How to verify OTP in Android without SMS read permission using Xamarin.Forms?

ifourtechnolab

Harshal Suthar

Posted on October 27, 2023

How to verify OTP in Android without SMS read permission using Xamarin.Forms?

In this blog, we will be going to talk about how to verify OTP in android without SMS read permission using Xamarin.Forms. Now a days most of mobile application uses OTP registration for users. So that user can type the OTP and access the appliance.But it's crazy if the SMS will automatically populate to the user application without typing, in case OTP should be received on the equivalent device.

By providing the Read_SMS permission to android its manifest file, we will also retrieve the OTP by using LocalBoardcastManager.But the matter is, Google Play did not allow us to without telling them, why we are providing the Read_SMS permission to the user to read the SMS from the user's mobile. Google Play thinks that your application may be a SPY Application. So, Google will ask a few questions, why we offer Read_SMS permission. Because now a days all authentication is OTP based. So that anybody can steal your OTP Message. For protecting users, google provides an SMS Retriever API, which works without granting Read_SMS permission from the manifest. But we'd like to follow the SMS Retriever API rules for reading the OTP Message from the user device

How to create a project and how to verify OTP in android without SMS read permission?

Please follow these stepsto verify OTP in the android without SMS read permission using Xamarin.Forms

Step 1:Create a xamarin project in android application.

Step 2:After creating the project, click the project name in the solution explorer then right-click and select the Manage NuGet packages to install the package.

Image description
Fig: Google Play service package install.

Image description
Image 2: Installation permission

Step 3:After installation of the package,create a user interface for typing and submit the OTP number.

FIleName:MainPage.xaml

<!--?xml encoding="utf-8" version="1.0"-->

<stacklayout>
          <stacklayout backgroundcolor="White" horizontaloptions="CenterAndExpand" padding="15" verticaloptions="CenterAndExpand">
          <entry placeholder="Enter OTP" placeholdercolor="Black" x:name="otpEntry"></entry><button clicked="Button_Clicked" text="Submit OTP"></button>
</stacklayout>
</stacklayout>

<!--?xml-->

Enter fullscreen mode Exit fullscreen mode

Step 4:Dependency service

DependencyService allows applications to call platform-specific functionality from shared code. This feature allows Xamarin.Forms applications to test everything that a native application can do. We need to design an interface that defines how it will interact with the specific functions of the platform. Here, OTP reading will only support the Android platform and IOS will support autocompletion, so create a aDependencyService interface to concentrate to SMS collector. Create a new class and interface for CommonServices.

Now create a folder Dependency and store the dependency file.

File name: ListenToMessageRetriver

Code:

using System;
using System.Collections.Generic;
using System.Text;
using Xamarin.Forms;

namespace DemoOFOTPVerification.Dependency
{
  public class CommonMessageServices
  {
      public static void ListenToSmsRetriever()
      {
          DependencyService.Get<ilistentomessageretriever><!--?xml version="1.0" encoding="utf-8"-->()?.ListenToMessageRetriever();
      }
  }
  public interface IListenToMessageRetriever
  {
      void ListenToMessageRetriever();
  }
}</ilistentomessageretriever>

Enter fullscreen mode Exit fullscreen mode

Step 5:Messaging center

Xamarin.FormsMessagingCenter allows different components to communicate without recognizing each other outside of a simple messaging convention. MessagingCenter may be a static class with subscribe and Send methods that are used throughout the answer.

Subscribe:Listen to messages with a specific signature and take certain actions when you receive them. Multiple subscribers can listen to the same message.

Send:Post a message for listeners to act. If there are no subscribed listeners, the message will be ignored.

File Name:Utils.cs

Code:

iusing DemoOFOTPVerification.Enum;
using System;
using System.Collections.Generic;
using System.Text;
using Xamarin.Forms;

namespace DemoOFOTPVerification.Utils
{
  public static class Utils
  {
      private static readonly object c1 = new object();
      public static void Subscribe<targs>(this object subscriber, SmsDataeventSubscriber, Action<targs>callBack)
      {
MessagingCenter.Subscribe(subscriber, eventSubscriber.ToString(), new Action<object, targs="">((e, a) => { callBack(a); }));
      }
      public static void Notify<targs>(SmsDataeventNotified, TArgs argument)
      {
MessagingCenter.Send(c1, eventNotified.ToString(), argument);
      }
  }
}</targs></object,></targs></targs>

Enter fullscreen mode Exit fullscreen mode

Step 6:Create an Enum folder and store the enum class in this folder.

File name: Code:

using System;
using System.Collections.Generic;
using System.Text;
namespace DemoOFOTPVerification.Enum
{
  public enumSmsData
  {
SmsRecieved,  
  }
}

Enter fullscreen mode Exit fullscreen mode

Step 7: Write the code in MainPage.xaml.cs file.
The code on the back adds the subscriber message listener and if a message is received in a specific format from the mail application, the message is notified and reads and assigns the OTP value to the Entry Control.

File name:

MainPage.xaml.cs Code:

using DemoOFOTPVerification.Dependency;
using DemoOFOTPVerification.Enum;
using DemoOFOTPVerification.Utils;
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using Xamarin.Forms;

namespace DemoOFOTPVerification
{
  public partial class MainPage :ContentPage
  {
      public MainPage()
      {
      InitializeComponent();
      this.Subscribe<string>(SmsData.SmsRecieved, =>
          {
      otpEntry.Text = (string);
          });
      }

      private void Subscribe<t>(SmsDatasmsRecieved, Action<object> p)
      {
          throw new NotImplementedException();
      }

      private void Button_Clicked(object sender, EventArgs e)
      {
    CommonMessageServices.ListenToSmsRetriever();
      }
  }
}</object></t></string>

Enter fullscreen mode Exit fullscreen mode

Step 8:How to listen to the message using dependency.

Let's start by creating a dependency on the Android project. If you haven't added the Xamarin.GooglePlayServices.AuthNuGet package, try adding it before creating the instance.

Get the sample SmsRetrieverClient used to start listening to a corresponding SMS message.

SmsRetrieverClient Client = SmsRetriever.GetClient (Application.Context);

Starts SmsRetriever waiting for the corresponding SMS until the timeout (5 minutes). The corresponding SMS message will be sent with the intention of a transmission.

File Name:ListenToMessage.cs

Code:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Android.App;
using Android.Content;
using Android.OS;
using Android.Runtime;
using Android.Views;
using Android.Widget;
using DemoOFOTPVerification.Droid;
using Application = Android.App.Application;

[assembly: Dependency(typeof(ListenToSms))]
namespace DemoOFOTPVerification.Droid.Dependency
{
  public class ListenToMessage: IListenToSmsRetriever
  {
      public void ListenToMessageRetriever()
      {
SmsRetrieverClientSMSclient = SmsRetriever.GetClient(Application.Context);
var task1 = SMSclient.StartSmsRetriever();
          task1.AddOnSuccessListener(new SuccessListener());
          task1.AddOnFailureListener(new FailureListener());
      }
      private class SuccessListener : Object, IOnSuccessListener
      {
          public void OnSuccess(Object result)
          {
          }
      }
      private class FailureListener : Object, IOnFailureListener
      {
          public void OnFailure(Exception e)
          {
          }
      }
  }
}

Enter fullscreen mode Exit fullscreen mode

Step 10:Generate Key using Hash Key Helper

The hash chain consists of your application's package name and your application's public key certificate. To generate the hash code, simply run the following C# method to generate a hash that will be included in your SMS message.

You need to make sure to create a hash key and add it to the OTP message. Without the correct hash, your application will not receive the message reminder. The hash key will be created and stored once per application. Then you can remove this helper class from your code and create a new class in the native Android project.

File name: AppHashKeyHelperForSMSCode:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

using Android.App;
using Android.Content;
using Android.OS;
using Android.Runtime;
using Android.Views;
using Android.Widget;

namespace DemoOFOTPVerification.Droid.Helper
{
  public class AppHashKeyHelperForSMS
  {
      private static string HASH_TYPE = "SHA-256";
      private static int NUM_HASHED_BYTES = 9;
      private static int NUM_BASE64_CHAR = 11;
private static string GetPackageSignature(Context context)
      {
PackageManagerpackageManager = context.PackageManager;
var signatures = packageManager.GetPackageInfo(context.PackageName, PackageInfoFlags.Signatures).Signatures;
          return signatures.First().ToCharsString();
      }

      public static string GetAppHashKey(Context context)
      {
          string keystoreHexSignature = GetPackageSignature(context);

          String appInfo = context.PackageName + " " + keystoreHexSignature;
          try
          {
MessageDigestmessageDigest = MessageDigest.GetInstance(HASH_TYPE);
messageDigest.Update(Encoding.UTF8.GetBytes(appInfo));
byte[] hashSignature = messageDigest.Digest();

hashSignature = Arrays.CopyOfRange(hashSignature, 0, NUM_HASHED_BYTES);
              String base64Hash = Android.Util.Base64.EncodeToString(hashSignature, Base64Flags.NoPadding | Base64Flags.NoWrap);
              base64Hash = base64Hash.Substring(0, NUM_BASE64_CHAR);

              return base64Hash;
          }
          catch (NoSuchAlgorithmException e)
          {
              return null;
          }
      }
  }
}

Enter fullscreen mode Exit fullscreen mode

Conclusion

In this blog, we have explained how to implement code without verifying OTP in android using Xamarin.forms.First of all, you can install the google play services authentication package, install in your project than create the class of dependency services, broadcastreceiver, Key helper and messaging center.By automatically reading the OTP, the users can easily complete verification flows via SMS.

💖 💪 🙅 🚩
ifourtechnolab
Harshal Suthar

Posted on October 27, 2023

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related