Putting aside the “should/shouldn’t do” argument, I was also wondering if the code is even viable. I imagine that ‘ls’ and ‘sudo’ are probably pretty ubiquitous, but I bet there exist some Linux installs out there with a different shell than ‘bash’, and some might not have ‘grep’ too. That would lead to some pretty cryptic bugs for the end user, eh?

Yeah, I’ve implemented OTP before, and I can think of no way this could be a surveillance move. If they required you use their app because they use a custom solution, sure, maybe, but they’re OTP is currently entirely standard, so you can use a plethora of app (or roll your own in about 14 lines of Python)