How Gojek masks and keeps users' phone numbers secure at scale?
Phone numbers can be misused if gone into the wrong hands. But sometimes delivery agents need to reach out to us for directions.
So, do delivery agents get our phone numbers?
Here's how Gojek ensures seamless communication without sharing actual phone numbers.
Problem Statement
Say, customer A ordered something from Gojek and a delivery agent D gets assigned to this order.
We want to
but neither should have the other's phone numbers.
and we achieve this using...
Virtual Phone Numbers
Instead of sharing the actual phone numbers of the users, we create virtual phone numbers which are
Telecom operators and providers like Twilio and Exotel provide these services.
Is it for everyone?
If we assign a fixed VN to every user in the system
If VN remains the same for a user, then abusers can keep track, and attack the user; breaching their privacy.
Constraints
Hence, the virtual numbers we assign to the users should be
Once the transaction is over, or the order is delivered, we assign the VN to some other user.
so, how do we assign?
Fetching Virtual Numbers
Instead of trying to get Virtual Numbers on the fly from the telecom operators and providers, we fetch them periodically and keep them handy in our database.
Say, we call this service VN service.
Assigning Numbers
When a delivery agent is assigned to an order,
we show the assigned numbers on the app to the customer and the delivery agent.
If a user (customer/delivery agent) has multiple active orders, he/she will be assigned one VN for each active transaction.
领英推荐
Hence, if a delivery agent is delivering two orders at the same time, he/she will be assigned two VNs, ensuring privacy.
Flow
A user places an order and the event is sent to Kafka, to be consumed by the consumers which ensure we have enough VNs available.
If not, more VNs are fetched from the telecom operators and providers.
Once the delivery agent is assigned to the order, the Kafka consumers fetch the VNs from the database and update the mapping in Orders DB.
This entry is used to render the phone number of the other party on the app.
so, what happens when a user calls the delivery agent's VN?
Calling a VN
Say customer A wants to call the delivery agent D. Say, DDD is the virtual number of D that A has.
When A makes a call on the number DDD, the telecom provider gets the call and it needs the actual number to connect to.
Hence, it makes a call to the VN service. The VN service then checks
once everything is validated, the VN service responds with A's VN and actual number against DDD.
The telecom provider then bridges the call that was initiated from A to the actual phone number of D but it sets the source phone number to VN of A.
This way, when the D receives the call, it does not see A's actual number, instead, it sees the VN of A.
This is how the customer and the delivery agent can connect over the phone call, while neither gets the actual phone number of the other.
This is exactly what Gojek does. The link to their blog is in the description of the attached video.
Here's the video of my explaining this in-depth ?? do check it out
Thank you so much for reading ?? If you found this helpful, do spread the word about it on social media; it would mean the world to me.
If you liked this short essay, you might also like my courses and playlists on
I teach an interactive course on System Design where you'll learn how to intuitively design scalable systems. The course will help you
I have compressed my ~10 years of work experience into this course, and aim to accelerate your engineering growth 100x. To date, the course is trusted by 800+ engineers from 11 different countries and here you can find what they say about the course.
Together, we will dissect and build some amazing systems and understand the intricate details. You can find the week-by-week curriculum and topics, testimonials, and other information at https://arpitbhayani.me/masterclass.
Building Computer Vision Systems @Oracle | Software Architecture | System Design | ICPC Regionalist
2 年Good article Arpit Bhayani Bhaia one question though. How is the user given authentication to contact a VN? My hypothesis: A local token with a TTL of the order must be created. Once the order is completed the users won't be able to contact the VN again. If that is not the case then giving 2 VN for 2 orders makes sense else would be an operational overhead for the service.
Engineering @Razorpay | Cloud Solution Architect
2 年I believe the above writeup is same as that in gojek engineering blogs
Redis Internals: arpitbhayani.me/redis Subscribe to Newsletter: https://www.dhirubhai.net/newsletters/asli-engineering-6921728898456072192/