Auto PhoneNumberVerifier handles OTP-like SMS and notification data. Treat all payloads, logs, screenshots, and phone numbers as sensitive.

If you find a security issue, do not post real OTPs, phone numbers, tokens, or private endpoints in a public issue. Share a minimal reproduction with fake data.

• Do not commit ngrok auth tokens or API keys.
• Do not publish real OTP logs.
• Rotate any token pasted into chat, logs, or screenshots.
• Avoid exposing the server publicly without authentication.
• Keep the app visible and permission-transparent for the device owner.