Android 16 will bring a meaningful security upgrade this year, focused on protecting one-time passwords (OTPs). Starting from the first Developer Preview, the system will automatically hide sensitive notification content like two-factor authentication codes from the lock screen.
This feature is only triggered under specific conditions, which means this will protect sensitive data without being a nuisance for the user. Android already has a feature that lets it detect if the phone is in an unknown location or unfamiliar hands and locks itself for security.
The OTP and two-factor Auth protection works under the same conditions and hides the sensitive content from the lock screen, even if you’ve set your device to Always Show Lock Screen Notifications. It might be using OTP detection to recognize which messages are meant to be hidden or ignored.
Android 11 users and above experience something similar on a daily basis, where the phone detects the OTP messages and automatically pastes them right where you want them. It seems the system knows already what an OTP looks like, and now, starting from Android 16, your phone will be able to hide the OTP codes from the lock screen.
Google confirms that this feature will not be triggered unless the phone detects it isn’t connected to your WiFi or it’s in unfamiliar hands. Google calls them high-risk scenarios, and Android 16 devices can intelligently trigger some security features under the Pre-condition.
This setting is a broader implementation of Android 15’s baked-in feature that blocks third-party apps from reading OTPs, even if they are allowed notification access. Android Authority recently dropped a hint that Android 16 uses similar algorithms for OTP protection while they were testing the new beta.
It’s pretty early in Android 16’s development cycle. There’s no way to be sure if this feature will make it to the stable Android 16 release. Developer previews are sometimes modified to add or remove features pre-launch. Google’s acknowledgment of the feature means that OTP protection could be a part of the stable Android 16 experience.
