OTP token should be automatically read from the message

Question

I am working on an Android App  in which the server sends an OTP and the user needs to enter this OTP in the App  to SignUp for my App  What I want is  that my App should be able to automatically read the OTP sent by the server  How can I achieve this  Any help or guidance in this regard would be highly appreciated

User · Answer

I will recommend you not to use any third party libraries for auto fetch OTP from SMS Inbox. This can be done easily if you have basic understanding of Broadcast Receiver and how it works. Just Try following approach :

Step 1) Create single interface i.e SmsListner

package com.wnrcorp.reba;
public interface SmsListener{
public void messageReceived(String messageText);}

Step 2) Create single Broadcast Receiver i.e SmsReceiver

package com.wnrcorp.reba;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.os.Bundle;
import android.telephony.SmsMessage;
public class SmsReceiver extends BroadcastReceiver {
private static SmsListener mListener;
Boolean b;
String abcd,xyz;
@Override
public void onReceive(Context context, Intent intent) {
Bundle data  = intent.getExtras();
Object[] pdus = (Object[]) data.get("pdus");
    for(int i=0;i<pdus.length;i++){
        SmsMessage smsMessage = SmsMessage.createFromPdu((byte[]) pdus[i]);
        String sender = smsMessage.getDisplayOriginatingAddress();
       // b=sender.endsWith("WNRCRP");  //Just to fetch otp sent from WNRCRP
        String messageBody = smsMessage.getMessageBody();
       abcd=messageBody.replaceAll("[^0-9]","");   // here abcd contains otp 
        which is in number format
        //Pass on the text to our listener.
        if(b==true) {
            mListener.messageReceived(abcd);  // attach value to interface 
  object
        }
        else
        {
        }
    }
}
public static void bindListener(SmsListener listener) {
    mListener = listener;
}
}

Step 3) Add Listener i.e broadcast receiver in android manifest file

<receiver android:name=".SmsReceiver">    
        <intent-filter>
            <action android:name="android.provider.Telephony.SMS_RECEIVED"/>
        </intent-filter>
</receiver>

and add permission

<uses-permission android:name="android.permission.RECEIVE_SMS"/>

Final Step 4) The activity where you going to auto fetch otp when it is received in inbox. In my case I'm fetching otp and setting on edittext field.

public class OtpVerificationActivity extends AppCompatActivity {
EditText ed;
TextView tv;
String otp_generated,contactNo,id1;
GlobalData gd = new GlobalData();
@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_otp_verification);
    ed=(EditText)findViewById(R.id.otp);
    tv=(TextView) findViewById(R.id.verify_otp); 
    /*This is important because this will be called every time you receive 
     any sms */            
 SmsReceiver.bindListener(new SmsListener() {
        @Override
        public void messageReceived(String messageText) {
            ed.setText(messageText);     
        }
    });
    tv.setOnClickListener(new View.OnClickListener() {
        @Override
        public void onClick(View v) {
            try
            {
                InputMethodManager imm=
  (InputMethodManager)getSystemService(INPUT_METHOD_SERVICE);                    
  imm.hideSoftInputFromWindow(getCurrentFocus().getWindowToken(),0);
            }
            catch(Exception e)
            {}           
            if (ed.getText().toString().equals(otp_generated))
            {
                Toast.makeText(OtpVerificationActivity.this, "OTP Verified 
       Successfully !", Toast.LENGTH_SHORT).show();           
             }
    });
   }
}

Layout File for OtpVerificationActivity

<?xml version="1.0" encoding="utf-8"?>
<RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
android:id="@+id/activity_otp_verification"
android:layout_width="match_parent"
android:layout_height="match_parent"
android:paddingBottom="@dimen/activity_vertical_margin"
android:paddingLeft="@dimen/activity_horizontal_margin"
android:paddingRight="@dimen/activity_horizontal_margin"
android:paddingTop="@dimen/activity_vertical_margin"
tools:context="com.wnrcorp.reba.OtpVerificationActivity">
<android.support.v7.widget.CardView
    android:layout_width="match_parent"
    android:layout_height="wrap_content"
    android:id="@+id/firstcard"
    xmlns:card_view="http://schemas.android.com/apk/res-auto"
    card_view:cardCornerRadius="10dp"
    >
   <LinearLayout
        android:layout_width="match_parent"
        android:layout_height="wrap_content"
        android:orientation="vertical"
        android:background="@android:color/white">
        <TextView
            android:layout_width="wrap_content"
            android:layout_height="wrap_content"
            android:text="OTP Confirmation"
            android:textSize="18sp"
            android:textStyle="bold"
            android:id="@+id/dialogTitle"
            android:layout_margin="5dp"
            android:layout_gravity="center"
            />
        <EditText
            android:layout_width="match_parent"
            android:layout_height="wrap_content"
            android:id="@+id/otp"
            android:layout_margin="5dp"
            android:hint="OTP Here"
            />
        <TextView
            android:layout_width="wrap_content"
            android:layout_height="wrap_content"
            android:text="Verify"
            android:textSize="18sp"
            android:id="@+id/verify_otp"
            android:gravity="center"
            android:padding="10dp"
            android:layout_gravity="center"
            android:visibility="visible"
            android:layout_margin="5dp"
            android:background="@color/colorPrimary"
            android:textColor="#ffffff"
            />
        </LinearLayout>
        </android.support.v7.widget.CardView>
        </RelativeLayout>

Screenshots for OTP Verification Activity where you fetch OTP as soons as messages received

User · Answer

As Google has restricted use of READ SMS permission here is solution without READ SMS permission   SMS Retriever API  Basic function is to avoid using Android critical permission READ SMS and accomplish task using this method  Blow are steps you needed   Post Sending OTP to user s number  check SMS Retriever API able to get message or not  SmsRetrieverClient client   SmsRetriever getClient SignupSetResetPasswordActivity this   Task lt Void gt  task   client startSmsRetriever    task addOnSuccessListener new OnSuccessListener lt Void gt           Override     public void onSuccess Void aVoid               Android will provide message once receive  Start your broadcast receiver          IntentFilter filter   new IntentFilter            filter addAction SmsRetriever SMS RETRIEVED ACTION           registerReceiver new SmsReceiver    filter             task addOnFailureListener new OnFailureListener          Override     public void onFailure  NonNull Exception e               Failed to start retriever  inspect Exception for more details             Broadcast Receiver Code  import android content BroadcastReceiver  import android content Context  import android content Intent  import android content SharedPreferences  import android os Bundle   import com google android gms auth api phone SmsRetriever  import com google android gms common api CommonStatusCodes  import com google android gms common api Status   public class SmsReceiver extends BroadcastReceiver         Override     public void onReceive Context context  Intent intent            if  SmsRetriever SMS RETRIEVED ACTION equals intent getAction                   Bundle extras   intent getExtras                Status status    Status  extras get SmsRetriever EXTRA STATUS                switch  status getStatusCode                      case CommonStatusCodes SUCCESS                         Get SMS message contents                     String otp                      String msgs    String  extras get SmsRetriever EXTRA SMS MESSAGE                           Extract one-time code from the message and complete verification                     break                  case CommonStatusCodes TIMEOUT                         Waiting for SMS timed out  5 minutes                         Handle the error                         break                                    Final Step  Register this receiver into your Manifest   lt receiver android name   service SmsReceiver  android exported  true  gt       lt intent-filter gt           lt action android name  com google android gms auth api phone SMS RETRIEVED   gt       lt  intent-filter gt   lt  receiver gt    Your SMS must as below    lt   gt  Your OTP code is  6789 QWsa8754qw2    Here QWsa8754qw2 is your own application 11 character hash code  Follow this link   Be no longer than 140 bytes Begin with the prefix  lt    End with an 11-character hash string that identifies your app   To import com google android gms auth api phone SmsRetriever  Dont forget to add this line to your app build gradle   implementation  com google android gms play-services-auth-api-phone 16 0 0

User · Answer

With the SMS Retriever API  one can Read OTP without declaring android permission READ SMS         Start the SMS retriever          private fun startSMSRetriever                Get an instance of SmsRetrieverClient  used to start listening for a matching SMS message          val client   SmsRetriever getClient this    context                  Starts SmsRetriever  which waits for ONE matching SMS message until timeout             5 minutes   The matching SMS message will be sent via a Broadcast Intent with            action SmsRetriever SMS RETRIEVED ACTION          val task  Task lt Void gt    client startSmsRetriever                Listen for success failure of the start Task  If in a background thread  this            can be made blocking using Tasks await task   timeout            task addOnSuccessListener               Log d  SmsRetriever    SmsRetriever Start Success                      task addOnFailureListener               Log d  SmsRetriever    SmsRetriever Start Failed                           Receive messages via Broadcast          public class MySMSBroadcastReceiver   BroadcastReceiver              override fun onReceive context  Context   intent  Intent                 if  SmsRetriever SMS RETRIEVED ACTION    intent  action  amp  amp  intent extras  null                    val extras   intent extras                 val status   extras get SmsRetriever EXTRA STATUS  as Status                  when  status statusCode                        CommonStatusCodes SUCCESS - gt                               Get SMS message contents                         val message   extras get SmsRetriever EXTRA SMS MESSAGE  as String                         Log e  Message   message                              Extract one-time code from the message and complete verification                            by sending the code back to your server                                            CommonStatusCodes TIMEOUT - gt                               Waiting for SMS timed out  5 minutes                             Handle the error                                                                                        Don t forgot to define BroadcastReceiver in AndroidManifest xml                lt receiver android name   MySMSBroadcastReceiver  android exported  true  gt           lt intent-filter gt               lt action android name  com google android gms auth api phone SMS RETRIEVED   gt           lt  intent-filter gt       lt  receiver gt          Send the one-time code from the verification message to your server      Make sure your SMS format is exactly as below    lt   gt  Your ExampleApp code is  123ABC78 fBzOyyp9h6L    Be no longer than 140 bytes Begin with the prefix  lt    End with an 11-character hash string that identifies your app  You can compute app hash with following code   import android content Context import android content ContextWrapper import android content pm PackageManager import android util Base64 import android util Log import java nio charset StandardCharsets import java security MessageDigest import java security NoSuchAlgorithmException import java util           This is a helper class to generate your message hash to be included in your SMS message        Without the correct hash  your app won t recieve the message callback  This only needs to be    generated once per app and stored  Then you can remove this helper class from your code        For More Detail  https   developers google com identity sms-retriever verify computing your apps hash string        public class AppSignatureHelper private val context  Context    ContextWrapper context         companion object           val TAG   AppSignatureHelper  class java simpleName           private const val HASH TYPE    SHA-256           const val NUM HASHED BYTES   9          const val NUM BASE64 CHAR   11                        Get all the app signatures for the current package         return             public fun getAppSignatures    ArrayList lt String gt            val appCodes   ArrayList lt String gt              try                  Get all package signatures for the current package             val signatures   packageManager getPackageInfo                  packageName                  PackageManager GET SIGNATURES               signatures                  For each signature create a compatible hash             for  signature in signatures                    val hash   hash packageName  signature toCharsString                     if  hash    null                        appCodes add String format   s   hash                                              catch  e  PackageManager NameNotFoundException                Log e TAG   Unable to find package to obtain hash    e                     return appCodes             private fun hash packageName  String  signature  String   String            val appInfo     packageName  signature           try               val messageDigest   MessageDigest getInstance HASH TYPE               messageDigest update appInfo toByteArray StandardCharsets UTF 8                var hashSignature   messageDigest digest                    truncated into NUM HASHED BYTES             hashSignature   Arrays copyOfRange hashSignature  0  NUM HASHED BYTES                  encode into Base64             var base64Hash   Base64 encodeToString hashSignature  Base64 NO PADDING or Base64 NO WRAP               base64Hash   base64Hash substring 0  NUM BASE64 CHAR                Log e TAG  String format  pkg   s -- hash   s   packageName  base64Hash                return base64Hash            catch  e  NoSuchAlgorithmException                Log e TAG   hash NoSuchAlgorithm   e                     return null                       Required Gradle     implementation  com google android gms play-services-auth-api-phone 16 0 0       References    https   developers google com identity sms-retriever overview   https   developers google com identity sms-retriever request   https   developers google com identity sms-retriever verify

User · Answer

Sorry for late reply but still felt like posting my answer if it helps It works for 6 digits OTP        Override     public void onOTPReceived String messageBody                Pattern pattern   Pattern compile SMSReceiver OTP REGEX           Matcher matcher   pattern matcher messageBody           String otp   HkpConstants EMPTY          while  matcher find                          otp   matcher group                      checkAndSetOTP otp         Adding constants here  public static final String OTP REGEX     0-9  1 6      For SMS listener one can follow the below class  public class SMSReceiver extends BroadcastReceiver       public static final String SMS BUNDLE    pdus       public static final String OTP REGEX     0-9  1 6        private static final String FORMAT    format        private OnOTPSMSReceivedListener otpSMSListener       public SMSReceiver OnOTPSMSReceivedListener listener                otpSMSListener   listener              Override     public void onReceive Context context  Intent intent                Bundle intentExtras   intent getExtras            if  intentExtras    null                        Object   sms bundle    Object    intentExtras get SMS BUNDLE               String format   intent getStringExtra FORMAT               if  sms bundle    null                                otpSMSListener onOTPSMSReceived format  sms bundle                             else                      do nothing                                     FunctionalInterface     public interface OnOTPSMSReceivedListener               void onOTPSMSReceived  Nullable String format  Object    smsBundle                 Override     public void onOTPSMSReceived  Nullable String format  Object    smsBundle                for  Object aSmsBundle   smsBundle                        SmsMessage smsMessage   getIncomingMessage format  aSmsBundle               String sender   smsMessage getDisplayOriginatingAddress                if  sender toLowerCase   contains ONEMG                                 getIncomingMessage smsMessage getMessageBody                   else                                  do nothing                                    private SmsMessage getIncomingMessage  Nullable String format  Object aObject                SmsMessage currentSMS          if  Build VERSION SDK INT  gt   Build VERSION CODES M  amp  amp  format    null                        currentSMS   SmsMessage createFromPdu  byte    aObject  format             else                       currentSMS   SmsMessage createFromPdu  byte    aObject                      return currentSMS

User · Answer

I implemented something of that such  But  here is what I did when the message comes in  I retrieve only the six digit code  bundle it in an intent and send it to the activity or fragment needing it and verifies the code  The example shows you the way to get the sms already  Look at the code below for illustration on how to send using LocalBrodcastManager and if your message contains more texts E g Greetings  standardize it to help you better  E g  Your verification code is  84HG73  you can create a regex pattern like this   0-9   2   A-Z   2   0-9   2  which means two ints  two  capital  letters and two ints  Good Luck   After discarding all un needed info from the message   Intent intent   new Intent  AddedItem     intent putExtra  items   code    LocalBroadcastManager getInstance getActivity    sendBroadcast intent      And the Fragment Activity receiving it   Override public void onResume         LocalBroadcastManager getInstance getActivity    registerReceiver receiver  new IntentFilter  AddedItem         super onResume        Override public void onPause         super onDestroy        LocalBroadcastManager getInstance getActivity    unregisterReceiver receiver       And the code meant to handle the payload you collected   private BroadcastReceiver receiver   new BroadcastReceiver          Override     public void onReceive Context context  Intent intent            if  intent getAction                  final String message   intent getStringExtra  message                  Do whatever you want with the code here                      Does that help a little bit  I did it better by using Callbacks

User · Answer

activity main xml     lt  xml version  1 0  encoding  utf-8   gt   lt android support constraint ConstraintLayout xmlns android  http   schemas android com apk res android      xmlns app  http   schemas android com apk res-auto      xmlns tools  http   schemas android com tools      android layout width  match parent      android layout height  match parent      tools context  com example mukundwn broadcastreceiver MainActivity  gt        lt TextView         android layout width  wrap content          android layout height  wrap content          android text  Hello World           app layout constraintBottom toBottomOf  parent          app layout constraintLeft toLeftOf  parent          app layout constraintRight toRightOf  parent          app layout constraintTop toTopOf  parent    gt    lt  android support constraint ConstraintLayout gt       MainActivity java   import android content BroadcastReceiver  import android content IntentFilter  import android support v7 app AppCompatActivity  import android os Bundle   public class MainActivity extends AppCompatActivity        private BroadcastReceiver broadcastReceiver       Override     protected void onCreate Bundle savedInstanceState            super onCreate savedInstanceState           setContentView R layout activity main           broadcastReceiver  new MyBroadcastReceiver            Override     protected void onStart         super onStart        IntentFilter intentFilter new IntentFilter  android provider Telephony SMS RECEIVED        registerReceiver broadcastReceiver intentFilter      Override     protected void onStop         super onStop        unregisterReceiver broadcastReceiver            MyBroadcastReceiver java    import android content BroadcastReceiver  import android content Context  import android content Intent  import android widget Toast          Created by mukundwn on 12 02 18       public class MyBroadcastReceiver extends BroadcastReceiver          Override     public void onReceive Context context  Intent intent            Toast makeText context  hello received an sms  Toast LENGTH SHORT  show                Manifest xml     lt  xml version  1 0  encoding  utf-8   gt   lt manifest xmlns android  http   schemas android com apk res android      package  com example mukundwn broadcastreceiver  gt        lt uses-permission android name  android permission RECEIVE SMS   gt       lt uses-permission android name  android permission READ SMS  gt  lt  uses-permission gt       lt uses-permission android name  android permission READ PHONE STATE  gt  lt  uses-permission gt        lt application         android allowBackup  true          android icon   mipmap ic launcher          android label   string app name          android roundIcon   mipmap ic launcher round          android supportsRtl  true          android theme   style AppTheme  gt           lt activity android name   MainActivity  gt               lt intent-filter gt                   lt action android name  android intent action MAIN    gt                    lt category android name  android intent category LAUNCHER    gt               lt  intent-filter gt           lt  activity gt           lt receiver android name   MyBroadcastReceiver  gt           lt intent-filter gt               lt action android name  android provider Telephony SMS RECEIVE  gt  lt  action gt           lt  intent-filter gt           lt  receiver gt       lt  application gt    lt  manifest gt

User · Answer

You can try using a simple library like    After installing via gradle and adding permissions initiate SmsVerifyCatcher in method like onCreate activity       smsVerifyCatcher   new SmsVerifyCatcher this  new OnSmsCatchListener lt String gt           Override     public void onSmsCatch String message            String code   parseCode message    Parse verification code         etCode setText code    set code in edit text           then you can send verification code to server             Also  override activity lifecicle methods      Override protected void onStart         super onStart        smsVerifyCatcher onStart        Override protected void onStop         super onStop        smsVerifyCatcher onStop              need for Android 6 real time permissions      Override public void onRequestPermissionsResult int requestCode   NonNull String   permissions   NonNull int   grantResults        super onRequestPermissionsResult requestCode  permissions  grantResults       smsVerifyCatcher onRequestPermissionsResult requestCode  permissions  grantResults       public String parseCode String message        Pattern p   Pattern compile    b  d 4   b        Matcher m   p matcher message       String code           while  m find              code   m group 0             return code

User · Answer

Yes  this is possible now in browsers also  Chrome release this feature in version 84 and above  With the help of WEBOTP API  we can detect OTP on the web for mobile devices  Here is a Web-OTP integrated code with Angular PWA Apps  https   github com Rohit3230 webOtpAutoReadByAngular Go for live working URL for angular PWA app  https   rohit3230 github io webOtpAutoReadByAngular

[android] OTP (token) should be automatically read from the message

Examples related to android

Examples related to one-time-password