Keeping your online accounts safe is a constant battle, which is why using passkeys or two-factor authentication (2FA) is becoming essential. Two-factor authentication codes add an extra layer of security, helping prevent hackers from getting into your accounts, however some of the methods currently use to send these codes are not the safest. This may in fact be changing with Android 15, though, as new lines found in the source code suggest.
One common form of 2FA sends a one-time password (OTP) code to you via text or email. While easy to use, these methods carry an inherent risk – the text or email containing the code could be intercepted by a malicious party. However, as found by Android expert Mishaal Rahman (via Android Authority), a recent deep dive of the Android 14 QPR3 Beta 1 code, shows evidence of a new security feature in development that aims to protect your sensitive login codes.
How is Google planning to protect your login codes?
Google appears to be adding a new permission called "RECEIVE_SENSITIVE_NOTIFICATIONS". This would likely be very restricted, making it available only to certain system apps on your phone. The feature likely would work in tandem with Android's "NotificationListenerService" API, the system that lets apps read and interact with your notifications. This API isn't automatically active and you generally need to activate it manually in your settings.
Current notification access settings on Android 14 | Source: Android Authority
Code snippets also indicate that Android 15 could have a feature called "OTP_REDACTION", which may hide 2FA codes directly on your lock screen. Android's NotificationListenerService can be very powerful, making it a potentially valuable tool for malicious apps to gain access to sensitive data.
This new feature aims to block untrusted apps from reading notifications that contain sensitive data, like your OTP codes for logging into social media, banking, etc. Essentially, Android could give you more control over what information different apps can and can't see.
These additions, when put together, indicate that Google is working to improve security significantly. One could arrive at the conclusion, based on these new findings, that the intended functionality is to hide these login codes from prying eyes — or prying apps if you will — so that only those that are trusted can gain access to them.
Create a free account and join our vibrant community
Register to enjoy the full PhoneArena experience. Here’s what you get with your PhoneArena account:
Johanna 'Jojo the Techie' is a skilled mobile technology expert with over 15 years of hands-on experience, specializing in the Google ecosystem and Pixel devices. Known for her user-friendly approach, she leverages her vast tech support background to provide accessible and insightful coverage on latest technology trends. As a recognized thought leader and official member of #TeamPixel, Johanna ensures she stays at the forefront of Google services and products, making her a reliable source for all things Pixel and ChromeOS.
Recommended Stories
Loading Comments...
COMMENT
All comments need to comply with our
Community Guidelines
Phonearena comments rules
A discussion is a place, where people can voice their opinion, no matter if it
is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some
random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Off-topic talk - you must stick to the subject of discussion
Offensive, hate speech - if you want to say something, say it politely
Spam/Advertisements - these posts are deleted
Multiple accounts - one person can have only one account
Impersonations and offensive nicknames - these accounts get banned
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a
post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please,
contact us.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: