Android 15 Could Offer a Boost to Two-Factor Authentication Security to Keep User Data Safe: Report

/in


Android 15 is still under development, but on Friday, February 16, Google released the first Developer Preview of the upcoming operating system. The tech giant said that the new Android software will largely focus on security, and a new report claims to have found three new ways it will make your smartphone and your sensitive data more secure. According to it, Android 15 will be able to better protect the notifications that arise from two-factor authentications (2FA) so that a malicious app or malware cannot access it to steal user data.

According to a report by Android Authority’s Mishaal Rahman, Android 15 will be implementing new ways to cover the gaps left behind by its predecessors. Currently, most two-factor authentication methods for social media profiles, emails, and banking apps use SMS to send a one-time password (OTP). However, there is a risk if a malicious third-party app can read this notification and use it to hack into sensitive data or get into your banking apps and steal money.

To reduce the risk, Google has already begun placing strings of codes in the current edition of the OS. The report found a line of code in the Android 14 QPR3 Beta 1 update that mentions a new permission named RECEIVE_SENSITIVE_NOTIFICATIONS. This permission comes with a higher protection level and can only be given to apps that Google personally verifies. The exact role of this permission is not known but given its naming, it appears to deal with a special category of notifications that will not be accessible for third-party apps to read.

The report highlights that it is likely aimed at 2FA-related notifications. The belief comes from a separate string of code found by Rahman, which points to an under-development platform feature, to which the permission is tied. The feature is named NotificationListenerService and it is an API that lets apps read or take action on notifications. A general use case would be how many apps ask for access to notifications to auto-fill OTP when creating a new account. However, once this API becomes active (it isn’t in the Android 14 build), this will get more difficult.

This API will require the user to enter Settings and then manually grant permission to apps…

Source…