Paper Title
A SECRECY-ENHANCING SECURITY SYSTEM FOR CRITICAL AUTHENTICATION CODES PROVIDING CONTROLLED ACCESS TO INTENDED APPLICATIONS

Abstract
In modern mobile ecosystems, cryptographic security artifacts like one-time codes and verification tokens are commonly delivered via SMS.SMS-based delivery is widely used for its simplicity, affordability and accessibility, as most users have mobile phones capable of receiving texts. It also avoids the need for specialized apps, making it convenient for both users and service providers. However, this approach is inherently vulnerable to local attacks and interception by malicious applications. The open-access nature of SMS exposes threat of potential exploitation, posing significant security risks to users. Notably, large-scale malware campaigns have emerged, where malicious apps camouflage as legitimate applications to intercept messages, further intensifying the threat landscape. Some apps misuse Android's accessibility permissions, monitor screens, capture sensitive inputs and use notification interception to read these messages. In this study, we analyzed these vulnerabilities present within the existing system and the ways in which malicious applications can exploit them. We introduced a mechanism aimed at preventing unauthorized access to critical messages which are of very high impact to the user, ensuring that they are accessed exclusively by and delivered to only the intended application. Thereby enhancing security while maintaining a seamless user experience. This software-only solution requires no changes from service providers and can be implemented solely by OEMs (Original Equipment Manufacturers). We present the architecture, decision-making rules and security measures of our system, with a focus on achieving low latency, enhancing security and ensuring a seamless user experience under real-world conditions. Keywords - Authentication, Digital security, Malicious Applications, Security vulnerabilities, Mobile phones, OTP, AI, LSTM