Android 15, by the looks of it, could have a major focus on security Not only has Google added a number of security-conscious tools to the first Android 15 developer preview, but it also appears to be strengthening the protection of two-factor authentication codes Now it appears that Google may also strengthen the protection of two-factor authentication codes

According to renowned Android detective Mishaal Rahman of Android Authority, Android 14 QPR3 beta 1 includes a new permission called RECEIVE_SENSITIVE_NOTIFICATIONS Apparently, this permission has a protection level of role|signature and will only allow apps that have the required role or are signed by an OEM

Rahman believes that this permission probably only targets Google apps, not third parties, and is a way to prevent untrusted apps from seeing sensitive notifications This includes one-time passcodes (OTPs) and other two-factor authentication codes

This seems to be backed up by two new additions: the first is an API called NotificationListenerService, which allows apps to read and take action on all notifications

There is also a completely new flag called OTP_REDACTION that prevents the code from appearing on the lock screen So, in both cases, Android seems to protect your 2FA code from untrusted apps that might snoop through your notifications or prying eyes that might see the code on the lock screen

Since these flags have not yet been implemented in Android, Android 15 is the most likely place where Google will enable these additional flags and permissions This could be a major hidden advantage for the software

Two-factor authentication is a very important way to keep your account secure Because even if someone manages to guess your login information, the odds that they also have your secondary authentication code are astonishingly low

Nevertheless, 2FA is not perfect and has security flaws that a savvy hacker might try to exploit Especially when the code is sent via SMS, which is notoriously unencrypted and completely insecure

Whether these messages are intercepted en route, looked over one's shoulder, or peeked at by a malicious app, once the hacker has the code, the account in question is essentially free to use Therefore, anything Google can do to improve security when the code arrives is welcome

While this process cannot be made completely foolproof, it is a reason to avoid SMS and notification-based 2FA whenever possible Using a code from an authentication app or a physical security key is much more secure

It is not known exactly when Android 15 will be released to the public, but Google says the first beta version should be available in the spring Until then, stay tuned to the official Android 15 hub for the latest news and rumors