kattuu
Active Level 2
Options
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-28-2023 10:51 AM in
Others
Hi,
recently I found out that airtel app installed in secure folder with given no permissions can access the otp generated outside the secure folder .If it has an access to apps outside my secure folder ,what's the use of secure folder .
I do get it you can hide things from people who use your phone by enabling and keeping things in here but we expect that apps that are inside the folder should not be able to access the apps outside this folder .
Also isn't it dangerous that even if I had given no permission to airtel app ,it was able to access my messaging app .
Huge Security Flaw from SAMSUNG .
4 Comments
owl123
Active Level 10
Options
- Mark as New
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-28-2023 11:02 AM (Last edited ‎08-28-2023 11:03 AM ) in
Others
Apps don't need sms permission for otp. They use google play services for reading the otp sms without the need of sms permission
https://developers.google.com/identity/sms-retriever/overview
https://developers.google.com/identity/sms-retriever/overview
kattuu
Active Level 2
Options
- Mark as New
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-28-2023 12:16 PM in
Others
Hmm ,let me see this documentation BTW it does not happen with WhatsApp .While you fill up ur phone number and wait for otp while it ask for permissions and u don't give any of those .WhatsApp will not be able to read ur otp automatically .Looks good on WhatsApp side.
BTW Thanks for the documentation page . 🙂
BTW Thanks for the documentation page . 🙂
owl123
Active Level 10
Options
- Mark as New
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-28-2023 01:53 PM in
Others
I guess it depends on whether developers want to use the api or not. In China for example where phones don't have google play services they have to resort to using sms permission

Anonymous
Not applicable
Options
- Mark as New
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-28-2023 12:06 PM (Last edited ‎08-28-2023 12:06 PM ) in
Others
But the concern reported is valid i guess. Any undetected flaw in this api or apps using the service might affect the security. Chances might be rare.
