[sansnomme]

There are easier ways: whitelisting. Android and iOS already have a ton of shenanigans in their SMS apps to deal with stuff like RCS. A lot of people also now block and ignore calls not from a familiar caller id. Exchanging contacts can be tied with exchanging QR codes to allow auth, a practice that has been normalized by social media companies like Snapchat. This is relatively scalable. Same thing for corporations, they can post their codes online. For the non-technical an additional manual entry code can be added to automated telephone systems. For good or for bad, the mobile operating systems market has generally consolidated around a few big players. Stuff like Sailfish, KaiOS are still very very small players. Software updates can be easily and cheaply deployed OTA.

[viraptor]

This is a high tech solution which just won't work for lots of people. Example: The local medical practice uses simple mobile phones. Think old Nokia with 3-line menu to display and no camera. You want a call back from a doctor on call and have no internet access. How would you do any pre-auth/whitelist in that case? How would you do it if you only had a land-line on POTS?