Android 15 may shield your sensitive login codes

1comment
Android 15 may shield your sensitive login codes
Keeping your online accounts safe is a constant battle, which is why using passkeys or two-factor authentication (2FA) is becoming essential. Two-factor authentication codes add an extra layer of security, helping prevent hackers from getting into your accounts, however some of the methods currently use to send these codes are not the safest. This may in fact be changing with Android 15, though, as new lines found in the source code suggest.

One common form of 2FA sends a one-time password (OTP) code to you via text or email. While easy to use, these methods carry an inherent risk – the text or email containing the code could be intercepted by a malicious party. However, as found by Android expert Mishaal Rahman (via Android Authority), a recent deep dive of the Android 14 QPR3 Beta 1 code, shows evidence of a new security feature in development that aims to protect your sensitive login codes.

How is Google planning to protect your login codes?

Google appears to be adding a new permission called "RECEIVE_SENSITIVE_NOTIFICATIONS". This would likely be very restricted, making it available only to certain system apps on your phone. The feature likely would work in tandem with Android's "NotificationListenerService" API, the system that lets apps read and interact with your notifications. This API isn't automatically active and you generally need to activate it manually in your settings.

Current notification access settings on Android 14 | Source: Android Authority

Code snippets also indicate that Android 15 could have a feature called "OTP_REDACTION", which may hide 2FA codes directly on your lock screen. Android's NotificationListenerService can be very powerful, making it a potentially valuable tool for malicious apps to gain access to sensitive data.

This new feature aims to block untrusted apps from reading notifications that contain sensitive data, like your OTP codes for logging into social media, banking, etc. Essentially, Android could give you more control over what information different apps can and can't see.

Recommended Stories
These additions, when put together, indicate that Google is working to improve security significantly. One could arrive at the conclusion, based on these new findings, that the intended functionality is to hide these login codes from prying eyes — or prying apps if you will — so that only those that are trusted can gain access to them.

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless