shows message id while getting the OTP while registering on new usr

nic-delhi / AarogyaSetu_Android

Aarogya Setu Android app native code

https://www.aarogyasetu.gov.in/

Other

2.88k stars 1.91k forks source link

shows message id while getting the OTP while registering on new usr #300

Open abhi333gupta opened 4 years ago

abhi333gupta commented 4 years ago

when a new user register him self on app , the data base send a OTP to confirm with user but simultaneously it also sends the message id and its code(ID) to user. This can make the hacker and other party to get the info of the user this may can led to a lot of issue in future

WhatsApp Image 2020-05-28 at 9 41 57 PM

vinaybedre commented 4 years ago

A message ID is used to verify OTP by app without manually copying/giving permission to read SMS. This is no security risk at all. Check your WhatsApp SMS for eg. which also has Message ID at the end This issue can be closed

aravindvnair99 commented 4 years ago

@abhi333gupta This is a security feature as already mentioned by @vinaybedre and not a security flaw. You can Google more about that hash. Please read more before reporting and close this issue.

Perhaps have a look at this: SMS Verification APIs