Android 15 will shield your login codes against threats

Hotstar in UAE
Hotstar in UAE

We got the first Android 15 Developer Preview last week. Yesterday, we reported that the next software version could pack a solution for annoying repetitive notifications. Now, a new feature on the forthcoming OS has been unearthed by Mishaal Rahman (via Android Authority). Android 15 could come with an additional measure to protect sensitive information from scammers.

Android 15 to protect your login codes from scammers

Almost all platforms and online accounts offer a two-factor authentication code (2FA). It adds an extra layer of security preventing user’s accounts from getting hacked. This method sends a one-time password (OTP) code to the user via text or email. It is easier to use but also less secure. Hence the codes can be intercepted by a malicious third party.

Rahman was digging through the Android 14 QPR3 Beta 1 update and found a new security feature that could possibly protect the login codes. For this, Google seems to be adding a new permission called RECIEVE_SENSITIVE_NOTIFICATIONS. It has a protection level of role|signature. This indicates that it will be restricted only to applications with the requisite role or to applications that the OEM signs. Rahman claims that this permission will work with a feature that will redact sensitive notifications from untrusted apps that implement NotificationsListenerService. This API allows apps to read or take actions on all notifications. It can only be enabled manually in the device’s settings.

Android Notification setting

Both the new permission and API are said to be powerful. Hence Google won’t let third-party apps access it. It remains to be seen what apps are considered untrusted and what notifications are deemed sensitive as per Google.

There’s also another feature to bolster security against scamsters

Rahman also unearthed a new feature called OTP_REDACTION in the source code of Android 14. This will hide OTP notifications on the lock screen. Meanwhile, the RECEIVE_SENSITIVE_PERMISSION will stop untrusted apps from reading notifications that contain 2FA codes.

With both these features Google could significantly improve the security of Android devices. A lot of apps including banking, social media, and more require sensitive data like OTP messages for logging in. Getting scammed is a rampant practice, especially with OTP messages. Things often get messy quickly after one wrong move.

2024-02-20 15:05:23