Learn More
Resend Email
1
user261
19d

I was today years old when I got to know that there is a way to auto detect OTP sent via SMS with SMS READ permission. WTF!!

rant

security

sms

android

security bug

permission

wtf
Favorite
Ranter
Comments
  • 2
    19d
    SMS messages can be read by apps that can read SMS. A great tautology ;)

    I'm not sure were your security bug lies, and if targeting Android, your app shouldn't pass the play store verification if you solely use the SMS permission for that purpose.
  • 0
    19d
    Also there are multiple permissions for sms. I think the most restrictive one had to have some code at the beginning of the sms saying its for your app and you can read only those. Its a lot harder to get to play store with the less restrictive ones.
  • 1
    18d
    @24th-Dragon Do you mean https://developers.google.com/ident... ?
    It is a functionality of Google Play Services apps can use.
  • 0
    18d
    Yea, exactly that
  • 0
    18d
    @sbiewald there was a typo.
    It should've read. without* SMS READ permission
Related Rants
devRant © 2020 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment