With the advent of various security events, a common login password cannot meet an operation of a high security risk. More application developers perform authentication on login or a sensitive operation of an application to ensure security of the login or the sensitive operation, and a short message service (SMS) verification code is a most common manner.
Currently, in an Android™ system, an application program may read all SMS messages in a system by applying for permission for reading an SMS message, and the Android system grants, to the application, permission for reading all SMS message records. After the system receives an SMS message, a broadcast indicating that an SMS message is received is sent in the system. After receiving the broadcast, an application having SMS message reading permission may read SMS message content, extract a verification code from the SMS message content, and fill the verification code in a verification code input box of the application.
Therefore, the application may read not only normal verification code information but also SMS messages that are received or sent by a user when the user normally uses an SMS message application. This easily causes disclosure of user privacy and relatively poor user experience.