Faced with malware that displayed no additional functionality nor suspicious permissions on top of Accessibility Services, all known security mechanisms failed to trigger any alarm. As a result, DEFENSOR ID made it onto the Google Play store, stayed there for a few months and was never detected by any security vendor participating in the VirusTotal program.