1
user261
19d

I was today years old when I got to know that there is a way to auto detect OTP sent via SMS with SMS READ permission. WTF!!

Comments
  • 2
    SMS messages can be read by apps that can read SMS. A great tautology ;)

    I'm not sure were your security bug lies, and if targeting Android, your app shouldn't pass the play store verification if you solely use the SMS permission for that purpose.
  • 0
    Also there are multiple permissions for sms. I think the most restrictive one had to have some code at the beginning of the sms saying its for your app and you can read only those. Its a lot harder to get to play store with the less restrictive ones.
  • 1
    @24th-Dragon Do you mean https://developers.google.com/ident... ?
    It is a functionality of Google Play Services apps can use.
  • 0
    Yea, exactly that
  • 0
    @sbiewald there was a typo.
    It should've read. without* SMS READ permission
Add Comment