[ad_1]
From the looks of it, Android 15 is likely to have a big focus on security. Google hasn’t just added a bunch of security-conscious tools to the initial Android 15 developer preview. Now it looks like Google is adding better protection to his two-factor authentication codes as well.
According to Android Authority’s renowned Android detective Mishaal Rahman, Android 14 QPR3 Beta 1 includes a new permission called . RECEIVE_SENSITIVE_NOTIFICATIONS.Apparently this permission Role | Signature This means that protection levels can only be granted to apps that have the required role or are signed by the OEM.
Rahman believes this permission is likely only for Google apps, not third parties, and is a way to prevent untrusted apps from seeing sensitive notifications. This includes any One-Time His Passcode (OTP) or any other His Two-Factor Authentication code that may be sent to you.
This seems to be borne out by two new additions. The first is an API called . Notification listener service This allows the app to read all notifications and take actions on them, but only if the settings grant that permission.
There’s also a brand new flag called OTP_REDACTION Prevents codes from appearing on the lock screen. So in both cases, Android seems to protect her 2FA code from untrusted apps that might snoop on her notifications, or prying eyes that might snoop on the code on her lock screen.
These flags have not yet been implemented in Android, so Android 15 is the most likely release date for Google to enable these additional flags and permissions. This can be a great hidden advantage of the software.
Two-factor authentication is a very important way to keep your account secure. Because even if someone were able to guess your login information, it’s incredibly unlikely that they also have that secondary authentication code.
However, 2FA isn’t perfect, and there are security flaws that can be exploited, especially by savvy hackers. If the code was sent via SMSis notorious for being unencrypted and not completely secure.
Even if those messages are intercepted en route, looked over your shoulder, or snooped on by a malicious app, once a hacker has that code, they essentially have free rein to operate the account in question. Become. So anything Google can do to improve the security of the code when it arrives is very welcome.
SMS and notification-based 2FA should be avoided whenever possible, as the process is not completely foolproof. Using an authenticator app code or leveraging a physical security key greatly increases security.
We don’t know exactly when Android 15 will be generally available, but Google says the first beta should arrive in the spring. Until then, keep up with the latest news and rumors on our official Android 15 hub.
More about Tom’s guide
[ad_2]
Source link
