I have recently installed an Android app from the Play Store. While registering in it, I realized that it was able to read my message of OTP without even asking for my permission to read the message.
I have AOSP Extended 5.8 with the August security patch. It's an Android Oreo 8.1 based custom rom.
Answer
Verification by OTP uses a different API which doesn't need read SMS permission. You can read more here Perform SMS Verification on a Server
Hence, the app isn't reading your SMS but using a separate channel to read specially formatted text messages
I learnt of this when an Xposed module to block permissions did not work as I expected (similar case) and the developer explained the reason
No comments:
Post a Comment