Why do apps with phone verification send the user a message, rather than have the user send one to them?
06 Mar.,2024
Many apps allow the user to authenticate with their phone number, by having the user enter it, and then sending an SMS with a code to be entered into the app. Very few (if any that I can find still active), simply present the SMS interface, and have the user send an SMS with a verification code to the server. I can think of a few reasons for this, but none that really seem to rule it out for me:
- Sending an SMS could cost the user, and without having local numbers for every country, it could cost a significant amount
- A user may want to sign in on a device that does not have SMS capabilities, but can have the SMS sent to their phone instead [iPod/Tablet etc.] (this could be mitigated by allowing the user to use both inbound or outbound for verification depending on the device capabilities)
- Users are very familiar with the receiving interface from other big name apps, and so it may feel more secure
- Does sending an SMS seem "dodgy" a bit like old-school scams that ask you to send a message to a number?
- It is not compatible with a desktop web version of the product
None of these seems like a real reason not to do it, but for some reason the big names like WhatsApp, SnapChat, Facebook etc. all seem to avoid it. Can anyone think of any major reasons to not do this, or have any insights as to why it is not more common?