Advertisement

Android’s focus on privacy: Android is set to improve security measures by potentially restricting access to sensitive notifications, such as one-time passwords (OTPs), to authorised apps only in the Android 15 update. The discovery of a new "receive sensitive notifications" permission in Android 14 QPR3 Beta 1 suggests a move towards safeguarding sensitive information like OTPs from interception by third-party apps.

The permission, with a ‘protectionLevel’ of ‘role|signature,’ implies that only selected OEM-signed or specified apps may access the notification. According to an Android Polic report, expert Mishaal Rahman speculates that Google is unlikely to grant access to this permission to third-party apps, indicating a shift towards preventing untrusted apps from accessing sensitive notifications.

Advertisement

While Google has not explicitly classified texts with 2FA codes as sensitive in permissions, Android Police cites Rahman's findings that suggest a potential implementation of an "OTP_REDACTION" flag in Android 14 for redacting OTP notifications on the lock screen. This feature, though currently inactive, could be activated in Android 15, signalling Google's intention to restrict access to OTP texts to authorised apps.

These developments reflect Google's ongoing efforts to improve user security and privacy on Android. By preventing third-party apps from intercepting OTP texts, Google plans to mitigate privacy risks associated with unauthorised access to sensitive information. This security measure could also impact the automatic reading and filling in of OTPs on payment pages, a common practice in many apps.

Advertisement

The introduction of this security feature may be part of Google's broader strategy to enhance Android security, with potential discussions expected at Google I/O 2024 later this year, where Android 15 is likely to be unveiled.