Android 15 continues to be beneath growth, however on Friday, February 16, Google launched the primary Developer Preview of the upcoming working system. The tech big stated that the brand new Android software program will largely deal with safety, and a brand new report claims to have discovered three new methods it’ll make your smartphone and your delicate knowledge safer. According to it, Android 15 might be ready to higher defend the notifications that come up from two-factor authentications (2FA) so {that a} malicious app or malware can’t entry it to steal consumer knowledge.
According to a report by Android Authority’s Mishaal Rahman, Android 15 might be implementing new methods to cowl the gaps left behind by its predecessors. Currently, most two-factor authentication strategies for social media profiles, emails, and banking apps use SMS to ship a one-time password (OTP). However, there’s a threat if a malicious third-party app can learn this notification and use it to hack into delicate knowledge or get into your banking apps and steal cash.
To cut back the danger, Google has already begun inserting strings of codes within the present version of the OS. The report discovered a line of code within the Android 14 QPR3 Beta 1 replace that mentions a brand new permission named RECEIVE_SENSITIVE_NOTIFICATIONS. This permission comes with a better safety stage and might solely be given to apps that Google personally verifies. The precise position of this permission will not be identified however given its naming, it seems to take care of a particular class of notifications that won’t be accessible for third-party apps to learn.
The report highlights that it’s seemingly aimed toward 2FA-related notifications. The perception comes from a separate string of code discovered by Rahman, which factors to an under-development platform function, to which the permission is tied. The function is called NotificationListenerService and it’s an API that lets apps learn or take motion on notifications. A normal use case can be what number of apps ask for entry to notifications to auto-fill OTP when creating a brand new account. However, as soon as this API turns into energetic (it is not within the Android 14 construct), this can get harder.
This API would require the consumer to enter Settings after which manually grant permission to apps earlier than they are often turned energetic, the report highlights. Such stringent measures are seemingly for two-factor authentication. However, even within the second case, it can’t be stated for positive.
Rahman discovered a 3rd trace that seemingly ties all of the developments collectively. A brand new flag was seen within the codes labelled OTP_REDACTION. It redacts OTP notifications on the lock display screen of the smartphone. Google at the moment doesn’t use this flag, however the report suggests it may be made energetic with Android 15. All three separate developments level in direction of defending OTP notifications from third-party apps, which makes it seemingly that the tech big will use these to defend monetary and different necessary apps that will include delicate info.