There are many ways to do the verification process in an Android application. As mobile developer, we know that one of the best way is using SMS verification. Since we all know most mobile phone users have a phone number for their phone.
But, input the code that we received from SMS is not user friendly. User has to view all the messages in the phone and see the code on it, then back again to the app to input the code. We, as mobile developer on mobile application deveopment, need “something” that can read those messages and get the code then fill in the field automatically.
Actually, there are many ways to automatically fill the OTP field by reading the message in our phone using READ_SMS permission. But, Google has strictly prohibited the usage of that permission for security purposes. You can read the full explanation here.
Since we can’t use the READ_SMS permission anymore, Google has given some other choices to implement automatic SMS verification using SMS Verification API which includes the automatic and one-tap SMS verification. Let’s find out how they work and implement it in our mobile application development!
Automatic SMS Verification
The automatic SMS verification is the best way to do the SMS verification. Because, users don’t have to do any action and just wait until the verification process is complete. Also, it doesn’t require any permission, but you have to make sure that you follow these criterias:
- Messages that are sent to the user’s device must be no longer than 140 bytes.
- Message must contains a one-time code that user’s will send back to the server.
- Message must contain an 11-character hash string.
Now, let’s implement automatic SMS verification in our app!
This only works in Android devices with play service version 10.2 or latest.
Import these libraries into your app’s gradle to start using SMS Retriever API.
Obtain Phone Number
There are several ways to obtain a user’s phone number. The best way that Google recommends is using a hint picker. Look at these codes below.
Start SMS Retriever
After you have got the user’s phone number, then you are ready to start the SMS Retriever to listen to SMS that contains a unique string to identify your app for up to 5 minutes.
Send User’s Phone Number to Server
Then, you should send the user’s phone number to the server for triggering the verification process. The server will send an SMS containing the one-time code and a unique string to identify your app.
Receive Verification Message
When a client’s phone receives any message containing a unique string, SMS Retriever API will broadcast the message with SmsRetriever.SMS_RETRIEVED_ACTION intent. Then, you should use a broadcast receiver to receive the verification message.
Don’t forget to register your Broadcast Receiver to manifest.
Send OTP Code Back to Your Server
After you got the message that contains one-time code, use some regex or other logic to extract your code from the message. Then, send that code back to the server.
One-tap SMS Verification
Up there, we have talked about how to do Automatic SMS Verification. It will help us as Android developer, for sure, on developing our mobile application. But then, there still another way from Google. Let’s try it as well!
The other way that Google provides for SMS verification is using One-tap Verification method. This method has a similar process with the previous one, but you don’t have to generate any unique code to verify your application. This method will show a bottom sheet to ask user permission to read the content of a single SMS. If the user gives their consent, your app then will have access to the message and you can get the one-time code on it.
Now, let’s implement One-tap verification on your mobile application!
First thing that you need to do is import these libraries into your app’s gradle.
Obtain User’s Phone Number
Again, before we start the SMS verification process, we need to obtain the user’s phone number. You can use any method to do this, but Google recommends using a hint picker. See the code below to implement hint picker.
Listening for an Incoming Message
Same with the previous method, we should start listening for an incoming message before sending that phone number to the server. This listener will listen to any message for up to 5 minutes. In this method, you can specify the phone number that will send a message contains the OTP code. But, if you don’t want to set it, you can fill it with null value.
Another thing that you have to know about this method is you have to make sure your message completes these criterias:
- The message contains a 4–10 character alphanumeric string with at least one number.
- The message was sent by a phone number that’s not in the user’s contacts.
- If you specified the sender’s phone number, the message was sent by that number.
Implement this code in your Activity class to start listening for an incoming message.
Starting an activity with EXTRA_CONSENT_INTENT means that a bottom sheet will appear to the user to give one-time permission to read the SMS.
Get the Verification Code
In onActivityResult(), if you got the RESULT_OK, it means the user gives you permission to read the SMS and you can get the SMS content from intent.
Then, you can extract the code from SMS and send it back to the server to complete the verification process.
That’s it! We have implemented the verification process using SMS Retriever API to help on our mobile application development. Those are easy to try, aren’t they?
If you have any questions, please let me know in the comments below!
Anang Kurniawan is one of Android developer in GITS Indonesia.
SMS verification is a common thing in an Android application. Android developers at GITS Indonesia have developed many mobile applications for Android. One of them is JRku, an application that is used all around Indonesia, to help user on paying insurance with Jasa Raharja. Want to know more about it? Find out here.