The problem that I have is the SMS gateway not working very well when I need to verify the phone number. I'm using Clickatell
Sometimes working, sometimes no. Users are very angry with us because the request the sms and they never receive it.
I need a service or another way to verify the phone number efficiently.
The problem is the users country (south and center America like argentina, uruguay, paraguay, ecuador, panama, etc). The most of t he SMS gateway not working righ in this kind of country.
Another alternative? May be a phone call or something.
Thanks!
Twitter's digits (https://get.digits.com/) is one of the best ways to check user validation through the phone number (SMS OTP) and it's totally FREE. :)
Digits are powered by Twitter’s infrastructure. Take seconds to integrate with your project. Just download the fabric plugin for android studio from digit website.
It supports unlimited Authentications, supports multi-Languages, supports International Numbers, supports Custom themes etc.
Related
Firebase allows us to test phone numbers without using real phone numbers (by white listing the numbers from the console).
But firebase states this in the docs:
Make sure you use fictional numbers that do not already exist. Firebase Authentication does not allow you to whitelist existing phone numbers used by real users. One option is to use 555 prefixed numbers as US test phone numbers, for example: +1 650-555-3434.
Question:
1) If I added real phone number in the white list, does it mean that it might be possible to send an sms to this device?
2) I don't know how I can provide a fake number in my country, so following what firebase recommends:
They state that we use 555 prefixed numbers, now I don't know what this means. I think that in this number (+1 650-555-3434):
+1 : country code for US.
650 : Area code.
555 : A number that should be there to make the number fake.
3434 : Any random number that I can provide.
Is this the meaning of a fake number?
Even if you provide a real phone number for testing, no SMS will be sent (the code you configure would need to be provided to complete sign in). The point of the feature to simplify phone authentication development.
With test phone numbers:
No SMS is sent, so no charges incurred (you won't use up your quota).
The same phone number can be used for testing without getting throttled.
You can test in a simulator, without using silent push notifications, reCAPTCHA, etc.
US 555 area codes are not real phone numbers: https://en.wikipedia.org/wiki/555_(telephone_number).
I'm not sure if each country has equivalent fictional numbers. It is OK to use real phone numbers. The important thing is to not use phone numbers that belong to real users. You can probably whitelist your own phone number or your development team's phone numbers, etc which you plan to use for development.
We are trying to implement firebase phone auth in our android app as described in this link. It works fine in our app and also the server side validation works as expected. Now we want to add daily number of SMS restriction for same phone number or same device to prevent abuse. The link quotes -
To prevent abuse, Firebase enforces a limit on the number of SMS messages that can be sent to a single phone number within a period of time. If you exceed this limit, phone number verification requests might be throttled. If you encounter this issue during development, use a different phone number for testing, or try the request again later.
So the questions are -
How much is the limit of SMS within how much time for any number?
Is there any way from firebase android sdk end to restrict number of SMS for same number or same device.
Is there any way from firebase console to restrict number of SMS for same number or same device.
firebaser here
Since this limit is in place to prevent abuse, it is neither fixed nor documented.
There is no way to configure this server-side limit from your code or the console.
As the link says, if you hit the limit during development you should either wait a bit or try with a different phone/number.
If you find that you repeatedly hit this limit during developer, reach out to Firebase support for personalized help in troubleshooting or at least to let us know that the limit seems unreasonable for your development practice.
I am making an app and I want to know the overall jist to make it so you can sign in with your phone number. For example, in the app Down to Lunch (an app to invite your friends to get food), once you download it, the first thing you do is sign in with your phone number. From then on, your number is how you are identified in the app. What I want to know is once you submit that number, is it added to a table in a database? Then when a new user registers, that number must go through and check against every number in that table to make sure it is different? If so, wouldn't that take long for a large user base (like a social network) or is that just what databases are capable of doing? (more specifically amazon web services, because I would use their relational database service, im guessing)
You can use library called DIGITS and which is available on Fabric
Digits lets people create an account or sign into your app using nothing but their phone number on iOS and Android. Built using the same global, reliable infrastructure Twitter uses, Digits will verify the user’s phone number with a simple customizable user interface that easily integrates into your app.
Refer below links:
DIGITS - Sign in with Phone Number
How to configure to app
Technical answer
Facebook, Twitter and Truecaller provide free SDKs which you can include in your app to provide phone number based login into your app. What these SDK do is to authenticate an entered phone number (via OTP verification) and nothing more. Hence you can have a phone number OTP verification gateway as soon as user start your app. Using any one of these SDKs, you can know if the phone number verification happened successfully or not. From here on, you have the control of the application. You will be handling user base. You will keep track of user profile, friends, redundancy check (returning user check), etc.
Business answer
For developing something humongous like a social network, you would want to segregate user ids from the start. You would also want to study more on computer science subjects like Data Structure. Obviously, you can never develop a perfect application. Even if you try doing so upfront, there's a greater chance that new technologies have come up and your perfect solution isn't perfect anymore -- within 2 months. Hence, implement a feasible solution first, which is a perfect tradeoff between perfection and time remaining for your case and your predictive growth.
Important links
Phone number OTP verification services:
Twitter Fabric Digits: https://get.digits.com/
Facebook's OTP verification: https://developers.facebook.com/docs/accountkit
Truecaller: https://www.truecaller.com/developer
I am trying to put together a registration process in which one of the pieces of information is the cell phone number. I know through iOS SDK I can get the phone number, but Apple will reject the application.
If I have the user enter the phone number, how can I be sure that user isn't entering some "fake/spoofed" phone number. I want to make sure the number entered belongs to that specific device and be able to pass that phone number to a REST service handling the registration of that device.
I realize open access to the phone number is a privacy issue, but there has to be some way to get the cell number with the users approval AND validate that number came from that device.
I will be targeting iOS 6.x + Not sure which versions of Android yet.
As always, any thoughts or ideas are welcome.
You can send a validation code to the mobile via SMS, so you can prevent spam and fraud. For this you need a SMS gateway provider.
Check Text Anywhere, they provide an API for Java, .Net, and etc. (i couldnt link the url...)
Or Twilio.
I am making a webapp which will coordinate with an iOS and Android application. There will be a two types of accounts. One will be primarily on the website and the other will be primarily on the Android or iOS app. This question may be too broad, but I'm looking for an authentication pattern which will work for this setup and make sure that the right web account is pairing with the right mobile account. Here's what I've got so far and am hoping you can provide some feedback...
When a mobile app is installed, it will reach out to the server with information such as name and phone number to which a UUID will be returned.
If the web account wants to link with a mobile account, the web account must enter the phone number of the mobile app they want to link to. The server then sends a message to the mobile device so that user can confirm the pairing.
Are there drawbacks to basing the account id on a phone number? Is there a better way to do such two factor authentication? Sorry if this is too vague or undirected and thanks for any help!
Phone number is a bad UUID because there is no way to get the phone number. Other than asking the user. Not reliably. Also, some devices allow dual sims (home and work) and thus would have multiple phone numbers.
A better way is to use the android device id. But even that isn't that great- I could write an app that calls your service with whatever id I want. There's a reason RSA keys use a cryptographic token that changes every minute- it requires you not only to know the id, but to know what the id is now. Otherwise you'd just need to have found out the secret id once and you're in for life.