Tech blogger Mishaal Rahman recently uncovered a noteworthy security enhancement in the test build of Android, aimed at shielding users from potential threats posed by scam applications that attempt to intercept two-factor authentication codes. While the feature is anticipated to debut in Android 15, its workings can be previewed now.
Enhanced System Permission:
Insider reports indicate a new security measure tied to the RECEIVE_SENSITIVE_NOTIFICATIONS system permission. This permission governs the operation of the NotificationListenerService API, allowing applications to interact with incoming messages. Currently, users manually grant this permission in system settings, but Google plans to implement restrictions due to its broad capabilities.
OTP_REDACTION Flag in Android 14:
An insider also discovered an OTP_REDACTION flag in the Android 14 source code, likely intended for Android 15. This flag is expected to limit the reading of two-factor authentication codes for all applications, except those deemed “trusted.” However, the specific list of trusted applications remains undisclosed at this time, notes NIX Solutions. Though unused in Android 14, when combined with the existing feature that conceals 2FA notifications on the lock screen, it is poised to bolster Android device security against unauthorized access attempts. Google has not officially announced this new security feature.