How Gojek masks and keeps users' phone numbers secure at scale?

2572 views Backend System Design

Phone numbers can be misused if gone into the wrong hands. But sometimes delivery agents need to reach out to us for directions.

So, do delivery agents get our phone numbers?

Here’s how Gojek ensures seamless communication without sharing actual phone numbers.

Problem Statement

Say, customer A ordered something from Gojek and a delivery agent D gets assigned to this order.

We want to

  • enable A to contact D
  • enable D to contact A

but neither should have the other’s phone numbers.

and we achieve this using…

Virtual Phone Numbers

Instead of sharing the actual phone numbers of the users, we create virtual phone numbers which are

  • temporary but functional
  • can be assigned to any user at will

Telecom operators and providers like Twilio and Exotel provide these services.

Is it for everyone?

If we assign a fixed VN to every user in the system

  • does not improve the security posture
  • we would need millions of virtual numbers

If VN remains the same for a user, then abusers can keep track, and attack the user; breaching their privacy.


Hence, the virtual numbers we assign to the users should be

  • assigned on demand
  • bound to a transaction/order

Once the transaction is over, or the order is delivered, we assign the VN to some other user.

so, how do we assign?

Fetching Virtual Numbers

Instead of trying to get Virtual Numbers on the fly from the telecom operators and providers, we fetch them periodically and keep them handy in our database.

Say, we call this service VN service.

Assigning Numbers

When a delivery agent is assigned to an order,

  • we hit the VN database,
  • fetch a couple of unused VN,
  • and make an entry into the orders DB.

we show the assigned numbers on the app to the customer and the delivery agent.

If a user (customer/delivery agent) has multiple active orders, he/she will be assigned one VN for each active transaction.

Hence, if a delivery agent is delivering two orders at the same time, he/she will be assigned two VNs, ensuring privacy.


A user places an order and the event is sent to Kafka, to be consumed by the consumers which ensure we have enough VNs available.

If not, more VNs are fetched from the telecom operators and providers.

Once the delivery agent is assigned to the order, the Kafka consumers fetch the VNs from the database and update the mapping in Orders DB.

This entry is used to render the phone number of the other party on the app.

so, what happens when a user calls the delivery agent’s VN?

Calling a VN

Say customer A wants to call the delivery agent D. Say, DDD is the virtual number of D that A has.

When A makes a call on the number DDD, the telecom provider gets the call and it needs the actual number to connect to.

Hence, it makes a call to the VN service. The VN service then checks

  • who is calling
  • to whom the call is made
  • the existence of a valid transaction between A and D

once everything is validated, the VN service responds with A’s VN and actual number against DDD.

The telecom provider then bridges the call that was initiated from A to the actual phone number of D but it sets the source phone number to VN of A.

This way, when the D receives the call, it does not see A’s actual number, instead, it sees the VN of A.

This is how the customer and the delivery agent can connect over the phone call, while neither gets the actual phone number of the other.

This is exactly what Gojek does. The link to their blog is in the description of the attached video.

Arpit Bhayani

Arpit's Newsletter

CS newsletter for the curious engineers

❤️ by 21000+ readers

If you like what you read subscribe you can always subscribe to my newsletter and get the post delivered straight to your inbox. I write essays on various engineering topics and share it through my weekly newsletter.

Other essays that you might like

Overview of Discord's data platform that daily processes petabytes of data and trillion points

924 views 54 likes 2022-11-14

When a company scales, they adopt microservices and each service typically gets its own independent database. With data ...

How Airbnb designed and scaled its central authorization system - Himeji

2206 views 98 likes 2022-11-07

Authorization plays a critical role in ensuring that the platform is not abused. For example, Instagram ensures that if ...

How Gojek masks and keeps users' phone numbers secure at scale?

2572 views 152 likes 2022-10-31

Do hyperlocal companies like Uber, Ola, Swiggy, Gojek, Zomato, etc share our phone numbers with the delivery people or t...

The architecture of Yelp's in-house Search Engine - nrtSearch

2193 views 81 likes 2022-10-24

Elasticsearch is a great search engine, but Yelp was not happy with its performance, so they built their own HTTP layer ...

Be a better engineer

A set of courses designed to make you a better engineer and excel at your career; no-fluff, pure engineering.

Paid Courses

System Design Masterclass

A masterclass that helps you become great at designing scalable, fault-tolerant, and highly available systems.

1000+ learners

Details →

Redis Internals

Learn internals of Redis by re-implementing some of the core features in Golang.

28+ learners

Details →

Free Courses

Designing Microservices

A free playlist to help you understand Microservices and their high-level patterns in depth.

17+ learners

Details →

GitHub Outage Dissections

A free playlist to help you learn core engineering from outages that happened at GitHub.

67+ learners

Details →

Hash Table Internals

A free playlist to help you understand the internal workings and construction of Hash Tables.

25+ learners

Details →

BitTorrent Internals

A free playlist to help you understand the algorithms and strategies that power P2P networks and BitTorrent.

42+ learners

Details →

Topics I talk about

Being a passionate engineer, I love to talk about a wide range of topics, but these are my personal favourites.

  • v13.7.5
  • © Arpit Bhayani, 2022

Powered by this tech stack.