SMS and Privacy
There are a few problems with delivering alerts via SMS, but they mostly boil down to this: SMS is not very private.
For vulnerable audiences, it’s preferable to not collect any subscriber information at all. This isn’t possible with SMS, because you have to know the recipient’s phone number to deliver a message. Unless you’re talking about burners—which most people won’t have—that phone number is tied to a real identity. This is a vulnerability in at least these scenarios:
- If the alerting app itself gets targeted (whether by LE or other malicious actors), user-identifying information could be leaked.
- Phone companies cooperate with LE, through legal process (subpoenas) or otherwise, to find out which phone subscribers are receiving SMS alerts.
- LE , IC, or well-resourced hackers snoop on the SMS network.