[ad_1]
Google may be looking to improve two-factor authentication (2FA) protection in the upcoming Android 15 release.
Android Authority has investigated Android 14 QPR3 Beta 1 and claims to have discovered a new permission named RECEIVE_SENSITIVE_NOTIFICATIONS with protectionLevel role|signature.
I think this “means”. [notifications] Can only be granted to applications that have the required role or are signed by the OEM. ”
Android 15 MFA protection
Android Authority also claims that this permission is likely only for Google’s own apps, not third-party apps. This is believed to be part of a future update to Android to prevent other untrusted apps from viewing sensitive notifications such as the one-time passcode (OTP) that makes up his 2FA.
While looking into the Android 14 source code, we also found a flag named OTP_REDACTION. This is used to prevent his 2FA code from appearing on the lock screen. However, it is not used in this version of Android, leading to speculation that it will be introduced in Android 15.
Therefore, both OTP_REDEACITON and RECEIVE_SENSITIVE_NOTIFICATIONS are intended to protect 2FA codes. The former protects you from being seen by others on your lock screen, while the latter protects you from untrusted apps.
Starting with Android 13, the platform already has an active feature that prevents users from enabling the notification listener service on apps downloaded from untrusted sources and allows them to view all notifications containing 2FA codes.
Such codes typically appear in notifications when using SMS as a means of delivering 2FA codes. This is generally considered to be the least secure form of 2FA and allows cybercriminals to intercept your messages by duplicating your phone number in a process known as SIM swapping. Using an authenticator app is considered a more secure way to implement 2FA, similar to using a physical security key.
TECHRADAR PRO details
[ad_2]
Source link
