Android 15 could stop malicious apps from reading notifications with OTPs

We live in a world where cybersecurity is more important than ever. Our accounts – banking, work, social media – hold sensitive information, and protecting them is crucial. Two-factor authentication (2FA) is a widely adopted layer of protection, with One-Time Passwords (OTPs) sent via text or email adding an extra verification step.

But even 2FA has weaknesses. Apps with shady permissions lurking on your phone could be stealthily grabbing those sensitive OTPs. This vulnerability allows hackers to bypass 2FA – leaving your accounts in jeopardy.

Google seems ready to counter this threat. Mishaal Rahman at Android Authority uncovered evidence in the Android 14 QPR3 Beta 1 of a new permission:

RECEIVE_SENSITIVE_NOTIFICATIONS

This permission seems designed to specifically restrict apps from accessing critical notifications. Given the early nature, it’s like that we’ll see the OTP protection with Android 15 directly.

Rahman theorizes this targets those OTP-containing messages. Untrusted apps wouldn’t be able to get their hands on your codes, even if you’ve accidentally given them broader notification access.

There are layers to how this new security feature would work in combination with other measures. Apps would need this new “RECEIVE_SENSITIVE_NOTIFICATIONS” permission to read specific (possibly OTP) notifications. This likely won’t be open to most apps.

Further, Mishaal highlights another new flag – “OTP_REDACTION,” which suggests Android could hide these OTPs even on the lock screen, adding another barrier. Building on Android 13’s feature, Android 15 could continue blocking sideloaded apps (those not from trusted stores) from even using notification listener services.

While protecting OTPs is a big step, there’s more potential here. Imagine if certain categories of notifications – perhaps banking or healthcare related – could be automatically marked as ‘sensitive’. Untrusted apps would instantly be denied access, offering broader protection than ever before.

Will Android 15 definitively fix OTP hijacking? It’s too early to tell for sure, but it signals a step forward. Hackers and malicious apps constantly adapt. Android’s evolution shows Google is proactively countering the latest threats.

Even with these improvements, staying secure boils down to us being informed users:

• Sources matter: Stick to official app stores, unless you know what you’re doing. Sideloading increases risks.
• Permission vigilance: Carefully check what permissions you grant apps and review them over time.
• Alternatives to SMS: Opt for authenticator apps for 2FA when possible, as they’re generally more secure than SMS-based codes.

Android 15’s changes ould be a turning point for user privacy and security. While details are still unfolding, this potential development makes it increasingly difficult for unauthorized apps to gain access to your most critical data.