• smileyhead
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    1 year ago

    If unofficial app can MITM registration, it can the same way MITM login later.

    doesn’t require a client A side note, JavaScript app in the browser is as much an app as Java/Kotlin on Android. But I know websites and web-based applications are now so mixed together it sometimes can confuse me too.

    And browser version of Telegram does not allow registering new accounts also.

    • atkdef@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      Compared to login, MITM on registration means the culprit knows the IP address and the time of the registration, which is usually significant on claiming the account back.

      I don’t have a spare number to test, but I’m pretty sure entering a phone number in the web sends a SMS code. Do you have concrete evidence that it really doesn’t work?