Auto-fetch OTP without SMS read permission in Android App
Are you an Android developer looking for answers after being jolted by this blog post? I sure do respect the change in policy, but oh boy, don’t we have some work to do. I’m assuming you already checked out the SMS Retriever API but have run into problems?
So here’s the story in short.
- Create a BroadcastReceiver
public class MySMSBroadcastReceiver extends BroadcastReceiver {
@Override
public void onReceive(Context context, Intent intent) {
if (SmsRetriever.SMS_RETRIEVED_ACTION.equals(intent.getAction())) {
Bundle extras = intent.getExtras();
Status status = (Status) extras.get(SmsRetriever.EXTRA_STATUS);
switch(status.getStatusCode()) {
case CommonStatusCodes.SUCCESS:
String message = (String) extras.get(SmsRetriever.EXTRA_SMS_MESSAGE);
// Extract one-time code from the message
break;
case CommonStatusCodes.TIMEOUT:
// Waiting for SMS timed out (5 minutes)
break;
}
}
}
}2. Register the receiver
<receiver android:name=".MySMSBroadcastReceiver" android:exported="true">
<intent-filter>
<action android:name="com.google.android.gms.auth.api.phone.SMS_RETRIEVED"/>
</intent-filter>
</receiver>3. Create the SMS on your server as per the template mentioned here. This is where things went wrong for me. Computing the hash string as mentioned in the documentation DID NOT work. Until I found this file, an alternate way to compute the hash, thanks to Chintan Desai.
So if you are scratching your head over what’s going wrong, use the Java file to compute the hash and Bingo. Things must be fine.
But I still have to figure out why the official documentation is computing a different hash value for me. Felt that I should write this down since many of you might run into the same problem.
PS: Also, I’m quite amazed by the power of Google, the way they are getting developers across the world to do this within 90 days, and setting a standard template for OTP messages for the future.
Thanks to Google Documentation, SMS Retriever Demo and my team at Yulu.Bike #PedalTheChange