The SMS vulnerability is not because of your apps. It’s because of the LTE protocol itself. It can be intercepted or redirected without touching your phone.
Comment on Google Disabling Phone 2 Factor?
doctorcrimson@lemmy.today 11 months agoSMS could potentially be a secure form of Data Transfer if companies weren’t allowed by limp dinosaur legislators to gut your phone for any useable data with a simple app, but yeah I can see how it’s current state is lackluster.
brianorca@lemmy.world 11 months ago
Chozo@kbin.social 11 months ago
Only if there's a previously-authenticated device. That setting can't be enabled without a key, and one of the required keys is produced locally by a logged-in device (which is why your device is trusted to stay logged in indefinitely). If enabled without a key, it's nonfunctional and should error itself out and revert to a disabled state.
If that somehow hasn't happened (which, in all honesty, would be very surprising to learn) and the setting is enabled on your account, then that'd be something you'd need to submit a request to Google to have fixed, otherwise you have zero recovery on that account.
Are you a thousand percent sure you've never had any other device logged into that Google account? When you attempt to log in, it should show you the device name it's sending the request to. For instance, when I log into my Gmail from an Incognito window right now, it says to check my Pixel 6 Pro. What's it saying for you?
doctorcrimson@lemmy.today 11 months ago
No, I’m telling you, it’s on by default when you purchase a Google Device. It doesn’t need to be set up.
Chozo@kbin.social 11 months ago
What device does it say it's sending the request to?
doctorcrimson@lemmy.today 11 months ago
A device. The fact that any device is getting a google prompt and it cannot be disabled is the issue.