Google, Amazon, and Twitter, among other sites like Dropbox, are rejecting some Reliance Jio phone numbers on their websites. This means that Jio users with those numbering schemes cannot receive SMS notifications or use 2-factor-authentication, where they can get a one-time-password (OTP) via SMS for an added layer of security. This is a significant security risk for these Reliance Jio users.
Google and Amazon did not respond to a request for comment sent last week. A Twitter spokesperson said, “We take the safety and security of our users and their accounts on our platform very seriously. Generally, users can enable 2FA for added security to their Twitter accounts by SMS with more information here.”
Jio also did not respond to a query on the number of ranges they have in India, and on whether they are working with these companies to resolve this issue.
Update: Dropbox responded saying that they’ll work on resolving this issue, and “In the meantime, Dropbox users on Reliance Jio’s network have a number of 2FA methods available to them, including U2F hardware tokens and app-based tokens that can be utilized instead of SMS-based 2FA.”
Why this is happening
Reliance Jio seems to have registered a significant number of new “ranges” on India’s mobile phone numbering system. Each mobile phone number in India starts with four-digit range numbers; for example: “9894”. Each such range has a million phone numbers. The Department of Telecommunications (DoT) allots these ranges to telecom operators if they can get a certain number of subscribers in the “circle” where that phone number range is approved.
It seems most likely that Google, Amazon, Twitter, and other companies have not updated their data on the new ranges that the DoT has allotted to Jio, and so their websites throw up errors such as “This number is not in a valid format”. It’s unclear why they don’t just accept any ten-digit number to avoid such errors from occurring when new ranges are allotted.
Now that Jio has multiple such new ranges, and is even rolling out phone numbers starting with ‘6’, it is safe to assume that millions of new Jio subscribers are unable to register their phone numbers on these websites.
Inconvenient and insecure
It’s easy to see how this problem can be inconvenient. Amazon delivery agents, for example, can’t call Jio users to get directions or to ask if they will be at home during delivery. Jio users can also not get SMS notifications from any website like Amazon that refuses to accept their phone number.
This is also a security risk, however. Jio users cannot get one-time-passwords via SMS to login with an added layer of security. It is unclear if there are banks or credit card networks that deny Jio numbers; but if there are, then Jio users face a huge obstacle in making online payments with their plastic cards. This is because one-time-passwords are required for online transactions in India by the RBI.