Using SMS Retriever API, you can perform SMS-based verification in your app automatically, without requiring the user to manually type verification codes, and without requiring any extra app permissions.

The Google Play Services SDK(10.2 and newer) offering you to enable read the phone number and the verification SMS automatically without requiring these extra permissions.

1.Phone Selector API


Phone Selector API provides the Phone number to your app with a much better user experience and no extra permissions.Using this API, you can launch a dialogue, which shows the phone numbers on the device to the user.

First, you create a hint request object and set the phone number identifier supported field to true.

Then, you get a pending intent from that hint request for the phone number selector dialogue.

Once the user selects the phone number, that phone number is returned to your app in the onActivityResult().

2.Reading the verification code automatically using SMS retriever API


SMS Retriever API provides you the message content to your app without requiring any extra permissions.The key part is that it provides you only the message targeted your app.You have to verification code in your SMS message and include app-specific hash.This app-specific hash is a static hash that you can just include in the SMS template without requiring many code changes.

SMS Retriever API

Start the SMS retriever

This makes it wait for one matching SMS, which includes the app-specific hash.

Once the SMS with the app-specific hash is received on the device, it is provided to your app via broadcast.

In your broadcast receiver, you can get the message content from the extras.Once you have the message content, you can extract the verification code, and verify the code just like you would normally do.

Register this BroadcastReceiver with the intent filter.

After starting the SMS retriever, you can just send the SMS with the verification code and the app-specific hash to the phone using any backend infrastructure of yours.

3.Construct a verification message


Construct the verification message that you will send to the user’s device. This message must:

  • Be no longer than 140 bytes
  • Begin with one of the following strings:
    • [#]
    • Two consecutive zero-width space characters (U+200B)
  • End with an 11-character hash string that identifies your app

Otherwise, the contents of the verification message can be whatever you choose. It is helpful to create a message from which you can easily extract the one-time code later on. For example, a valid verification message might look like the following:

Computing your app’s hash string


You can get your app’s hash string with the AppSignatureHelper class from the SMS retriever sample app. However, if you use the helper class, be sure to remove it from your app after you get the hash string. Do not use hash strings dynamically computed on the client in your verification messages.