I'm developing a financial application for iOS and am exploring secure user verification methods. My goal is to enhance security by implementing a robust mechanism that discourages unauthorised access, even in cases of device theft or SIM swapping.
Due to Apple's privacy policies and the deprecation of certain APIs (e.g., serviceSubscriberCellularProviders), directly accessing SIM information like IMSI or ICCID is not feasible. I'm seeking guidance on compliant approaches that effectively verify user identity and mitigate security risks within the App Store guidelines. However I have seen other applications(Google pay, PhonePe) achieving this SIM binding in which they send a specific text message from device and detect mobile number.
- Are there any other methods to identify SIM change as CTTelephonyNetworkInfo is not reliable anymore as it's deprecated.
Objective: My primary goal is to implement a secure user verification system that effectively combats unauthorized access and enhances the security of my financial app. I'm committed to finding solutions that adhere to Apple's privacy guidelines and protect user data responsibly. This seems to be a broad question but any solution would be appreciated.
Thank you