Android 15 might soon be able to protect your two-factor authentication codes

News
By Lewis Maddison
published

Android 15 wants to protect your 2FA codes from untrusted apps and prying eyes

Android 15
(Image credit: Google)

Google may be trying to better protect Two-Factor Authentication (2FA) in its upcoming Android 15 release.

Digging through the Android 14 QPR3 Beta 1, Android Authority claims to have found a new permission named RECEIVE_SENSITIVE_NOTIFICATIONS, with a protectionLevel of role|signature. 

It believes that this "means [notifications] can only be granted to applications with the requisite role or to applications that the OEM signs."

Android 15 MFA protections

Android Authority also claims that this permission is likely intended for Google's own apps only, not third-party ones. It believes that it is part of a future update to Android to prevent other, untrusted apps from seeing sensitive notifications, such as One Time Passcodes (OTP) that comprise 2FA.

While sifting through the source code for Android 14, a flag named OTP_REDACTION was also found, which is used to prevent 2FA codes being shown on the lock screen. It isn't used in this version of Android, though, leading to speculation that it will be employed with Android 15.

Both OTP_REDEACITON and RECEIVE_SENSITIVE_NOTIFICATIONS, therefore, are aimed at protecting 2FA codes - the former from other people seeing them on your lock screen, and the latter from untrusted apps.

There is already an active feature present in the platform since Android 13, which prevents users from enabling the notification listener service on apps downloaded from an untrusted source, which would allow them to see all notifications, including 2FA codes. 

Such codes typically appear in notifications when using SMS as a means of delivering 2FA codes. This is generally believed to be the lest secure form of 2FA, A cybercriminals can intercept messages by cloning your phone number, in a process known as SIM swapping. Using an authenticator app is regarded as a safer way to implement 2FA, as well as using physical security keys.

MORE FROM TECHRADAR PRO

Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks.  His area of expertise lies in computer peripherals and audio hardware, including speakers and headphones, having spent over a decade exploring the murky depths of audio production and PC building. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.