- Android 15 blocks untrusted apps from reading sensitive notifications, even if they have permission to read all notifications.
- Before Android 15, apps with notification access were able to read all incoming notifications, even ones with OTP codes.
- Now, though, only certain trusted apps can read OTP codes from notifications.
Your phone’s notifications panel is a treasure trove of sensitive data, as it includes not just personal messages but also security codes sent from online services you’ve enabled two-factor authentication for. That’s why many malicious apps try to trick you into granting them notification access so they can steal those two-factor authentication codes. Thankfully, the Android 15 update makes it harder for malicious apps to extract two-factor authentication codes from notifications.
Android has long offered an API called Notification Listener that lets third-party apps access your notifications. Since notifications can contain sensitive data, apps can’t use the Notification Listener API unless they get your permission. You have to manually grant the app access to your notifications through the Settings app, and the only thing apps can do to assist with that process is to open the Settings page where you can grant access.