[Stealth-]

ALOT of apps are starting to do this. I believe Snapchat initially was the company that began doing it. When a site like Facebook uses your number to identify you, this feature actually makes sense.

I wonder if more fine-grained permissions would make more sense for this sort of feature. Perhaps it would be better if Android had support for "This app may read text messages from 1-800-XXX-XXXX" or something similar instead.

[regecks]

I use XPrivacy (https://play.google.com/store/apps/details?id=biz.bokhorst.x...).

With it, I have extremely fine-grained access control to a wide variety of "system calls", including access to contacts, text messages and to the device phone number.

In this case, I can permit access temporarily during the 2FA, and then return garbage values the rest of the time. Easy. (Though obviously if they harvest my text messages for other purposes during 2FA, that is a problem - but one can that can be technically solved within XPrivacy imo.)

In other cases, such as running Skype, I deny access to everything always (phone number, my location, contacts, Google accounts are the things Skype makes system calls for) and Skype continue to works fine, so I think this is a viable strategy.

[sizzle]

since first being introduced to XPrivacy, I absolutely can not use an android phone without it. It really opened my eyes to how invasive some apps are when running in the background or just inappropriately accessing info in general (especially location information!)

[sandwell]

It sucks that you have to have a rooted device to use this. While I think Android in general is fantastic, I'm torn but the fact that I am forced to choose between having control of my privacy or being able to use online banking, get regular updates etc.

[sliverstorm]

Google Hangouts just did it to me a few days ago to verify the number on my account, I wasn't expecting it.