Twitter Digits (https://get.fabric.io/digits) provides an authentication/login system based on phone numbers for mobile apps, and several other mobile apps (e.g. Square Cash, https://squareup.com/help/us/en/article/5187-about-square-cash) has the same feature.
The problem with this type of authentication is that, what happens when some existing users change and abandon their phone number, and their old numbers get assigned to others (who may or may not be an user of the app)?
This poses a security risk, because whoever owns a phone number registered in the system at the time will have access to the account of the former owner(s) of that number as an user of the app. And it doesn't seem that Digits (or any provider of such authentication method) solves this problem, because they does not and likely cannot verify that if the current owner of a phone number is indeed the same person who register with an app using the same number in the first place.
At the same time, the fact that a money-transferring app (Square Cash) is using the same method makes me think if there is some reliable technique that may well solve the problem.
Any guess?