simonbooth
commented
4 years ago This needs some thought - firstly it needs to be an optional optimization as we support both devices with an SMS capable SIM but also data only devices (WiFi or Data only SIM). In order to be secure, the system (app or backend) needs to first verify ownership of the number - unfortunately this is hard to do in a consistent way on the device. https://stackoverflow.com/questions/2480288/programmatically-obtain-the-phone-number-of-the-android-phone If the app is to be submitted to Google app store, additional restrictions apply, https://support.google.com/googleplay/android-developer/answer/9047303#exceptions - the only official way to allow this verification is by placing a voice call to the device and reading the call log OR to be the default call app. This could be a design goal. It also further restricts the use case to SIM cards that support voice calls. The other problem is that this voice call cannot convey any kind of sync code to match this device with this account. The implementation design could look something like (assumes SMS send permission):
- App registers to backend with device ID and obtains pairing code (same as now)
- App sends SMS to the backend with the pairing code, backend should get the phone number this way
When app needs to register itself in a new device (Or renew registration), I would like to have the registration code sent to the device in SMS, and read the SMS - automatically by the app to complete the registration