# SMS and OTP platform boundaries

SMS and OTP features are highly platform-dependent. Treat them as convenience workflows, not as a guaranteed replacement for your system's native OTP autofill.

> [!WARNING] Android SMS source requires READ_SMS — a sensitive permission, official APK build only
> On Android, the SMS source requires the **READ_SMS** permission, which grants access to all SMS messages on the device. This is a sensitive permission. This feature is available only in the **official APK build**; store builds (e.g., Google Play) exclude it due to policy restrictions. Grant this permission only if you understand what it allows.

## What to expect

- Android may support SMS-related source detection or quick extraction depending on permissions and build variant (official APK vs. store build).
- iOS does not provide a general third-party SMS-reading API, so the SMS source is Android-only; on iOS, bring content in via manual sharing or Shortcuts instead.
- Desktop platforms usually receive SMS/OTP content only after it is copied, shared, or synced from another device.

## Privacy boundary

OTP codes are sensitive. Use short retention, delete after use, and avoid syncing OTP content if your threat model requires local-only handling.

## Troubleshooting

1. Confirm the platform supports the SMS/OTP path you are using.
2. Confirm required permissions are granted.
3. Copy a test code manually and verify it appears in Clip History.
4. Check whether filters are excluding SMS-like content.

Related: [SMS source](/features/source/sms) and [Privacy and Security](/advanced/privacy-security).