Android 15 Could Offer a Boost to Two-Factor Authentication Security to Keep User Data Safe: Report


Android 15 is still under development, but on Friday, February 16, Google released the first Developer Preview of the upcoming operating system. The tech giant said that the new Android software will largely focus on security, and a new report claims to have found three new ways it will make your smartphone and your sensitive data more secure. According to it, Android 15 will be able to better protect the notifications that arise from two-factor authentications (2FA) so that a malicious app or malware cannot access it to steal user data.

According to a report by Android Authority’s Mishaal Rahman, Android 15 will be implementing new ways to cover the gaps left behind by its predecessors. Currently, most two-factor authentication methods for social media profiles, emails, and banking apps use SMS to send a one-time password (OTP). However, there is a risk if a malicious third-party app can read this notification and use it to hack into sensitive data or get into your banking apps and steal money.

To reduce the risk, Google has already begun placing strings of codes in the current edition of the OS. The report found a line of code in the Android 14 QPR3 Beta 1 update that mentions a new permission named RECEIVE_SENSITIVE_NOTIFICATIONS. This permission comes with a higher protection level and can only be given to apps that Google personally verifies. The exact role of this permission is not known but given its naming, it appears to deal with a special category of notifications that will not be accessible for third-party apps to read.

The report highlights that it is likely aimed at 2FA-related notifications. The belief comes from a separate string of code found by Rahman, which points to an under-development platform feature, to which the permission is tied. The feature is named NotificationListenerService and it is an API that lets apps read or take action on notifications. A general use case would be how many apps ask for access to notifications to auto-fill OTP when creating a new account. However, once this API becomes active (it isn’t in the Android 14 build), this will get more difficult.

This API will require the user to enter Settings and then manually grant permission to apps before they can be turned active, the report highlights. Such stringent measures are likely for two-factor authentication. However, even in the second case, it cannot be said for sure.

Rahman found a third hint that likely ties all the developments together. A new flag was seen in the codes labelled OTP_REDACTION. It redacts OTP notifications on the lock screen of the smartphone. Google currently does not use this flag, but the report suggests it can be made active with Android 15. All three separate developments point towards protecting OTP notifications from third-party apps, which makes it likely that the tech giant will use these to protect financial and other important apps that may contain sensitive information.


Affiliate links may be automatically generated – see our ethics statement for details.



View Original Source Here

You May Also Like

Ex-Tesla engineer builds Aigen robots to eliminate weeds without pesticides

Aigen founders: Rich Wurden (CTO) and Kenny Lee (CEO) Courtesy: Aigen The…
YouTube, Spotify Apps Won’t be Available on Apple Vision Pro at Launch: Report

YouTube, Spotify Apps Won’t be Available on Apple Vision Pro at Launch: Report

YouTube and Spotify will not offer standalone apps for the Apple Vision…

Tech companies racked up over $17 billion in losses on equity investments in the first quarter

An electric Amazon delivery van from Rivian cruises down the street with…
Adobe (ADBE) Q1 earnings report 2024

Adobe (ADBE) Q1 earnings report 2024

Adobe CEO Shantanu Narayen speaks during an interview with CNBC on the…