01  ·  THE HIDDEN LINE ITEM

The hidden P&L line in every mobile product.

Every consumer app in India has a number it doesn't put on its dashboard: the percentage of users who intend to log in but never actually do. Somewhere between intent and "logged in," a quarter of the funnel evaporates — typing a number, waiting for an SMS, switching apps, retrying when the OTP fails, abandoning when it fails twice.

This isn't a UX problem. It's a P&L problem masquerading as a UX problem — and most growth teams are paying the bill without itemising it.

Phone numbers have quietly become the default identity layer for 7.3 billion mobile users. If your product asks for one — and almost every consumer product does — then your login flow is your identity flow. Every second of friction is a leak. Every failed OTP is a refund you didn't know you issued.

The question this piece explores isn't whether identity matters. It's whether you're paying for identity the expensive way.

02  ·  FRAMEWORK ONE

The login leakage equation.

FRAMEWORK  ·  LOGIN LEAKAGE

Leakage  =  Time  ×  Failure  ×  Fraud  ×  Cost

Before recommending a solution, name the problem in a way a CFO can underwrite. A four-variable model:

FIGURE 2  ·  COST DECOMPOSITION

FIG 02 · The leaky bucket. Multiply across millions of logins, and you have the gap between the funnel you report and the funnel you'd actually have.

The compounding effect is what most teams miss. In production benchmarks, replacing OTP lifts net logged-in conversion from roughly 58% to 92% — a ~34 percentage-point swing at the bottom of the funnel. That's not an optimisation. That's a category change in unit economics.

03  ·  WHY THE DEFAULT PERSISTS

OTP survives by inertia, not merit.

OTP is universal, not good. It works on feature phones, requires no SDK, and engineering teams already have the plumbing. Growth teams inherit it, measure around it, and rarely revisit it.

The strategic error is treating OTP as infrastructure when it's actually a cost centre with a UX penalty attached.

The messaging platform OTP reduces some friction, but it lacks profile data. Silent Network Auth wins on stealth but is expensive, slow to integrate, and data-blind. The market has been waiting for an option that wins on UX, data, cost and re-login simultaneously.

04  ·  THE PRODUCT

Truecaller SDK: identity as infrastructure.

The pitch is short: 1-tap, OTP-less, consented verification in under three seconds — across Android, iOS, Web and Flutter — built on OAuth 2.0 with Auth Code + PKCE. The distribution moat is what competitors can't replicate: 350M+ Indians already have Truecaller installed, with SIM + device binding set at first install.

FIGURE 3  ·  SCALE TO DATE

FIG 03 · The network moat. When you integrate the SDK, you don't acquire an identity—you inherit one.

For a market the size of India, this pre-installed footprint is the part that nothing else can match. Every Truecaller install is one less verification you need to acquire — and every return visit by that user can be re-authenticated at zero incremental cost.

FIGURE 4  ·  OAUTH 2.0 FLOW UNDER THE HOOD

FIG 04 · Four steps, one outcome. Verified in under three seconds via OAuth 2.0 with Auth Code + Proof Key for Code Exchange[ PKCE] — name, gender, city, and email captured at consent.

05  ·  FRAMEWORK TWO

Acquire → Enrich → Retain.

For a growth team evaluating the SDK, the cleanest mental model maps capabilities to the funnel stage. Six features, three jobs.

FIGURE 5  ·  CAPABILITY MAP

FIG 05 · The value chain. Tap → verified number → profile → quality signal → activated user → retained user.

Re-login alone — the ~30% of repeat users verified at ₹0 — is a line item OTP cannot match, because every SMS is billed whether or not it succeeds.

06  ·  PROOF IN PRODUCTION

Three validations, three angles of the same case.

Frameworks are useful; live numbers are decisive. Three deployments worth studying — each validating a different part of the framework.

07  ·  HOW TO VALIDATE

The 6-week validation playbook.

You shouldn't take any of the above on faith. The right validation framework is a contained, instrumented A/B — and it fits inside a six-week window.

The validation metrics that matter — and that most teams forget to instrument — are net verified users (not OTP delivery rate), cost per verified user including retries, and Day-30 re-login friction. If those three move, the rest of the funnel moves with them.

THE STRATEGIC QUESTION

You don't get paid to defend defaults.

Growth leaders get paid to find the lines on the P&L that scale faster than revenue — and to remove them. Manual OTP is one of those lines: a quiet tax that scales with traffic, gets worse in tier-2 cities, and is paid in conversion as much as in rupees.

Truecaller SDK isn't a feature. It's a structural change in how identity is capitalised on a mobile-first balance sheet — measured in production across 30,000 apps.

The only real question left is whether your funnel can afford another quarter of the default.