Home Android Auto Detect OTP with out SMS permission Android

Auto Detect OTP with out SMS permission Android

by pratheep kanati

This the tutorial helps you to implement auto detect OTP in your Android Application.

Now a days most of the Applications Uses the SMS Based Verification to authenticate their Users By Sending OTP(One-Time-Password), where the service provider sends a message and the application automatically reads it and authenticate the user. This Flow Helps the users to avoid Switching between the applications to enter password Manually.

To auto detect OTP previously most of the applications uses SMS Permissions for reading messages .Now google play restricting application and Removing applications from play store on name of SMS Permissions.

Why Google Play SMS permissions are restricted :

The use of high risk or sensitive permissions, including SMS permission groups, is restricted by Google Play.

If your app does not require SMS permissions, these permissions must be removed from the manifest of your app. Details on alternative implementation compliant with policies are also detailed below.

For applications with previously submitted Declaration Forms, Google Play may, at its discretion, grant extensions for you to comply with this Play policy until March 9, 2019.

You can also request an extension directly through the Play Console for March 9, 2019 by releasing a new version of your APK with a higher version code if you are not planning to use these permissions but still need additional time to comply with your app(s).

You should declare any SMS permissions directly through the Play Console if you believe that your app meets the policy requirements for acceptable use or is eligible for an exception.

Apps that fail to meet policy requirements or submit a Declaration Form may be removed from Google Play.

When should these permissions be accessed?

Only when your app falls within the permitted uses should you access SMS permissions and only to enable the core functionality of your app.

Core features are defined as the app’s main purpose. It is the most prominently documented and promoted feature in the description of the app no other feature is more central to the functionality of the app. If this feature is not provided, the app will be “broken” or unusable (i.e., the app will be deprived of its primary functionality and will not perform as expected by a user).

OTP Verification Alternative for Common Use

With the SMS Retriever API, you can automatically perform SMS-based user verification in your app without requiring the user to type verification codes manually and without requiring any additional permissions for the application.

If your app does not have the SMS Retriever API, users can also enter a verification code manually.

Automatic SMS Verification with the SMS Retriever API

The verification flow looks like this when you implement automatic SMS verification in your app:

Flow Of SMS Retriver
  1. In your application, a user initiates SMS verification. If this information was not required to create the user’s account, your app might prompt the user to provide a phone number by using the Smart Lock for Passwords hint selector.
  2. Your app asks your server to check the telephone number of the user. This request may include the user ID, phone number of the user, or both, depending on what information is available in your user database.
  3. Then calls the SMS Retriever API to start listening to your server for an SMS response.
  4. Your server sends the user a SMS message that includes a one-time code to can be sent back to your server and a hash identifying your application.
  5. Upon receiving the SMS message in the user’s device, Google Play services will use the app hash to determine that the message is intended for your app and make the message text available through the SMS Retriever API to your app.
  6. Your app will parse the one-time message text code and send it back to your server.
  7. Your server receives your app’s one-time code, checks the code, and finally records that your account has been successfully verified by the user.

Message Format

Here ynfd/rIwy/+ hash code of the application which Play major role in this SMS Dectection.

How To Generate Hash Code

There are two ways to generate hash code

1.Using Command Line With Key store Tool and Command as Shown below

2. Programmatically Generating Hash Code at run time.

The Helper Class to Generate Hash Code Is Mention’s in This Tutorials Below AppSignatureHelper.java

Lets Starts Coding From here


The SMS Retriever API is only available with Play Services version 10.2 and newer on Android devices.

1. Get the phone number of the user

You can get the phone number of the user in any way that suits your app. Often, using the hint picker to prompt the user to select from the phone numbers stored on the device and thus avoid having to type a phone number manually is the best user experience. To use the picker hint:

2. Start the SMS retriever

Receive an instance of the SmsRetrieverClient object, call startSmsRetriever, and attach success and failure listeners to the SMS retrieval task when you are ready to check the phone number of the user:

The SMS retrieval task will listen to an SMS message with a unique string identifying your app for up to five minutes.

3. Send the phone number to your server

Using any method (usually with an HTTPS POST request) after you have obtained the phone number of the user and have started listening for SMS messages, send the phone number of the user to your verification to server.

Your server generates a message of verification and sends it to your specified phone number by SMS. See Verifying SMS on the server.

4. Receive verification messages

When a verification message is received on the device of the user, Play services will explicitly transmit a SmsRetriever. SMS RETRIEVED ACTION Intent containing the message text to your application. To receive this verification message, use a BroadcastReceiver.

In the BroadcastReceiver‘s onReceive handler, get the text of the verification message from the Intent’s extras:

Register this BroadcastReceiver with the intent filter com.google.android.gms.auth.api.phone.SMS RETRIEVED (value of constant SmsRetriever. SMS RETRIEVED ACTION) in the AndroidManifest.xml file of your app, as shown in the example below, or use Context.registerReceiver dynamically.

That’s all This Are Basic Things Required For OTP Verification Using SMS Retriever API . You Get OTP and Verify Its As Per Your Requirements.

Implementation Of Sms Retriever Api with Sample App

1.Creating Main Activity For Entering Mobile Number


Creating Xml Design For MainActivity.



Final Design For MainActivity

Above Shows Design Of MainActivity

2.Creating OTP Screen:


Creating XML Desgin For OtpActivity



Final Design For OtpActivity

3.Creating The Helper Classes To AutoDetectOTP



Which Is Used To Generate Hash Code For Your Application Programmatically




We are Not Specifying The Broad Cast receiver in Android Manifest Because We are Creating Broadcast receiver Dynamically .

5.Libraries Required


Full build .gradle File

So this how implementation Auto OTP Detection with out SMS Permissions.

You Can Find The Full Source Code At https://github.com/pratheepchowdhary/AutoDetectOTPAndroid

For Testing This Auto OTP Detect With Our Application You Need Click On Copy Test Message Button In MainActivity. Sample Message Get Copied to Clipboard with hash code of Our Application Try Send This Message From Other Mobile to Your Mobile Now It Detects OTP Thats All.

If You Wants Implement Auto Detect OTP To your Applications With Single Line . Use Our Library.

You Can Find Doc’s For The Usage Our Library At https://github.com/pratheepchowdhary/AutoDetectOTPAndroid

You may also like


Frances Enge May 16, 2019 - 4:19 pm

Simply desire to say your article is as surprising. The clarity in your put up is just cool and that i can suppose you’re an expert on this subject. Fine along with your permission allow me to grab your RSS feed to keep updated with forthcoming post. Thank you one million and please carry on the enjoyable work.|

Wade Tancer June 22, 2019 - 12:01 pm

I am in fact pleased to read this blog posts which includes lots of valuable data, thanks for providing these kinds of information.|

Tran Caposole June 22, 2019 - 11:52 pm

You’ve made some decent points there. I looked on the internet for more information about the issue and found most individuals will go along with your views on this web site.|

Warren Broach June 23, 2019 - 3:24 am

Good article. I certainly appreciate this site. Keep it up!|

Brandon Banda June 24, 2019 - 10:50 pm

I used to be able to find good information from your blog articles.|

Dominique Prima June 25, 2019 - 11:55 pm

Thanks very nice blog!|

sachin January 7, 2020 - 6:17 pm

Hi when i executed command i got error
” ‘xxd’ is not recognized as an internal or external command,
operable program or batch file.”


Leave a Reply

%d bloggers like this: