Professional Documents
Culture Documents
Android Developers Blog Effective Phone Number Verification
Android Developers Blog Effective Phone Number Verification
android-developers.googleblog.com
To build apps that make use of phone numbers, it's often crucial to
verify that the user owns a number. Doing this can be tricky from a
UX perspective, not least in understanding phone number formats
in different locales, but also in providing a verification mechanism
that isn't cumbersome or using intrusive device permissions, such
as the ability to read all of a user's SMS.
The steps for using these with your server can be seen here:
1 of 8 4/25/2023, 10:45 AM
Android Developers Blog: Effective phone number verification about:reader?url=https%3A%2F%2Fandroid-developers.googleblog....
In this post we'll show the code that you need to provide a phone
number selector to your users, and then use this with the SMS
retriever API to request a verification code from your server that
the Android device will automatically receive and parse with no
input from the user.
Note: Before you begin you'll need to build and test this is a device
with a phone number that can receive SMS and runs Google Play
services 10.2.x and higher.
The first step is to have the user initiate SMS verification from
within your app. Your app might prompt the user to enter a phone
number, and you can use the Phone Selector to make this easier,
using code like this:
2 of 8 4/25/2023, 10:45 AM
Android Developers Blog: Effective phone number verification about:reader?url=https%3A%2F%2Fandroid-developers.googleblog....
3 of 8 4/25/2023, 10:45 AM
Android Developers Blog: Effective phone number verification about:reader?url=https%3A%2F%2Fandroid-developers.googleblog....
if (resultCode == RESULT_OK) {
Credential credential =
data.getParcelableExtra(Credential.EXTRA_KEY);
// credential.getId(); <-- E.164 format phone number on
10.2.+ devices
}
}
}
At this point you'll have a phone number string for your user. While
this is useful, you'll likely want to verify that the user owns this
particular number, for example to allow them to send or retrieve
message with other users or identifying themselves with this
number.
task.addOnSuccessListener(new OnSuccessListener<Void>() {
4 of 8 4/25/2023, 10:45 AM
Android Developers Blog: Effective phone number verification about:reader?url=https%3A%2F%2Fandroid-developers.googleblog....
@Override
public void onSuccess(Void aVoid) {
// successfully started an SMS Retriever for one SMS message
}
});
task.addOnFailureListener(new OnFailureListener() {
@Override
public void onFailure(@NonNull Exception e) {
});
);
It's pretty simple -- you get an SMS Retriever client and then start
a task for it. The task has an on Success listener as well as an on
Failure one to override. After starting the SMS Retriever, you'd
send the user's phone number to your server and start it's
workflow for generating the message and sending it to that
number.
Example:
FA+9qCX9VSu
5 of 8 4/25/2023, 10:45 AM
Android Developers Blog: Effective phone number verification about:reader?url=https%3A%2F%2Fandroid-developers.googleblog....
The one-time verification code can be any string: you can simply
generate a random number. The message needs to end with a
hash that is determined according to the procedures here. Google
Play services will use this hash to determine which app the
verification message is for. You only need to generate this hash
once for your app package and signing certificate: it won't change
and shouldn't be supplied by the client app.
Your server can then send the message to the phone using your
existing SMS infrastructure or service. When this message is
received, Google Play services broadcasts an intent which
contains the text of the message. Here's the code:
@Override
public void onReceive(Context context, Intent intent) {
if
(SmsRetriever.SMS_RETRIEVED_ACTION.equals(intent.getAction()))
{
6 of 8 4/25/2023, 10:45 AM
Android Developers Blog: Effective phone number verification about:reader?url=https%3A%2F%2Fandroid-developers.googleblog....
switch(status.getStatusCode()) {
case CommonStatusCodes.SUCCESS:
String message = (String)
extras.get(SmsRetriever.EXTRA_SMS_MESSAGE);
break;
case CommonStatusCodes.TIMEOUT:
break;
}
}
}
}
In the onReceive of the broadcast receiver you get the extras, and
pull the status from there. If the status indicates that the message
was successfully received, you can pull the message from the
extras. From here you can parse out the verification code and
send it back to your server to confirm phone number ownership.
For more information, check out the full documentation and this
year's Google I/O talk.
Our early partners who use this API love it. Here are some
testimonials from them:
7 of 8 4/25/2023, 10:45 AM
Android Developers Blog: Effective phone number verification about:reader?url=https%3A%2F%2Fandroid-developers.googleblog....
Authy loved the fact that these APIs work with their existing SMS
infrastructure without requiring many changes.
8 of 8 4/25/2023, 10:45 AM