I need to trigger a notification on my Android app from firebase. Unfortunately, user USER1 in a remote area does not have an active internet connection.
Now I send SMS verification from another mobile ADMINUSER for USER1 mobile number and then, as a result, can I use it to trigger the notification? If I use ADMINUSER for 100 different numbers will firebase detect and stop admin User as fake request SMS verifier?
According to this link the method you propose would have major security flaws and there is no mention of Firebase blocking the device which would be used for making multiple requests.
Related
I'm planning to create an app and I do not want multi-account, is SMS verification the best way? I've thought with email verification, but for me it does not make sense since I can create fake emails and then sign up with that one. That's why I ended up thinking SMS verification could do the "trick", I know to avoid multi-account is hard, but I can avoid it with SMS because phone number is uniq.
I've been reading Firebase Phone-Auth, but I'm seeing I only can verify 10k users per month (free), from now is ok, but when growing it will be a problem, is there any other api to use OTP?
Edit
Is it safe to create my own service? Let's say this would be the flow.
User puts the phone number on Android phone
Android sends that phone number to server
Server uses an API to send SMS
Server knows then the SMS is sent or not, so it will store the code
Android receives the SMS (without permissions in manifest) then is sent to backend to do the verification
I know to register firebase user via email and phone auth using internet
Is it possible to create or register with just an sms service and register user to firebase
PS:I have checked of Twillio and Angular Js
mAuth.createUserWithEmailAndPassword(email, password);
As Mr. Patel, mentioned in his comment, in order to create an user account either with user and password or via sms, you need to be connected to the internet. There is no way you can register a user to Firebase without internet connection.
It is not possible directly to do this, but i can suggest you some trick to do the same.
You can create an simple dummy app in android in your phone and trigger a brodcast reciever on recieved sms, define some initial keywords in sms that user will type in message then in your mobile app the code will trigger each time you will recieve an sms.
You can create and api endpoint using firebase cloud functions and in your mobile app on recieving the sms read the messgae and split according to pattern like
REG someone#example.com
and send the email and phone number of user to api using volley or async task
then you can create users in firebase auth directly with node Admin SDK
Alternatively you can buy some service online (twilio) i think they have some triggers on sms recieve and do the same on server
Hope this solves you query
I am using a free server of parse.com for my database
I need to verify phone number of user without spending any money, because I don't want to buy an sms gateway, or mobile no. verification by using miss call service.
Any idea?
How is sending verification codes to a user's email address going to verify their phone number? The only way to verify that a user owns the phone number that they're giving is to actually call or text it and have the user respond (usually by entering a one time passcode that's in the text message or spoken in the phone call).
Parse already supports e-mail verification, so if you want to do that then you can check it out here: http://blog.parse.com/2012/04/03/introducing-app-email-settings/
Some - but not all - mobile networks let you send SMS messages via e-mail address, but support for this is rather variable. For near-certain delivery and the best user experience you'll need to use a service that lets you send SMS messages through an API, such as Twilio.
Our Android application is a Visual VoiceMail application which communicates with IMAP server to doownload voicemail mails and play it on user handset. As an autentication method application implements sending/receiving OOB SMS from this client. For sending SMS for this application we have following queries
Will our application be allowed to host on playstore as the application is supposed to send OOB SMS whitout letting the user know about it as it is a part of standard authorization method. In reply to this SMS server will response back to this client with an SMS over specific port which will have the credentials for user and client will start working.
If above is not allowed then what are the norms with which we can implement the same behaviour. Please not we cannot ask the user every time to allow sending messages from application.
Will it be ok if we take consent from user at the time of installation that this application will send authorization/validation messages from backend.
Any other suggestion and norms which we need to take care.
The Visual VoiceMail application is limited to users of a particular operator.
This SMS will not charge any cost to the user, It will be free.
Is this possible and allowed for application to be published on Google Play. If not, please suggest a way to achieve this.
Thanks in advance.
My usecase: A user logged into my app, should be able to send messages to himself logged into the app on another Android device. If the user has more than one devices, then once he opens the message, the notification on other devices must disappear.
Doubts:
How to send data to a particular user across devices? I understand how to send messages to different users on different devices using GCM but this seems rather confusing.
How to achieve this in MQTT with adequate security? I read as much as I could about the security and got to the conclusion that MQTT isn't in the charge of it and that I've to implement my own security measures at the broker level. As of now Mosquitto broker allows username/password authentication, but for an app implementing Oauth, username/password seems rather vulnerable.
Or should I move over to XMPP?
You can use the new User Notifications feature of GCM.
What are User Notifications?
Third party servers can send a single message to multiple instance of
an app running on devices owned by a single user. This feature is
called user notifications. User notifications make it possible for
every app instance that a user owns to reflect the latest messaging
state. For example:
If a message has been handled on one device, the GCM message on the other
devices are dismissed. For example, if a user has handled a
calendar notification on one device, the notification will go away on
the user's other devices.
If a message has not been delivered yet to a device and but it has been handled, the GCM server removes it from the unsent queue for the
other devices.
Likewise, a device can send messages to the notification_key, which is the token that GCM uses to fan out notifications to all devices whose registration IDs are associated with the key.