Android 15 might soon be able to protect your two-factor authentication codes

Android 15 wants to protect your 2FA codes from untrusted apps and prying eyes

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Googlemay be trying to better protect Two-Factor Authentication (2FA) in its upcoming Android 15 release.

Digging through the Android 14 QPR3 Beta 1,Android Authorityclaims to have found a new permission named RECEIVE_SENSITIVE_NOTIFICATIONS, with a protectionLevel of role|signature.

It believes that this “means [notifications] can only be granted to applications with the requisite role or to applications that the OEM signs.”

Android 15 MFA protections

Android Authority also claims that this permission is likely intended for Google’s own apps only, not third-party ones. It believes that it is part of a future update to Android to prevent other, untrusted apps from seeing sensitive notifications, such as One Time Passcodes (OTP) that comprise 2FA.

While sifting through the source code for Android 14, a flag named OTP_REDACTION was also found, which is used to prevent 2FA codes being shown on the lock screen. It isn’t used in this version of Android, though, leading to speculation that it will be employed with Android 15.

Both OTP_REDEACITON and RECEIVE_SENSITIVE_NOTIFICATIONS, therefore, are aimed at protecting 2FA codes - the former from other people seeing them on your lock screen, and the latter from untrusted apps.

There is already an active feature present in the platform since Android 13, which prevents users from enabling the notification listener service on apps downloaded from an untrusted source, which would allow them to see all notifications, including 2FA codes.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Such codes typically appear in notifications when using SMS as a means of delivering 2FA codes. This is generally believed to be the lest secure form of 2FA, A cybercriminals can intercept messages by cloning your phone number, in a process known as SIM swapping. Using anauthenticator appis regarded as a safer way to implement 2FA, as well as using physicalsecurity keys.

MORE FROM TECHRADAR PRO

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

This new malware utilizes a rare programming language to evade traditional detection methods