Android automatic SMS verification - Google’s SMS retriever API

As time passes android is getting better in all means for example security, from Android M google has provided the users to have control over permissions like Read SMS, Storage, Contacts, etc. Now Google allows only one app at a time to read and manage your messages i.e only your default messenger app of your choice(I think it was the most necessary step).
As Google is preventing apps to read SMS it has introduced SMS Retriever API to give access to the messages received from there servers to continue with tasks like Autofill OTP, e.t.c.

Message Format

Before getting into action you should know the new format of OTP messages introduced by Google. Have a look at the format

<#> SampleApp: Your verification code is 143567
QbwSot12oP

By a glance at the format, you might have an idea. let me explain it briefly,
there two conditions we should follow

  1. The message should start with <#>, that will indicate this is an OTP message to the system.

The image below represents how SMS Retriever API works

Now Let’s get into action

Step 1

Importing necessary libraries

Following are the mandatory libraries to integrate SMS Retriever API into your project.

Step 2 (Optional) :

Obtain the phone number through hint picker shown as below

Retrieve the phone number in onActivityResult

Step 3 :

Start SMS Retriever

After the user has submitted the phone number, we should initiate SMS retrieval task as shown below

Step 4:

Create broadcast receiver

To receive the message from SMS Retriever API

Register the receiver in manifest file with intent filter com.google.android.gms.auth.api.phone.SMS_RETRIEVED (the value of theSmsRetriever.SMS_RETRIEVED_ACTION constant)

After you received the message in the receiver you can pass it to your activity, where you can finish user authentication.

Step 5 :

Remember AppSignatureHelper class mentioned above, now is the time to implement it. As you have noticed the hashcode of your app in message formate, you can generate this hashcode with command prompt which is a bit complicated for those who don’t have experience with CMD, so we take the simplest way to get Hashcode that is through AppSignatureHelper class, but be aware that you should remove AppSignatureHelper class from your code once you get the hashcode in LOGCAT.

Run AppSignatureHelper class in base application as show below

Things you must do

  1. Remove AppSignatureHelper class from your project before going to production.

WHY you should implement SMS Retriever API

From Jan 9th, 2019 Google will remove apps from playstore with permissions READ SMS AND CALL LOG, if they don’t explain the necessity

Advantages of SMS Retriever API for your audience

With SMS Retriever API, there are two main advantages for Android users, such as

  1. From now not every app with READ SMS permission can access your personal data like messages.

If you have any difficulty in implementing or anything I have missed in the process, please let me know in the comments below.

Bonus

To learn more about Kotlin, read the previous parts of this Advanced Programming With Kotlin series:

To learn more about Kotlin coroutines and other advanced features of Kotlin, read the following articles:

To learn more about Jetpack libraries read the following articles:

To learn more about Dependency injection read the following articles.

To learn more features and tips of Room library, read the following articles:

Thank you for reading.

Programming Geeks

Learn, share, repeat.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store