Currently aerogear-ios-otp depends on HTTP request to retrieve the shared secret, which defeats the purpose of OTP. I'm filling this issue as a bug, because we should never depend on the server to retrieve the shared secret. The correct fix is to provide a QRCode reader like AGDROID doees if possible.