Android 15 is still in development, but on Friday, February 16, Google released the first developer preview of the upcoming operating system. The tech giant says new Android software will focus primarily on security, and a new report claims to have found three new ways to make your smartphone and sensitive data more secure. Android 15 will reportedly be able to better protect notifications generated by two-factor authentication (2FA) so that malicious apps or malware cannot access it to steal user data.

according to a Report Android Authority’s Mishaal Rahman says Android 15 will take a new approach to filling the gaps left by its predecessor. Currently, most two-factor authentication methods for social media profiles, email, and banking apps use SMS to send a one-time password (OTP). However, there is a risk if a malicious third-party application can read this notification and use it to hack into sensitive data or get into your banking app and steal funds.

To reduce the risk, Google has begun placing strings of code in current versions of the operating system. The report found a line of code in the Android 14 QPR3 Beta 1 update that mentions a new permission called RECEIVE_SENSITIVE_NOTIFICATIONS. This permission has a higher level of protection and can only be granted to apps that Google has personally verified. The exact role of this permission is unclear, but given its naming, it appears to handle a special category of notifications that third-party apps cannot read.

The report emphasizes that it is likely targeting 2FA-related notifications. This belief comes from a separate string of code that Rahman discovered that pointed to an in-development platform feature tied to that permission. The function is called NotificationListenerService and it is an API that allows applications to read or take action on notifications. The general use case is how many apps require access to notifications to automatically populate OTP when creating a new account. However, this will become more difficult once this API becomes active (it’s not in the Android 14 version).

The report highlights that the API will require users to enter “settings” and then manually grant permissions to the app before it can be activated. Such strict measures may apply to two-factor authentication. However, even in the second case, it cannot be said with certainty.

Lachman discovered a third hint that might tie all the developments together. A new flag is seen in the code labeled OTP_REDACTION. It edits OTP notifications on the lock screen of your smartphone. Google isn’t currently using this flag, but reports suggest it could be activated in Android 15. All three separate developments point to OTP notices protecting third-party apps, making it likely that the tech giant will use these to protect financial and other important apps that may contain sensitive information.