Third-party apps are to be blocked from reading sensitive notifications.
What you need to know
- Android 15 may enhance privacy and security by preventing OTP interception by third-party apps.
- Code found within Android 14 QPR Beta 1 contains a “receive sensitive notifications” permission, which would block many apps from reading those messages.
- Stopping malicious apps from accessing these messages would help to prevent accounts from being hijacked.
With the increased threat of having accounts hacked, two-factor authentication (2FA) plays a valuable role in making it harder for others to steal your information or access your accounts. One form of 2FA is one-time passwords (OTPs), which send a verification code to you via email or text.
While OTP is beneficial in that it is quicker and easier than using an authenticator app, it’s also the least secure of the 2FA methods available. This is because many apps request access to your notifications, allowing them to potentially intercept any of those sensitive OTP messages you’re receiving. Google may be set to address this security risk in Android 15, according to a report in Android Authority.
Android expert Mishaal Rahman discovered a new permission in the Android 14 QPR Beta 1 update named “RECEIVE_SENSITIVE_NOTIFICATIONS”. Rahman notes that this permission has what’s called a “protection level of role|signature” – in other words, only selected OEM-signed or specified apps can access those notifications.
Rahman goes on to speculate that third-party apps will be denied access to this permission, which will potentially be limited to select system apps. The permission itself is tied to a new platform feature currently in development, designed to prevent untrusted apps from accessing sensitive notifications. Specifically, this could apply to those apps that implement a notification listening service that allows apps to read or take action on all notifications.