Android 15 might stop some apps from reading notifications with OTP

The countdown for the next iteration of the operating system has begun, as Google already dispatched the first Developer Preview of Android 15. Therefore, the code within Android 15 suggests that Google might stop untrusted apps from reading notifications with OTP.

The QPR3 Beta 1 update of Android 14 shows a new option named RECEIVE_SENSITIVE_NOTIFICATIONS. This permission has a protection level of role signature, which means it can only be granted to applications with the requisite role or to applications that the OEM signs.

While the exact role that grants this permission hasn’t been detailed yet, likely, that Google doesn’t intend to open this permission up to third-party apps. Hence, Google might be planning to crack down on a known Android security attack method with the upcoming OS – Android 15.

Various apps use passkey or enable two-factor authentication. While some forms of two-factor authentication are more secure than others, some platforms only support the most basic methods, wherein your one-time passwords (OTPs) are sent via email or text.

These methods are convenient since they don’t require additional setup, but they are also less secure since they’re easier to intercept. So, to reduce the risk of data loss, Android 15 might add a new feature that will stop untrusted apps from reading notifications with OTP.

Follow our socials → Google News | Telegram | X/Twitter | Facebook | WhatsApp

However, currently, it’s hard to describe which apps will count as an untrusted app but we can say that Android will have many ways to protect users from leaking their 2FA codes to third parties. Like the OTP_REDACTION, which suggests that Google will stop users from leaking their 2FA codes on the lock screen.

While the RECEIVE_SENSITIVE_NOTIFICATIONS permission suggests that Android will stop untrusted apps from reading notifications with 2FA codes.

Source