Auto read OTP using SMS User Consent API in Android

Some times ago Google Play restricts the use of high risk or sensitive permissions, including the SMS or Call Log permission groups. It means you have to justify why you are taking SMS or other high risk or sensitive permissions for your application .For this you may be required to complete the Permissions Declaration Form and receive approval from Google Play.

Before this every app even who does not have any purpose for taking SMS or other high sensitive permissions in their app ,They was taking these permissions from users and this is a kind of security beach. 

For solution of this problem Google introduce SMS User Consent API .

The SMS User Consent API complements the SMS Retriever API by allowing an app to prompt the user to grant access to the content of a single SMS message. When a user gives consent, the app will then have access to the entire message body to automatically complete SMS verification.

If your appeal for SMS permission is rejected by Google team you can use SMS User Consent API without taking SMS permission from Manifest file and if you have genuinely required SMS permission than submit the Permission Declaration form and tell Google the genuine reason and clapping 👏 if you got approval from Google.

For using SMS User Consent API you have to follow some Message Criteria:

• It contains a one-time password– The should message contains a 4–10 character alphanumeric string with at least one number.
• Contacts – The message was sent by a phone number that’s not in the user’s contacts.
• Timing – The API will look for the One Time Code for a maximum time of 5 minutes.

Without taking any time let's come to our coding part one by one.

Step 1: Add SMS User Consent API libraries in your app.

  // add these lines in your app build.gradle  
   implementation 'com.google.android.gms:play-services-auth:17.0.0'  
 implementation 'com.google.android.gms:play-services-auth-api-phone:17.1.0'  

Step 2:  Create SmsBroadcastReceiver.java file which is called when some SMS message containing OTP receive.

package com.smsuserconsentexample;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.os.Bundle;
import com.google.android.gms.auth.api.phone.SmsRetriever;
import com.google.android.gms.common.api.CommonStatusCodes;
import com.google.android.gms.common.api.Status;
public class SmsBroadcastReceiver extends BroadcastReceiver{
  SmsBroadcastReceiverListener smsBroadcastReceiverListener;
  @Override
  public void onReceive(Context context, Intent intent) {
    if (intent.getAction() == SmsRetriever.SMS_RETRIEVED_ACTION) {
      Bundle extras = intent.getExtras();
      Status smsRetrieverStatus = (Status) extras.get(SmsRetriever.EXTRA_STATUS);
      switch (smsRetrieverStatus.getStatusCode()) {
        case CommonStatusCodes.SUCCESS:
          Intent messageIntent = extras.getParcelable(SmsRetriever.EXTRA_CONSENT_INTENT);
          smsBroadcastReceiverListener.onSuccess(messageIntent);
          break;
        case CommonStatusCodes.TIMEOUT:
          smsBroadcastReceiverListener.onFailure();
          break;
      }
    }
  }
  public interface SmsBroadcastReceiverListener {
    void onSuccess(Intent intent);
    void onFailure();
  }
}

Step 3: Create activity_main.xml file under res folder

<?xml version="1.0" encoding="utf-8"?>
<androidx.constraintlayout.widget.ConstraintLayout xmlns:android="http://schemas.android.com/apk/res/android"
    xmlns:app="http://schemas.android.com/apk/res-auto"
    xmlns:tools="http://schemas.android.com/tools"
    android:layout_width="match_parent"
    android:layout_height="match_parent"
    tools:context=".MainActivity"
    >
 
  <EditText
      android:id="@+id/editTextOTP"
      android:layout_width="0dp"
      android:layout_height="wrap_content"
      android:layout_marginStart="16dp"
      android:layout_marginEnd="16dp"
      android:layout_marginBottom="16dp"
      android:ems="10"
      android:gravity="center"
      android:hint="Enter your verification code"
      android:inputType="number"
      />
</androidx.constraintlayout.widget.ConstraintLayout>

Step 4: Now finally our MainActivity.java will look like 

package com.smsuserconsentexample;
import android.content.Intent;
import android.content.IntentFilter;
import android.os.Bundle;
import android.widget.Button;
import android.widget.EditText;
import android.widget.TextView;
import android.widget.Toast;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.appcompat.app.AppCompatActivity;
import com.google.android.gms.auth.api.phone.SmsRetriever;
import com.google.android.gms.auth.api.phone.SmsRetrieverClient;
import com.google.android.gms.tasks.OnFailureListener;
import com.google.android.gms.tasks.OnSuccessListener;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class MainActivity extends AppCompatActivity {
  private static final int REQ_USER_CONSENT = 200;
  SmsBroadcastReceiver smsBroadcastReceiver;
  EditText otpText;
  @Override
  protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_main);
    // find view by ids
    otpText = findViewById(R.id.editTextOTP);
    startSmsUserConsent();
  }
  private void startSmsUserConsent() {
    SmsRetrieverClient client = SmsRetriever.getClient(this);
    //We can add sender phone number or leave it blank
    client.startSmsUserConsent(null).addOnSuccessListener(new OnSuccessListener<Void>() {
      @Override
      public void onSuccess(Void aVoid) {
        Toast.makeText(getApplicationContext(), "On Success", Toast.LENGTH_LONG).show();
      }
    }).addOnFailureListener(new OnFailureListener() {
      @Override
      public void onFailure(@NonNull Exception e) {
        Toast.makeText(getApplicationContext(), "On OnFailure", Toast.LENGTH_LONG).show();
      }
    });
  }
  @Override
  protected void onActivityResult(int requestCode, int resultCode, @Nullable Intent data) {
    super.onActivityResult(requestCode, resultCode, data);
    if (requestCode == REQ_USER_CONSENT) {
      if ((resultCode == RESULT_OK) && (data != null)) {
        //That gives all message to us.
        // We need to get the code from inside with regex
        String message = data.getStringExtra(SmsRetriever.EXTRA_SMS_MESSAGE);
        Toast.makeText(getApplicationContext(), message, Toast.LENGTH_LONG).show();
        getOtpFromMessage(message);
      }
    }
  }
  private void getOtpFromMessage(String message) {
    // This will match any 6 digit number in the message
    Pattern pattern = Pattern.compile("(|^)\\d{6}");
    Matcher matcher = pattern.matcher(message);
    if (matcher.find()) {
      otpText.setText(matcher.group(0));
    }
  }
  private void registerBroadcastReceiver() {
    smsBroadcastReceiver = new SmsBroadcastReceiver();
    smsBroadcastReceiver.smsBroadcastReceiverListener =
        new SmsBroadcastReceiver.SmsBroadcastReceiverListener() {
          @Override
          public void onSuccess(Intent intent) {
            startActivityForResult(intent, REQ_USER_CONSENT);
          }
          @Override
          public void onFailure() {
          }
        };
    IntentFilter intentFilter = new IntentFilter(SmsRetriever.SMS_RETRIEVED_ACTION);
    registerReceiver(smsBroadcastReceiver, intentFilter);
  }
  @Override
  protected void onStart() {
    super.onStart();
    registerBroadcastReceiver();
  }
  @Override
  protected void onStop() {
    super.onStop();
    unregisterReceiver(smsBroadcastReceiver);
  }
}

Note: Don't forget to add SmsBroadcastReceiver in your Manifest File.

Lets assume we receive an OTP which contains 123456 as an OTP. Now we are ready with the result.

That's all .Your SMS User Consent API is integrated in your app.

and wait .. wait... wait.. if you got permission from Google Play to Use SMS Permission in your app you can check out my this article by click Here  

Thank you guys .If you like this article please do share with your friends .