Users can no longer see the phone number of other users in Aperture.

Previously any user could:

1. Create a Section account via Aperture.
2. Invite any existing Section user to their account
3. View the invited user’s phone number without any approval given by the invited user

Now users:

• cannot see the phone number of other users.
• can see and edit their own phone number, for the purposes of enabling SMS-based 2FA.
• can also specify an initial phone number for invited users that do not yet exist.

We believe this fix improves privacy for our users. It helps mitigate phishing and SMS-based 2FA interception.

Thanks to Salsa Digital for reporting this bug.