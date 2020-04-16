If you check the latest SMS verification messages you’ve received, you probably notice that each one has a different format, thus hindering automatic systems such as those integrated into operating systems such as Google’s Android or Apple’s iOS.

Apple engineers proposed a standardization of the format these OTP messages (one time password) in January and has now received the support of Google. It is fundamentally a web standard, although its standardization would also be beneficial for mobile applications.

A unique format for verification SMS

This proposal describes a format for verification SMS messages that are easier to interpret and integrate into auto-complete web forms. This type of SMS messages are the ones you receive upon registering for a new service to confirm your phone number or from your bank, before carrying out a banking operation.

The problem is that until now each web page and each service defines its verification SMS messages as it wants, often translated into the local language. They work well for a human user who reads and interprets them, but are more complicated to extract programmatically. The idea is that the web browser or the operating system can distinguish the code from the rest of the message and fill out the form for you.

The solution, proposed by Apple engineers and now supported by Google, is simple. Include one line of the message for people and another for automatic systems, including the web domain associated with the service that has made the request. Thus, a verification code in this format would look something like this:

747723 is your ExampleCo authentication code. @ example.com # 747723

This method tries more than anything to facilitate automated systems to interpret the verification messages by SMS, not focusing so much on their security. For example, it would not prevent SMS hijacking attacks, although it could help reduce the risk of phishing attacks.

At the moment this proposal has received the approval of Apple for Safari and Google for Chrome, without Mozilla

has even expressed an interest in the matter. If it goes ahead, we may start receiving in the future verification messages in a unique format of those services that want to provide their users with the browser or operating system to fill in the OTP automatically.

Track | Android Police

Share



Apple and Google agree to unify the format of verification SMS messages