Swift : Unsafe SMS handling

This application uses SMS API. Incorrect usage of this API may violate user privacy.

The application must request SMS permission, only if it is necessary for its operation. Malicious software often uses this permission in order to deceive users.

The SMS protocol was primarily designed for user-to-user communication and is not well-suited for apps that want to transfer data. Due to the limitations of SMS, you should use Google Cloud Messaging (GCM) and IP networking for sending data messages from a web server to your app on a user device.

Beware that SMS is neither encrypted nor strongly authenticated on either the network or the device. In particular, any SMS receiver should expect that a malicious user may have sent the SMS to your application. Don’t rely on unauthenticated SMS data to perform sensitive commands. Also, you should be aware that SMS may be subject to spoofing and/or interception on the network. On the Android-powered device itself, SMS messages are transmitted as broadcast intents, so they may be read or captured by other applications that have the READ_SMS permission.

Insecure Communication vulnerabilities take the third place in the “OWASP Mobile Top 10 2016” mobile application vulnerabilities ranking.