Authy for Android – Now Safer and Easier
(By Simon Thorpe, August 2017) As you may be aware, when you install the Authy app, Authy sends you an SMS to verify your phone number. On Google’s Android platform it had previously been possible to automatically read that SMS message. But if so, the permission you gave the app resulted in full access to read all of your SMS messages, forever (or as long as the app was installed on your device.)
But no more. As a result of an Authy partnership with Google, Authy now uses a new Twilio SDK that preserves this simple user experience but no longer has the concerns of security v. privacy. This means that when a new user installs the Authy on Android app, the phone number verification step is totally automated but the Authy app has no access to your SMS inbox.
A Big Deal That Doesn’t Sound Like It
Simplifying SMS permissions will actually make Authy on Android a lot easier to use. And a lot safer. To reduce the risk of spam and fake accounts, many apps no longer ask for your email address and, instead, ask you to use a mobile phone number for the creation of user accounts. These apps look to ensure that the phone number you provide is actually one that belongs a device that you own. The app sends an SMS-based code to the phone number provided, and you’re required to re-enter that number back into the app. Enter the right code, and you’ve proven you have access to that phone number. Wrong code? No-go.
Solving For Too Many Steps
We understand that people won’t use our security app if it’s a pain in the neck to use. And for some users, having to receive, read, and re-enter an SMS code back into an application is simply three steps too many. That’s why we’re so excited about this announcement. Google’s SMS Retriever API is a bit of software that eliminates the steps of finding, reading, and re-entering an SMS code by automatically reading the SMS message for you, and validating your access to the number. Users never have to enter the code at all! Google created this new API to stop apps having full access to a user’s SMS inbox; instead, it only provides SMS data specific to each app.
Here’s How It Works
The user enters a phone number and country code, and then chooses a verification method.
SMS is delivered by Authy and received by the user.
Automatically the SMS is read, the account is validated and registered, and a confirmation is sent.
Twilio – Easy For Developers
Google then needed help simplifying the way developers would use this new functionality. This is where Twilio stepped in: the Authy app is built on Twilio 2FA, Phone Verification and SMS/Voice/Notification APIs. The big news here is that as of August 2017, the Authy app is also built on the Twilio Phone Verification SDK for Android.
So What Does This Mean For Authy Users?
You get an even simpler Authy-experience. Authy for Android users will find that getting access to social media, email, and just about anywhere you’ve secured with Authy 2FA is virtually friction-free. Just open your Authy for Android app, and — thanks to Google — let Authy conveniently automate the end-to-end verification process quickly and easily.
We’re super excited about using this new feature for all new Authy app installs on Android. Unfortunately for Authy for Apple users, iOS doesn’t allow apps to auto-access iMessages or SMS, so this feature is only available on Android. If you have any questions, please don’t hesitate to reach out to Authy Support.
Stay secure!