SMS Retriever API

Automatic SMS Verification with the Phone Selector and SMS Retriever API

Enable to support phone numbers for authentication, if you have an existing backend infrastructure that you are already using for verifying the phone numbers.

Using SMS Retriever API, you can perform SMS-based verification in your app automatically, without requiring the user to manually type verification codes, and without requiring any extra app permissions.

Most apps perform verification by sending an SMS to the user’s device with a one-time verification code that the application that verifies.So the app has to get the phone number of the device and then read the verification code from the SMS.

The Google Play Services SDK(10.2 and newer) offering you to enable read the phone number and the verification SMS automatically without requiring these extra permissions.

For reading the phone number, Android has the Phone Selector API.For verifying the phone number, Android has the SMS Retriever API.These APIs are part of the Google Play Service SDK.

1.Getting the phone number of the device

Don’t ask the user to enter these values.Manually inputting the phone number is painful.It adds a lot of friction for the user to provide a phone number to your app.It’s also error-prone.

Phone Selector API

Phone Selector API provides the Phone number to your app with a much better user experience and no extra permissions.Using this API, you can launch a dialogue, which shows the phone numbers on the device to the user.

Phone Number HintSelector

First, you create a hint request object and set the phone number identifier supported field to true.

Then, you get a pending intent from that hint request for the phone number selector dialogue.

Once the user selects the phone number, that phone number is returned to your app in the onActivityResult().

2.Reading the verification code automatically using SMS retriever API

SMS Retriever API provides you the message content to your app without requiring any extra permissions.The key part is that it provides you only the message targeted your app.You have to verification code in your SMS message and include app-specific hash.This app-specific hash is a static hash that you can just include in the SMS template without requiring many code changes.

SMS Retriever API

Start the SMS retriever

This makes it wait for one matching SMS, which includes the app-specific hash.

Once the SMS with the app-specific hash is received on the device, it is provided to your app via broadcast.

In your broadcast receiver, you can get the message content from the extras.Once you have the message content, you can extract the verification code, and verify the code just like you would normally do.

Register this BroadcastReceiver with the intent filter.

After starting the SMS retriever, you can just send the SMS with the verification code and the app-specific hash to the phone using any backend infrastructure of yours.

3.Construct a verification message

Construct the verification message that you will send to the user’s device. This message must:

  • Be no longer than 140 bytes
  • Begin with one of the following strings:
    • [#]
    • Two consecutive zero-width space characters (U+200B)
  • End with an 11-character hash string that identifies your app

Otherwise, the contents of the verification message can be whatever you choose. It is helpful to create a message from which you can easily extract the one-time code later on. For example, a valid verification message might look like the following:

Computing your app’s hash string

ou can get your app’s hash string with the AppSignatureHelper class from the SMS retriever sample app. However, if you use the helper class, be sure to remove it from your app after you get the hash string. Do not use hash strings dynamically computed on the client in your verification messages.

 

Related Post

2 Replies to “SMS Retriever API”

Leave a Reply

Your email address will not be published. Required fields are marked *