Google’s Android 17 Beta 2 introduces a platform-level control under Advanced Protection Mode that restricts accessibility API access exclusively to declared accessibility tools, automatically revoking permissions from non-qualifying apps when the mode is active. This directly closes an attack surface that banking trojans such as Anatsa and the Cerberus lineage have exploited for years to conduct overlay attacks, keylogging, and credential theft on Android devices. The change signals a broader industry shift toward OS-enforced least-privilege controls, and organizations managing Android fleets or handling mobile banking and sensitive data should begin assessing how this control fits into their mobile security posture.