as I want to browse the web on it I have attempted to install Avast from the google play store. The website within the app description matched up to avast.com. It has been downloaded 100+ million times and been reviewed by 5 million...so I think I have installed the right one

However when scanning my phone Avast has stated that the Accessibilty settings need to be changed for "Avast Web Shield with Accessibility" to work. This matches up to the documentation I found online.

However none of the documentation notes that Avast then warns stating that the change will prevent data encryption by the screen lock function and do I want to continue. It also does not point out that if I do continue Avast then asks for my encryption password I assume to deal with the encryption already in place.

Is this really the case? If so why?

Thanks
P

[PPPPPPPPP]

Hello

While waiting for a reply I did more searching in the forum.

These forum topics:
https://forum.avast.com/index.php?topic=223402.msg1484371#msg1484371
https://forum.avast.com/index.php?topic=193829.msg1352349#msg1352349

Seem to suggest that the first part of my question (should my phone warn me that turning on Web Shield with Accessibilty will prevent data encryption by the screen lock feature) is that "yes it should" as for others once Avast Mobile Security is on they are instead warned "Because you've turned on an accessibility service, your device won't use your screen lock to enhance data encryption."

Again it would be nice for someone to confirm this and maybe update the documentation because for me there was not enough information. Prehaps it is not the Web Shield with Accessibilty that leads to the warning but the Anti Theft and its just not very clear?

And secondanly even looking on the forum (granted might be looking for the wrong thing) there was still nothing on Avast needing the encyption password to proceed and not really much information in the prompt on my phone.

Can someone confirm that this is expected behaviour because to be honest I am not currently comfortable in using my phone until I know what is going on.

Any details needed. Let me know

Thanks

P

[Tereza V.]

Hi, thanks for reporting this issue. We have created a task in our to-do system and will have a look at it asap.
Unfortunately we cannot provide any information about it yet as we need to investigate it by ourselves and understand what is going on.
Thanks for understanding.

[PPPPPPPPP]

OK, Thanks for getting back to me, I will wait to hear more, if you need any more details please let me know.

P

[Tereza V.]

Hi, I am back with an explanation.
The problem lies in Android.
If you enable encryption, your PIN is used as a part of the encryption key.
However, if you grant the accessibility permission to some app, the app acquires the right to read your screen, including the PIN. Therefore the Android (cleverly) excludes your PIN from the encryption key, so that noone can get to it and abuse it to decode your information.
Your data keeps being encrypted, just the PIN is not a part of the key anymore.

[PPPPPPPPP]

So the reason I now don't have to enter my PIN on boot up now is because Android (now an app has accessibilty permissions) has excluded the PIN from the encyption?

And the reason Avast asked for the PIN was because it needed it to be able to read the screen?

[Tereza V.]

As far as I know, when turning on the accessibility, Avast doesn't ask for PIN. It sounds more like the OS. If you want us to reproduce the problem to find out more, we need to know the type of your device, OS version, exact procedure of what you did to make the previously described behaviour happen (path and what exactly you enabled). Without these specific details we can only give you general answers. 

Most probably it was the OS that asked you for your PIN code when turning on the accessibility feature (you were changing the level of security, it is logical that some kind of authorization is required).