Comment on SIM binding in India: What it means for WhatsApp, Telegram users and why the government wants it
sonofearth@lemmy.world 16 hours agoIf a phone gets stolen, you can easily file a complaint, get that sim deactivated and a replacement within an hour. Put it in another phone and logout of any accounts from the stolen phone. If the stolen phone has a lock, then it is pretty difficult for a random thief to extract the data from the phone.
Source: My phone was stolen in 2014 and had my brother’s phone number in it who was in another country. My parents lodged a complaint the next day, deactivated the sim and got a replacement in 3 hours. My phone didn’t have a lock but thankfully I did not have any sensitive data on it and I reset my google account password ASAP after I lost it and logged out of all devices. I still use all the important accounts that were on that phone till this date.
CameronDev@programming.dev 16 hours ago
I’m more thinking along the lines of getting a cheap sim, signing up for signal and them letting the plan lapse and the number is released for use again. And then someone buys a new plan, but gets the recycled number. Not sure how realistic that is as a risk vector though.
sonofearth@lemmy.world 11 hours ago
But I don’t think it would make any difference. What would actually secure the account is the internal account password which both Signal and Whatsapp already have.
CameronDev@programming.dev 10 hours ago
If you hold the number it can’t get recycled into distribution. Signal does fall back to MFA codes over SMS from memory (I’ve recovered the signal account for my grandma, as I own the number), so anyone who controls the number controls the account.