re OTPs, there's a special permission-less way to request sms codes, with a special hash in the content so it's clearly an opt-in by both app and sender: https://developers.google.com/identity/sms-retriever/overvie...

so no, it's not necessary at all. and many apps identify OTPs and give you an easy "copy to clipboard" button in the notification.

but that isn't all super widely known and expected (partly because not all apps or messages follow it), so it's not something you can rely on users denying access to.