@Mr_Teatime @zeh @jgoerzen It occurs to me that they could theoretically store a hash, and then ask for the ph# again at acct recovery time, then compare the hashes. But I don't give OWS the benefit of the doubt considering how they push users into Google Playstore & claim it's safer than the APK download which they hide. It's hard to trust OWS anytime trust is needed.