I don't work on the team that would make this decision, but I do work on the security team. SMS verification for MFA was something we were considering while designing what our MFA solution should look like, and many of the problems with SMS verification apply here. Answering specifically from a privacy and security point of view, here:
- Not everyone has a phone or cell reception or can receive texts for free. These people should be able to play ranked.
- Requiring a phone number to play ranked means tracking many tens of millions of phone numbers, significantly increasing the amount of personal information Riot has to collect on players. This increases Riot's liability, but also increases the amount of data you have to provide in order to play League. Each piece of personal information we collect on you has to be stored, with retention periods, in specific ways, as well. This isn't to say that GDPR is a bad thing (it's not) but there is a duty of care which has to be taken into the equation.
- Having to collect a rather sensitive piece of personal information to prevent rare events is difficult to justify when alternative approaches exist.
Big bold letters: The rest of this post is opinion. It is not a statement from Riot. I do not work on anything related to Clash, competitive games or matchmaking. This is just my opinion when combined with my experience playing League and working in information security.
I understand that Clash does use phone numbers in order to prevent smurfing. The primary use of phone numbers there is to make it harder to smurf; it's not completely fool-proof, but for something like Clash, which has a limited number of games and where matchmaking is a bit more difficult, it makes sense to have to use something like phone numbers to identify smurfs.
With "regular" matchmade games, it's a bit easier to identify if someone is a smurf or otherwise not new to League, as anyone who has ever leveled an alt account can attest to. My most recent alt account which I made was playing vs players of my normal rank within a few matchmade games.
I would wager that individuals who are dedicated enough to League to get banned so frequently that they have to continually make alt accounts in order to evade bans likely will not be deterred by a requirement to buy (or receive for free, in some areas) a sim card to use once to prove their account is not a smurf account. It could make it more difficult to buy an account in order to evade a ban.
I'm not sure that asking the entire ranked playing player base to both have a phone, have cell phone service and provide that phone number to Riot in order to be able to continue playing, or to start playing, ranked is an appropriate measure in order to curtail toxicity from banned accounts, given how rare a permanently banned account.
I think, if Riot were to tackle that, a more proportionate response would be to make bans targeted at an individual, rather than per account (permanent bans are account bans, not bans against the person), and to act upon accounts that have been identified as being from someone who has previously been banned.
Neither of these things would require more mass collection of personal information, so I would personally be on the side of them. Either way, I think any attempt to, in any way, add barriers to playing existing high engagement activities should be looked at very carefully, especially if those barriers include the collection of new amounts of personal information.
devtrackers.gg