Android 15 notification

[Majed6]

First off, thanks a lot for maintaining the app. I have been using your fork for a while and it's a fantastic fork.

After I upgraded my phone yesterday it seems for some reason that the app isn't able to recognize my templates.

Intercepting notifications on Android 15 doesn't seem to be working since the intercepted notification shows up as sensitive notification as shown below

Thanks again for keep this app working for so long.

[Majed6]

It would be great to have the SMS permission/method back as it was in the outdated app if possible.

[tiberiusteng]

I think it's the option in System Settings -> Notifications -> Sensitive notifications (Show sensitive content when locked).

Google does not allow new submitted apps to claim direct SMS access permissions so it's very unlikely to have that feature back.

[Majed6]

My device was unlocked when I received the message. I was reproducing it manually. The system now detects "sensitive info" and hide their content from apps that intercept notifications.

I tried to do the steps you mentioned but it still gives me the same results.

It's a bummer that google won't allow the sms permission.

Would you consider an F-Droid alternate build maybe?

Or a GitHub style extension apk?

Either way, thanks a lot for the prompt response.

[tiberiusteng]

What's your phone manufacturer and Android version? I currently only tested on Pixel 7 Pro and it works, when the device unlocked the system refreshed all notifications and I can see them in the app. If your Android flavor has additional sensitive notification protection, it should have a corresponding config to allow apps access to them, or turn the protection off.

I currently don't have capacity to make alternative builds.

[Majed6]

If you got working on Android 15 then it's on me. I have a pixel 6 pro. I'll figure it out then. Thanks for the confirmation.

Fyi, I was reproducing it with a message containing

"OTP 123567"

[tiberiusteng]

Uh, I'm still on Android 14, I'll check it after I upgraded to Android 15. I think you first need to see the message/sender fully in the notification area, DON'T CLICK IT INTO MESSAGE APP OR SWIPE AWAY, and go to Financisto Holo's Notification List activity to see if you see the same content in the notification area.

[Majed6]

Same results. If you heavily depend on the app for managing your finances don't update to 15 😁.

I bet you could test it by creating any notification with the string "OTP 1234567" on an Android 15 emulator. I haven't tried but I believe it's safe to assume that it's a security "enhancement" on the OS level.

[tiberiusteng]

Wait, perhaps it's string match on "OTP" ... other contents being blocked too?

[Majed6]

Nope it's actually my bank's sms that was hidden and it was in another language too.

There is some sort of an algorithm to detect sensitive content.

I simply tried to reproduce it with none identifying content before opening the issue since I didn't feel comfortable sharing the original message as showed my credit card balance after payment. A legitimate use case as opposed to an otp causes the same results.

[tiberiusteng]

Totally understandable, don't share your sensitive data!

In the Settings -> Apps -> Messages (on my phone it's Google's Messages app) -> Notifications, there's an 'Incoming messages' (and probably the numbers your bank/your test phone used to send messages), check if you allow it to display message contents.

[tiberiusteng]

And the app of my bank also stopped showing push notification content in the notifications recently, so I kind of understand it ...

[Majed6]

Totally understandable, don't share your sensitive data!

In the Settings -> Apps -> Messages (on my phone it's Google's Messages app) -> Notifications, there's an 'Incoming messages' (and probably the numbers your bank/your test phone used to send messages), check if you allow it to display message contents.

Same results. I'll give it another shot by force quitting, restarting the phone, and redoing every suggestion you mentioned after work tomorrow.

Thanks a heap for your prompt replies. And thanks again for keeping this app alive :).

[Majed6]

Found the new feature toggle. It's called enhanced notifications. Turned it off and things are back to normal. Really appreciate you.

Here is the announcement of the new feature for your reference https://security.googleblog.com/2024/05/io-2024-whats-new-in-android-security.html

Just in case, maybe try to get whitelisted as it seems like the issue fixes itself automatically for some apps https://issuetracker.google.com/issues/354524657#comment19

Maybe it's worth contacting google about it.

[tiberiusteng]

Great, thanks for the info!

[tiberiusteng]

Strange, I've just updated my phone to Android 15, and my Enhanced Notifications option is default to enabled, but I can see/receive all my notifications correctly ... I'll play with hiding sensitive notifications in lock screen to see if I can reproduce it.

[tiberiusteng]

From the issue link you posted, looks very likely it's your "OTP" string in test messages triggered some nasty protection mechanism .........

[Majed6]

Well my bank message which didn't have any otp on it and was in a non English language triggered it.

Could be because the numbers ( credit card digits , deducted amount, and remaining balance ) were in English.

[Majed6]

It could be a gradual rollout and my device was selected....idk

[tiberiusteng]

ok, one of my bank messages triggered this behavior and I can't do anything ...

[Majed6]

Reach out to google. See if you can be whitelisted ( if that's a thing ). See what their recommendations are for you as the publisher.

I believe that it's a security feature rather than a privacy one. Which means that they have to have a trust system . They even explicitly said in their security blog that they don't intend to block smart watches companion apps. Which means some apps can argue their place into that trust system somehow.

[tiberiusteng]

A reply in the google issue has mentioned an adb command that can make app receive sensitive notifications again, perhaps you can try it (need to enable debug mode, have adb command; after running the command you may need to restart the app or phone):

adb shell appops set tw.tib.financisto RECEIVE_SENSITIVE_NOTIFICATIONS allow

[Majed6]

That's good and bad news, no?

Good because it means when the feature is no longer flagged under enhanced notifications we can still work around it.

Bad news , and you're the expert here, it's not possible to request this permission in the Google Play Store. No?

What do you believe is the plan going forward?

[tiberiusteng]

I think we will need to wait and see if Google would provide a way for application to request/apply for this permission, or create another system setting interface for it ...

[Majed6]

Fingers crossed. Thanks a lot for your help and prompt responses. And thanks again for maintaining this app.

Feel free to keep or close the issue as it stands:

• Disabling Enhanced notifications is a viable solution
• Granting the permission is another viable solution.
• Google may provide a way for apps to apply for the permission
• Google may fix their OTP recognition algorithm and payment notifications no longer trigger it.

[tiberiusteng]

I'll keep this issue open, and would update this issue if/when Google have updates on how to obtain/config that permission.