Google’s Android 15 Aims to Enhance Security with Advanced Two-Factor Authentication Protection

Google has unveiled the first Developer Preview of Android 15, emphasizing a significant focus on security enhancements. The upcoming operating system aims to introduce novel features to safeguard user data, with a particular emphasis on securing notifications related to two-factor authentication (2FA).

According to a report by Android Authority’s Mishaal Rahman, Android 15 will address potential security gaps left by its predecessors, especially concerning 2FA notifications. Currently, many 2FA methods rely on SMS to transmit one-time passwords (OTPs). However, the risk of malicious third-party apps accessing and misusing these notifications poses a threat to user data and banking apps.

To mitigate this risk, Google is reportedly introducing a new permission in Android 15 called RECEIVE_SENSITIVE_NOTIFICATIONS. This permission has a higher protection level and can only be granted to apps verified by Google, adding an extra layer of security. While the exact functionality of this permission is not explicitly detailed, the report suggests it is likely designed to handle a specialized category of notifications, particularly those related to 2FA.

The report points to a string of code related to an under-development platform feature named NotificationListenerService. This API allows apps to read or take action on notifications. While many apps request access to notifications for various purposes, Android 15 may require users to manually grant permission in Settings before such apps can access sensitive notification content, especially for 2FA-related alerts.

Additionally, a new flag named OTP_REDACTION has been identified in the code. This flag, when active, redacts OTP notifications on the lock screen of the smartphone. Although not currently utilized by Google, the report suggests that Android 15 may activate this flag, further securing OTP notifications from third-party apps.

These developments collectively indicate Google’s commitment to enhancing security measures, particularly concerning sensitive information related to financial transactions and other critical applications. As Android 15 progresses through development, users can anticipate a more robust security framework, addressing potential vulnerabilities associated with 2FA notifications.