Automatic SMS Verification with SMS Retriever API in Android

In the world of mobile applications, user verification is a critical aspect of ensuring security and trustworthiness. One of the common methods for user verification involves sending a one-time password (OTP) to a user’s phone number via SMS. While effective, this process can be cumbersome for users who must manually input the OTP. Android offers a way to simplify this process using the SMS Retriever API. In this article, we will explore how to implement automatic SMS verification in your Android app using the SMS Retriever API, complete with code examples in Kotlin.

What is the SMS Retriever API?

The SMS Retriever API is a feature provided by Android that allows apps to automatically retrieve SMS messages to simplify user verification. It eliminates the need for users to manually enter OTPs received via SMS, making the verification process more user-friendly.

The SMS Retriever API works by listening for specific SMS messages sent by your app’s server, which contain a unique hash recognized by the API. When the user receives this SMS, the API extracts the OTP and provides it to your app, simplifying the verification process.

Implementing SMS Verification Using the SMS Retriever API

To implement SMS verification using the SMS Retriever API in your Android app, you can follow these steps in Kotlin:

1. Request Permission: To use the SMS Retriever API, your app needs to request the RECEIVE_SMS permission in the AndroidManifest.xml file. Add the following line to your manifest:

<uses-permission android:name="android.permission.RECEIVE_SMS" />

2. Generate a Unique Hash: Generate a unique hash that your app can include in the SMS message. This hash is used by the API to identify messages meant for your app. You can generate this hash using the Hashing library or online tools.

3. Send SMS with the Hash: Your server should send SMS messages to users with the hash included. The message should follow a specific format, like:

Your OTP code is: 123456. Please enter it in the app.
#ABCD1234

Here, 123456 is the OTP, and #ABCD1234 is the hash generated for your app.

4. Configure the SMS Retriever: In your app’s code, configure the SMS Retriever API to listen for the SMS message with your hash. This can be done as follows:

val client = SmsRetriever.getClient(this)
val task = client.startSmsRetriever()

task.addOnSuccessListener { 
    // SMS Retriever started successfully
}

task.addOnFailureListener { exception ->
    // Failed to start SMS Retriever
}

5. Receive and Extract the OTP: Once the user receives the SMS with the hash, the SMS Retriever API will automatically extract the OTP and provide it to your app. You can listen for this in your activity or service:

val client = SmsRetriever.getClient(this)
val task = client.startSmsUserConsent(null)

task.addOnSuccessListener { consentIntent ->
    // Handle the extracted OTP
    val otp = extractOTP(consentIntent)
    // Now you can use the OTP for verification
}

task.addOnFailureListener { exception ->
    // Failed to retrieve the OTP
}

6. Verify the OTP: Finally, you can use the extracted OTP to verify the user. Typically, this involves comparing the received OTP with the one generated on the server.

That’s it! With these steps, you can implement automatic SMS verification in your Android app using the SMS Retriever API, providing a seamless and user-friendly experience for your users while ensuring the security of your platform.

Example Code in Kotlin

Here’s a simple example of how to use the SMS Retriever API in a Kotlin-based Android app:

import android.app.Activity
import com.google.android.gms.auth.api.phone.SmsRetriever
import com.google.android.gms.tasks.OnFailureListener
import com.google.android.gms.tasks.OnSuccessListener
import com.google.android.gms.tasks.Task

class SMSVerificationActivity : Activity() {

    override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)
        setContentView(R.layout.activity_sms_verification)

        // Start the SMS Retriever
        val client = SmsRetriever.getClient(this)
        val task = client.startSmsRetriever()

        task.addOnSuccessListener {
            // SMS Retriever started successfully
        }

        task.addOnFailureListener { exception ->
            // Failed to start SMS Retriever
        }

        // Handle the OTP when received
        val client = SmsRetriever.getClient(this)
        val task = client.startSmsUserConsent(null)

        task.addOnSuccessListener { consentIntent ->
            // Handle the extracted OTP
            val otp = extractOTP(consentIntent)
            // Now you can use the OTP for verification
        }

        task.addOnFailureListener { exception ->
            // Failed to retrieve the OTP
        }
    }

    private fun extractOTP(consentIntent: String): String {
        // Implement your OTP extraction logic here
        return ""
    }
}

Please note that the extractOTP method in the example is a placeholder. You'll need to implement your own logic to extract the OTP from the consentIntent.

Conclusion

Implementing automatic SMS verification in your Android app using the SMS Retriever API can greatly enhance the user experience while maintaining security. Users no longer need to manually enter OTPs, making the registration and login processes smoother and more user-friendly. By following the steps outlined in this article and using the example code in Kotlin, you can easily integrate this feature into your app and improve the overall user experience.

LinkedIn — Github

Learn More:

1. Mastering Jetpack Compose: Best Practices and Architectural Patterns

2. Mastering Navigation in Jetpack Compose: A Comprehensive Guide

3. Clean Architecture in Android: Fostering Resilient and Maintainable Apps