Some methods require the client to verify if the data obtained from an external source matches a certain pattern.
Same with email verification codes.
In all cases, the pattern is a string of the same length as the string to verify: and matching is as simple as checking if all chars in the source string are the same as in the pattern string.
Some chars in the pattern string may be censored using an asterisk
*, in this case any char in the source string is considered valid.
The pattern string can also be a single asterisk, in this case all patterns are considered valid.
If the source string is a phone number, it has to be sanitized first to include only the following chars:
Example implementation: telegram for android.