What you want to know
- Android 15 might improve privateness and safety by stopping OTP interception by third-party apps.
- Code discovered inside Android 14 QPR Beta 1 accommodates a “obtain delicate notifications” permission, which might block many apps from studying these messages.
- Stopping malicious apps from accessing these messages would assist to forestall accounts from being hijacked.
With the elevated risk of getting accounts hacked, two-factor authentication (2FA) performs a invaluable function in making it more durable for others to steal your info or entry your accounts. One type of 2FA is one-time passwords (OTPs), which ship a verification code to you through e mail or textual content.
Whereas OTP is useful in that it’s faster and simpler than utilizing an authenticator app, it’s additionally the least safe of the 2FA strategies obtainable. It is because many apps request entry to your notifications, permitting them to doubtlessly intercept any of these delicate OTP messages you’re receiving. Google could also be set to handle this safety threat in Android 15, in keeping with a report in Android Authority.
Android knowledgeable Mishaal Rahman found a brand new permission within the Android 14 QPR Beta 1 replace named “RECEIVE_SENSITIVE_NOTIFICATIONS”. Rahman notes that this permission has what’s referred to as a “safety stage of function|signature” – in different phrases, solely chosen OEM-signed or specified apps can entry these notifications.
Rahman goes on to take a position that third-party apps might be denied entry to this permission, which is able to doubtlessly be restricted to pick system apps. The permission itself is tied to a brand new platform function at present in growth, designed to forestall untrusted apps from accessing delicate notifications. Particularly, this might apply to these apps that implement a notification listening service that enables apps to learn or take motion on all notifications.
At this stage, Google has not confirmed whether or not OTP and 2FA codes are precisely what’s being referred to on this beta code. However Rahman has additionally noticed an “OTP_REDACTION” flag within the Android 14 supply code, which might redact OTP notifications on the lock display. Rahman notes that this flag isn’t being utilized in Android 14, and so logically, expects this to be applied in Android 15.
As we highlighted above, apps with notification entry are at present in a position to intercept any OTP messages a person receives, presenting an apparent safety threat if a person has any malicious apps on their cellphone. This new function, if applied, may symbolize a significant step ahead in decreasing one of these safety risk.
The primary Android 15 developer preview dropped only a few days in the past, with privateness and security measures highlighted as main areas of focus by Google. Android 15 is predicted to be publicly unveiled later this 12 months at Google I/O 2024.