Android 15 might have an enormous emphasis on safety from the seems to be of issues. Not solely has Google added a bunch of security-conscious instruments to the primary Android 15 developer preview. Now it seems to be as if Google may additionally be including higher safety for two-factor authentication codes as properly.
In accordance with well-known Android sleuth Mishaal Rahman, over at Android Authority, the Android 14 QPR3 beta 1 accommodates a brand new permission referred to as RECEIVE_SENSITIVE_NOTIFICATIONS. Apparently this permission has a position|signature safety degree which implies it might probably solely be granted to apps with both the requisite position or which have been signed by an OEM.
Rahman believes that this permission might be solely meant for Google apps, reasonably than third events, and appears to be a technique to cease untrusted apps from seeing delicate notifications. That features one time passcodes (OTP) and different two-factor authentication codes that you could be be despatched.
This seems to be backed up by two new additions. The primary is an API referred to as NotificationListenerService that ought to enable apps to learn or take motion on all of your notifications — however provided that they’ve been granted that permission within the settings.
There’s additionally a model new flag referred to as OTP_REDACTION that forestalls codes from showing on the lock display screen. So in each circumstances it seems to be like Android will probably be defending your 2FA codes from untrustworthy apps that could be snooping by your notifications, and prying eyes which may see codes in your lockscreen.
Since these flags haven’t been carried out in Android simply but, Android 15 is the almost certainly place for Google to activate these extra flags and permissions. Which could possibly be a significant hidden good thing about the software program.
Two-factor authentication is an extremely necessary approach of serving to maintain your accounts safe. As a result of even when somebody manages to guess your login particulars, the percentages of them additionally having that secondary verification code are extremely slim.
That stated, 2FA isn’t excellent and there are safety flaws {that a} savvy hacker might attempt to exploit — particularly if codes are despatched by way of SMS, which is infamous for being unencrypted and completely insecure.
Whether or not these messages are intercepted en route, seen over your shoulder, or spied on by a malicious app, as soon as a hacker has that code they’ve basically received free reign of the account in query. So something Google can do to enhance the safety of these codes once they arrive is greater than welcome.
It gained’t make the method fully foolproof, which is why it is best to keep away from SMS and notification-based 2FA wherever potential. Your safety goes to be a lot better in case you use codes from an authenticator app, or make the most of a bodily safety key.
We don’t know precisely when Android 15 will launch to the general public, however in line with Google, the primary beta model ought to be arriving within the Spring. Till then you’ll want to maintain tabs on our official Android 15 hub for all the most recent information and rumors.