Do what I do and turn off "allow multi-device." Problem solved -- even if your phone number is stolen, they can't recover your 2FA because it's locked to the device too.
I just did some quick research on these IDs. Correct me if I'm wrong, but it seems like each user account would be tied to one device. It also seems like the user, at least on Apple devices, has to opt into advertising tracking in order for your app to even get access to this.
Ignoring the security pitfalls of phone numbers, it really doesn't seem like these advertising IDs are a drop in replacement for using phone numbers.
It's used to store and retrieve your 2fa secrets in case you lose your device
> > Even worse... Sounds like phone number is irrelevant, yet they collect it.
> It's used to store and retrieve your 2fa secrets in case you lose your device
The phone number doesn't store anything?
But if somehow knowing that phone number is a key to getting your 2FA secrets, you'd have a bigger problem.
Except it often is, and that's the problem.
Do what I do and turn off "allow multi-device." Problem solved -- even if your phone number is stolen, they can't recover your 2FA because it's locked to the device too.
2 replies →
How else are they going to track people with a hard-to-change identifier?
> How else are they going to track people with a hard-to-change identifier?
Using the device advertisee ID that the user is entitled to change.
// Sorry, for a moment I thought you were serious.
I just did some quick research on these IDs. Correct me if I'm wrong, but it seems like each user account would be tied to one device. It also seems like the user, at least on Apple devices, has to opt into advertising tracking in order for your app to even get access to this.
Ignoring the security pitfalls of phone numbers, it really doesn't seem like these advertising IDs are a drop in replacement for using phone numbers.