Android O: Phone Number Verification With SMS Tokens

Android O: Phone Number Verification With SMS Tokens

In this tutorial, you’ll learn about the cool new SMS token feature in Android O. You’ll learn how to generate an app-specific token that will fire up a pending intent when the device first receives a message containing that token so as to verify the phone number.

Kindly note that as of this writing, the Android O APIs are still in their third developer preview, though they are final. (We still don’t know what O stands for yet!)

What Is an SMS Token?

An SMS token or one-time password is a security mechanism used to authenticate or verify a user. The user enters their phone number, and a limited lifespan token is generated specifically for that user. The user then receives the token as an SMS to their phone. In the case of Android O as of this writing, this app-specific token does not expire, but instead becomes invalid when another is generated.

Why Use Android O’s SMS Token?

One of the major reasons you might consider using Android O’s SMS token mechanism is that it improves the user experience of the app. The user does not need to copy and paste the token from the SMS client to be verified. Instead, the Android device automatically detects the token sent to the user’s device and then triggers the app component in the intent associated with your app (we’ll get to that shortly).

Even better, this functionality doesn’t require the READ_SMS permission or any other. This mechanism also improves the security of your app user, because no other app can read the message containing the token on the device.

In this tutorial, you’ll learn how to use this new feature in Android O’s SMS API. You’ll learn how to generate an SMS token specifically for your app and send it to a device. We’ll use the Android Studio emulator to simulate this process.

Continue to read the full tutorial on Tuts+.