Your smartphone’s notifications are more than just alerts; they are gateways to sensitive information, including security codes from two-factor authentication services. Recognizing this vulnerability, Android 15 introduces a significant enhancement aimed at safeguarding these critical notifications from malicious applications.
Strengthening Notification Security
Historically, Android’s Notification Listener API allowed third-party applications to access all notifications, provided users granted permission. This access meant that any app with notification permissions could potentially read sensitive information, including two-factor authentication codes. However, with the arrival of Android 15, a paradigm shift occurs: notifications containing two-factor authentication codes are now classified as “sensitive.” Only trusted applications can access this information, effectively blocking untrusted apps from reading these crucial codes.
The Android System Intelligence (ASI) plays a pivotal role in this new framework. It processes notifications before they reach Notification Listener services. If ASI identifies a notification containing a two-factor authentication code, it marks it as sensitive and prevents untrusted services from accessing it. Untrusted apps will receive a notification stating, “sensitive notification content hidden,” ensuring that sensitive data remains secure.
To qualify as a trusted application under this new system, apps must possess the RECEIVE_SENSITIVE_NOTIFICATIONS permission, which is primarily reserved for system applications or those with specific roles, such as companion device apps for smartwatches or smart glasses. Consequently, only a select few third-party applications will have the ability to read notifications containing two-factor authentication codes.
Implications for Users and Developers
This enhancement is expected to bolster security against hacking attempts that exploit notification access. However, it may also disrupt certain automation tools that rely on reading these notifications, such as the “Copy SMS Code” application. While there are workarounds to restore previous functionality—such as disabling “Enhanced notifications” in the settings or using ADB commands to grant permissions—these methods are not advisable for the average user due to potential security risks.
As Android continues to evolve, these incremental changes reflect a commitment to user security. However, the lack of documentation regarding this shift raises questions about transparency and its impact on app behavior. Users may also appreciate additional features, such as selectively blocking sensitive notifications from appearing on the lock screen, a capability that was previously under consideration by Google.
