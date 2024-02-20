The security feature may be announced at I/O 2024

Android 15 will prevent scammers from stealing OTPs: Here's how

By Akash Pandey 05:37 pm Feb 20, 202405:37 pm

What's the story Google is stepping up its security game for Android 15. Android expert Mishaal Rahman has stumbled upon "receive sensitive notifications" permission in Android 14 QPR3 Beta 1, hinting at a possible security upgrade that aims to protect one-time passwords (OTPs) from harmful apps. While the flag remains inactive in Android 14, it may be enabled in Android 15. The innovative feature will stop untrusted apps from accessing notifications with OTPs, significantly lowering the chances of security codes being compromised.

Information

OTPs are widely used for security across various apps, services

OTPs play a vital role in two-factor authentication (2FA) systems, but their delivery methods, like SMS and email, can be exploited by hackers and scammers. Google's latest move could help safeguard such crucial information by limiting access to sensitive notifications to authorized apps only.

Discovery

Permission to read OTPs will be limited to some apps

Rahman discovered 'RECEIVE_SENSITIVE_NOTIFICATIONS' permission, with a "protectionLevel" of "role|signature," allowing only select OEM signed or specified apps to view notifications. He believes Google won't grant third-party apps access to this permission due to its link to a feature in development aimed at stopping untrusted apps from accessing sensitive notifications. Although Google doesn't specifically label texts with 2FA codes as sensitive, Rahman found an "OTP_REDACTION" flag in Android 14 that could be activated in Android 15.

Scenario

Google's commitment to user security and privacy

Over the years, Google has made significant strides in enhancing the security and privacy of Android users. Blocking third-party apps from intercepting OTP texts could be another step in that direction, as Android malware often takes advantage of this method. However, the upcoming feature might also stop third-party apps from automatically reading and inputting OTPs on payment pages, a common function in many apps. More details about this new add-on are anticipated when Google unveils Android 15 at I/O 2024.

Details

Additional enhancements in Android 15

Besides the new security feature, Android 15 will also introduce several other updates to enhance user experience. The developer preview highlights improvements such as a battery health percentage indicator, lock screen widgets for customization, and a built-in version of Samsung's Secure Folder feature. This integrated Secure Folder would provide users with an added layer of privacy for their confidential information. These updates showcase Google's dedication to not only strengthening security but also refining usability and personalization within the Android ecosystem.