Android 15 might soon be able to protect your two-factor authentication codes

Android 15
(Image credit: Google)

Google may be trying to better protect Two-Factor Authentication (2FA) in its upcoming Android 15 release.

Digging through the Android 14 QPR3 Beta 1, Android Authority claims to have found a new permission named RECEIVE_SENSITIVE_NOTIFICATIONS, with a protectionLevel of role|signature. 

It believes that this "means [notifications] can only be granted to applications with the requisite role or to applications that the OEM signs."

Android 15 MFA protections

Android Authority also claims that this permission is likely intended for Google's own apps only, not third-party ones. It believes that it is part of a future update to Android to prevent other, untrusted apps from seeing sensitive notifications, such as One Time Passcodes (OTP) that comprise 2FA.

While sifting through the source code for Android 14, a flag named OTP_REDACTION was also found, which is used to prevent 2FA codes being shown on the lock screen. It isn't used in this version of Android, though, leading to speculation that it will be employed with Android 15.

Both OTP_REDEACITON and RECEIVE_SENSITIVE_NOTIFICATIONS, therefore, are aimed at protecting 2FA codes - the former from other people seeing them on your lock screen, and the latter from untrusted apps.

There is already an active feature present in the platform since Android 13, which prevents users from enabling the notification listener service on apps downloaded from an untrusted source, which would allow them to see all notifications, including 2FA codes. 

Such codes typically appear in notifications when using SMS as a means of delivering 2FA codes. This is generally believed to be the lest secure form of 2FA, A cybercriminals can intercept messages by cloning your phone number, in a process known as SIM swapping. Using an authenticator app is regarded as a safer way to implement 2FA, as well as using physical security keys.

MORE FROM TECHRADAR PRO

Lewis Maddison
Staff Writer

Lewis Maddison is a Staff Writer at TechRadar Pro. His area of expertise is online security and protection, which includes tools and software such as password managers. 


His coverage also focuses on the usage habits of technology in both personal and professional settings - particularly its relation to social and cultural issues - and revels in uncovering stories that might not otherwise see the light of day.


He has a BA in Philosophy from the University of London, with a year spent studying abroad in the sunny climes of Malta.