I've checked with TEF side that unfortunately the binary SMS option is not possible :(. It is currently not supported by default in every country (at least for TEF) and it seems to be supported only for SMS MT. We could still do it for some countries and with a mix of text SMS MO + binary SMS MT, but I don't think that's a good solution as the SMS flow is supposed to be the fallback for other authentication mechanisms that are not available in some countries (apart from allowing the authentication for the WiFi use case), so I would rather do this fallback as universal as possible.
I've also been told that there is no confirmation that an SMS MO sent to a short code is 100% secure as it depends on the specific carrier/country network and how they protect their interfaces (David Lozano might elaborate more on this). I've also been told that for other partners an MO only flow is secure enough though and they have a similar flow based on SMS MO only. In any case, since there's not an strong assurance about this, my preference is to expose a "doSilentSMS(..., bool)" function with a boolean flag that allows the payment provider to choose between an MO only or an MO+MT flow. Some of the required pieces for this might also benefit us in the future for other use cases like the Cost Control app, where an SMS flow is also required. I will start discussing the implementation details at [1] as soon as possible (probably after Taipei work week). Cheers! / Fernando [1] https://bugzilla.mozilla.org/show_bug.cgi?id=816564 _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
