“…Another line of research focused on better understanding the real-world security implications of SMS OTP authentication issues [23], [35], [45], [63]. Specifically, AUTH-EYE [45] proposed a fully automated approach to identify and detect the implementation flaws of apps using the SMS OTP authentication scheme on a large scale. Their analysis focuses on whether the SMS OTP code is securely generated (e.g., the OTP randomness, length) and verified (e.g., allowed retry attempts, renewal interval).…”