Android 15 remains to be beneath growth, however on Friday, February 16, Google launched the primary Developer Preview of the upcoming working system. The tech large mentioned that the brand new Android software program will largely concentrate on safety, and a brand new report claims to have discovered three new methods it’ll make your smartphone and your delicate knowledge safer. In line with it, Android 15 will have the ability to higher defend the notifications that come up from two-factor authentications (2FA) so {that a} malicious app or malware can not entry it to steal person knowledge.
In line with a report by Android Authority’s Mishaal Rahman, Android 15 can be implementing new methods to cowl the gaps left behind by its predecessors. At present, most two-factor authentication strategies for social media profiles, emails, and banking apps use SMS to ship a one-time password (OTP). Nevertheless, there’s a danger if a malicious third-party app can learn this notification and use it to hack into delicate knowledge or get into your banking apps and steal cash.
To scale back the danger, Google has already begun inserting strings of codes within the present version of the OS. The report discovered a line of code within the Android 14 QPR3 Beta 1 replace that mentions a brand new permission named RECEIVE_SENSITIVE_NOTIFICATIONS. This permission comes with the next safety degree and might solely be given to apps that Google personally verifies. The precise function of this permission is just not identified however given its naming, it seems to take care of a particular class of notifications that won’t be accessible for third-party apps to learn.
The report highlights that it’s seemingly aimed toward 2FA-related notifications. The idea comes from a separate string of code discovered by Rahman, which factors to an under-development platform function, to which the permission is tied. The function is called NotificationListenerService and it’s an API that lets apps learn or take motion on notifications. A common use case could be what number of apps ask for entry to notifications to auto-fill OTP when creating a brand new account. Nevertheless, as soon as this API turns into energetic (it is not within the Android 14 construct), it will get harder.
This API would require the person to enter Settings after which manually grant permission to apps earlier than they are often turned energetic, the report highlights. Such stringent measures are seemingly for two-factor authentication. Nevertheless, even within the second case, it can’t be mentioned for positive.
Rahman discovered a 3rd trace that seemingly ties all of the developments collectively. A brand new flag was seen within the codes labelled OTP_REDACTION. It redacts OTP notifications on the lock display screen of the smartphone. Google at present doesn’t use this flag, however the report suggests it may be made energetic with Android 15. All three separate developments level in direction of defending OTP notifications from third-party apps, which makes it seemingly that the tech large will use these to guard monetary and different vital apps that will include delicate info.