Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Android Central
Android Central
Technology
Steven Shaw

Android 15 set to add extra protection to OTP notifications

The bright display on the Google Pixel 8 Pro.

What you need to know

  • Android 15 may enhance privacy and security by preventing OTP interception by third-party apps.
  • Code found within Android 14 QPR Beta 1 contains a “receive sensitive notifications” permission, which would block many apps from reading those messages.
  • Stopping malicious apps from accessing these messages would help to prevent accounts from being hijacked.

With the increased threat of having accounts hacked, two-factor authentication (2FA) plays a valuable role in making it harder for others to steal your information or access your accounts. One form of 2FA is one-time passwords (OTPs), which send a verification code to you via email or text. 

While OTP is beneficial in that it is quicker and easier than using an authenticator app, it’s also the least secure of the 2FA methods available. This is because many apps request access to your notifications, allowing them to potentially intercept any of those sensitive OTP messages you’re receiving. Google may be set to address this security risk in Android 15, according to a report in Android Authority.  

Android expert Mishaal Rahman discovered a new permission in the Android 14 QPR Beta 1 update named “RECEIVE_SENSITIVE_NOTIFICATIONS”. Rahman notes that this permission has what’s called a “protection level of role|signature” – in other words, only selected OEM-signed or specified apps can access those notifications.

Rahman goes on to speculate that third-party apps will be denied access to this permission, which will potentially be limited to select system apps. The permission itself is tied to a new platform feature currently in development, designed to prevent untrusted apps from accessing sensitive notifications. Specifically, this could apply to those apps that implement a notification listening service that allows apps to read or take action on all notifications.

(Image credit: Android Developers Blog)

At this stage, Google has not confirmed whether OTP and 2FA codes are exactly what is being referred to in this beta code. But Rahman has also spotted an “OTP_REDACTION” flag in the Android 14 source code, which would redact OTP notifications on the lock screen. Rahman notes that this flag isn’t being used in Android 14, and so logically, expects this to be implemented in Android 15.

As we highlighted above, apps with notification access are currently able to intercept any OTP messages a user receives, presenting an obvious security risk if a user has any malicious apps on their phone. This new feature, if implemented, could represent a major step forward in reducing this type of security threat.

The first Android 15 developer preview dropped just a few days ago, with privacy and security features highlighted as major areas of focus by Google. Android 15 is expected to be publicly unveiled later this year at Google I/O 2024. 

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.