Are there any technical docs on how Google Prompt authentication works?
Someone once told me that on some phones it uses SMS to communicate and therefore it can be vulnerable to SIM porting attacks. I want to verify that isn't true.
Conversation
That's not true. It relies on devices being paired with the Google account, i.e. they already have an active login. You shouldn't use it anymore as a first choice though. You should add the phone as a security key, which uses the hardware-based keystore as a U2F implementation.