Easy Ways to Implement Automatic SMS Verification in Android

Anang Kurniawan
Apr 7 · 5 min read
Image for post
Image for post
SMS Verification in Android

There are many ways to do the verification process in an Android application. One of the best way is using SMS verification. Since we all know most mobile phone users have a phone number for their phone.

But, input the code that we received from SMS isn’t user friendly. You have to view all the messages in your phone and see the code on it, then back again to the app to input the code. We need “something” that can read those messages and get the code then fill in the field automatically.

Actually, there are many ways to automatically fill the OTP field by reading the message in our phone using READ_SMS permission. But, Google has strictly prohibited the usage of that permission for security purposes. You can read the full explanation here.

Since we can’t use the READ_SMS permission anymore, Google has given some other choices to implement automatic SMS verification using SMS Verification API which includes the automatic and one-tap SMS verification. Let’s find out how they work!

Automatic SMS Verification

Image for post
Image for post
Automatic SMS Verification Flow

The automatic SMS verification is the best way to do the SMS verification. Because, users don’t have to do any action and just wait until the verification process is complete. Also, it doesn’t require any permission, but you have to make sure that you follow these criterias:

  1. Messages that are sent to the user’s device must be no longer than 140 bytes.
  2. Message must contains a one-time code that user’s will send back to the server.
  3. Message must contain an 11-character hash string.

Now, let’s implement automatic SMS verification in our app!

Prerequisites

This only works in Android devices with play service version 10.2 or latest.

Import Library

Import these libraries into your app’s gradle to start using SMS Retriever API.

implementation 'com.google.android.gms:play-services-auth:17.0.0'                       implementation 'com.google.android.gms:play-services-auth-api-phone:17.4.0'

Obtain Phone Number

There are several ways to obtain a user’s phone number. The best way that Google recommends is using a hint picker. Look at these codes below.

Start SMS Retriever

After you have got the user’s phone number, then you are ready to start the SMS Retriever to listen to SMS that contains a unique string to identify your app for up to 5 minutes.

Send User’s Phone Number to Server

Then, you should send the user’s phone number to the server for triggering the verification process. The server will send an SMS containing the one-time code and a unique string to identify your app.

Receive Verification Message

When a client’s phone receives any message containing a unique string, SMS Retriever API will broadcast the message with SmsRetriever.SMS_RETRIEVED_ACTION intent. Then, you should use a broadcast receiver to receive the verification message.

Don’t forget to register your Broadcast Receiver to manifest.

Send OTP Code Back to Your Server

After you got the message that contains one-time code, use some regex or other logic to extract your code from the message. Then, send that code back to the server.

One-tap SMS Verification

The other way that Google provides for SMS verification is using One-tap Verification method. This method has a similar process with the previous one, but you don’t have to generate any unique code to verify your application. This method will show a bottom sheet to ask user permission to read the content of a single SMS. If the user gives their consent, your app then will have access to the message and you can get the one-time code on it.

Image for post
Image for post
One-tap Verification Process

Now, let’s implement One-tap verification on your app!

Import Library

First thing that you need to do is import these libraries into your app’s gradle.

implementation 'com.google.android.gms:play-services-auth:17.0.0'                       implementation 'com.google.android.gms:play-services-auth-api-phone:17.4.0'

Obtain User’s Phone Number

Again, before we start the SMS verification process, we need to obtain the user’s phone number. You can use any method to do this, but Google recommends using a hint picker. See the code below to implement hint picker.

Listening for an Incoming Message

Same with the previous method, we should start listening for an incoming message before sending that phone number to the server. This listener will listen to any message for up to 5 minutes. In this method, you can specify the phone number that will send a message contains the OTP code. But, if you don’t want to set it, you can fill it with null value.

Another thing that you have to know about this method is you have to make sure your message completes these criterias:

  1. The message contains a 4–10 character alphanumeric string with at least one number.
  2. The message was sent by a phone number that’s not in the user’s contacts.
  3. If you specified the sender’s phone number, the message was sent by that number.

Implement this code in your Activity class to start listening for an incoming message.

Starting an activity with EXTRA_CONSENT_INTENT means that a bottom sheet will appear to the user to give one-time permission to read the SMS.

Image for post
Image for post

Get the Verification Code

In onActivityResult(), if you got the RESULT_OK, it means the user gives you permission to read the SMS and you can get the SMS content from intent.

Then, you can extract the code from SMS and send it back to the server to complete the verification process.

That’s it! We have implemented the verification process using SMS Retriever API. Those are easy to try, aren’t they?

If you have any questions, please let me know in the comments below!

Anang Kurniawan is one of Android developer in GITS Indonesia.

This is article is also can be read at gits.id/blog.

GITS Apps Insight

Journal about apps development for business and eCommerce…

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store