1
I am implementing a Two-Factor Authentication service where I use a gateway for sending user registration validation codes. I want to implement an automatic check on android to check if the message arrived on the user’s device and not need it to enter the code to then go validate the code, because this check in the API has a cost.
2
Follow an example:
Add the following permissions to your Androidmanifest.xml :
<uses-permission android:name="android.permission.RECEIVE_SMS"></uses-permission>
<uses-permission android:name="android.permission.READ_SMS" />
Still in the manifest, add the following receiver (within the tag application):
<receiver android:name=“seu.pacote.IncomingSMS">
<intent-filter>
<action android:name="android.provider.Telephony.SMS_RECEIVED" />
</intent-filter>
</receiver>
Unusual.java.
public class IncomingSMS extends BroadcastReceiver {
public void onReceive(Context context, Intent intent) {
final Bundle bundle = intent.getExtras();
try {
if (bundle != null) {
final Object[] pdusObj = (Object[]) bundle.get("pdus");
for (int i = 0; i < pdusObj.length; i++) {
SmsMessage currentMessage = SmsMessage.createFromPdu((byte[]) pdusObj[i]);
String phoneNumber = currentMessage.getDisplayOriginatingAddress();
String message = currentMessage.getDisplayMessageBody();
Log.i("SmsReceiver", "senderNum: "+ phoneNumber + "; message: " + message);
}
}
} catch (Exception e) {
Log.e("SmsReceiver", "Exception smsReceiver" +e);
}
}
}
Browser other questions tagged android
You are not signed in. Login or sign up in order to post.
But then it loses a lot of security. Besides, there is no way to check if the SMS actually reached the user. One solution, to avoid the cost of the API is to create your own API so that the user enters the code received by SMS. A simple page with a field form is enough.
– Daniel Omine
@Danielomine Whatsapp itself does not do this? Check for about 5 minutes to see if the code arrived on the mobile... I do not understand why it loses much of the security... The code is used to check if the user’s phone exists..
– Mateus Carvalho
in Whatsapp or any other app checks the code if the user enters.. If you receive the code and do not enter, do not authenticate.. There is no such thing as authenticating without the rsrs code.. As I mentioned above, there is no way to know if the sms actually reached the user. It’s almost like sending an email. Sending can be successful but there’s no guarantee that it actually fell into the user’s mailbox.
– Daniel Omine
I don’t know if I didn’t formulate the question right, because I’m pretty sure he’s checking in for five minutes waiting for the code to come in.. Another app that also does this is 99taxis
– Mateus Carvalho
These 5 minutes is the time limit user has to enter the code he received in the sms..
– Daniel Omine
Matthew, there is a Broadcast that can be used with a Receiver to try to "intercept" incoming SMS’s. But it is not very reliable, since some SMS clients of the device can block this Broadcast (receive it and not let pass). I suggest you take a look at this tutorial. From experience, it is best to record this Receiver explicitly (via
registerReceiver) than implicitly in the Manifest.– Wakim