Android 17 boosts security with tighter control over OTP texts and local network access

The next major update to Google’s mobile operating system is beginning to take shape. Android 17, currently in beta for developers, introduces new protection layers focused on two key areas: one-time password (OTP) messages and app access to the local network.

Stronger barriers against OTP code theft

One of the most significant changes concerns SMS verification codes. Android 17 will automatically delay app access to these messages for up to three hours, a move designed to reduce account hijacking attacks.

This safeguard applies to both traditional OTP text messages and WebOTP formats. By doing so, the operating system makes it harder for malicious apps to instantly capture codes sent by banks, online services or two-factor authentication platforms.

At a time when SMS verification remains common, this adjustment represents a meaningful boost to user privacy and security.

New permission to control local network access

Another key feature is the introduction of a dedicated runtime permission for accessing the local network. This control will be managed under the “Nearby devices” section.

The goal is to prevent apps with unrestricted access from collecting information about a user’s network environment. From now on, explicit authorization will be required, adding an extra layer of transparency and control.

Improved multi-device experience

Android 17 also enhances cross-device connectivity. Google is working on a new API called Handoff that will allow users to resume a task on a different device — for example, starting on a smartphone and continuing on a tablet — supported by synchronization through CompanionDeviceManager.

The vision is clear: seamless continuity without compromising security.

More features for developers and user experience

Highlights in beta 2 include:

• Creation of conversation bubbles from any app across smartphones, foldables and tablets.

• An EyeDropper API capable of capturing any on-screen color without requiring sensitive full screen capture permissions.

• A system-level contact picker offering temporary, limited access only to the specific data approved by the user.

• The new "FEATURE_NEURAL_PROCESSING_UNIT" declaration, enabling apps to access the neural processing unit (NPU) when available on the device.

In addition, the second beta fixes previous bugs and continues optimizing performance, stability and privacy.

Security at the core

With Android 17, Google makes it clear that security is no longer optional but foundational. Enhanced control over verification codes and local network access directly addresses increasingly sophisticated threats.

The final release will reveal the full picture, but one thing is already certain: the next generation of Android is firmly focused on protecting what matters most — our data.