I am trying to make an app which requires WhatsApp like validation of number, as heard from many people I sent a SMS from the same number to same number and check if the number is same and in message I sent a hashid generated from number and IMEI number and send the same to Server.
Now when the use receives the SMS and put the hashid on an input field and it got stored to Shared Preference and sent to server to match.
Is this the right way and same way WhatsApp doing?
See these links
SMS registration like in the mobile app: whatsapp
How to verify the phone number similar to Whatsapp?
As it says
Send the phone number to be verified, receive a unique hash.
The verification system sends a unique code to the user.
Once the user passes that code to your application, the original hash and the code are sent to the verification system to be validated.
Flow for MSG verification is:
User sent a request for a verification over a particular mobile
number.
Server sends an SMS to that mobile number with verification code,
along with device IMEI number sent by the phone while asking for
verification [Must be encrypted].
SMS broadcast receiver receives an incoming SMS checks if it's
type and if it's an verification SMS, Decrypt the contents,
validates the IMEI number, gets the verification number and sends
this verification number back to the server.
Related
I'm planning to create an app and I do not want multi-account, is SMS verification the best way? I've thought with email verification, but for me it does not make sense since I can create fake emails and then sign up with that one. That's why I ended up thinking SMS verification could do the "trick", I know to avoid multi-account is hard, but I can avoid it with SMS because phone number is uniq.
I've been reading Firebase Phone-Auth, but I'm seeing I only can verify 10k users per month (free), from now is ok, but when growing it will be a problem, is there any other api to use OTP?
Edit
Is it safe to create my own service? Let's say this would be the flow.
User puts the phone number on Android phone
Android sends that phone number to server
Server uses an API to send SMS
Server knows then the SMS is sent or not, so it will store the code
Android receives the SMS (without permissions in manifest) then is sent to backend to do the verification
I'm working on a banking application where part of the requirements involve disabling the OTP field and retrieving it from users phone automatically. The point of this is to prevent fraud in the event that a user naively gives out his/her OTP.
This way, the fraudster has to clone the user's phone number to proceed. This worked fine before the SMS retriever API where I automatically read the message from the user's device and verified the sender before sending the OTP to the backend for verification. However, since I migrated the app over to the SMS Retriever API, there has been issues of fraud coming up because the extra layer of verifying the SMS sender is unavailable on the SMS Retriever API.
All the fraudster has to do is send a message to his number on the phone the app is installed, with the hash key he must have gotten from a previously sent message and he bypasses the reason for disabling the OTP field in the first place. Does anyone have a workaround for this or some recommendation?
I am trying to do Mobile Number Verification just like WhatsApp in my Android App. I'm able to send SMS from my Android app.
But I want to achieve these 2 things:
The Sender name in the receiver's Inbox should be a Custom Name decided by my App, like SMS from WhatsApp has sender name somewhat like WTAPP-5550. Currently its showing my Mobile Number.
Making sure that the SMS sent from User's phone doesn't show up in User's Sent Box. Currently SMS appears both as SENT and RECIEVED SMS. Like in d case of WhatsApp , no SENT Message is present only Recieved SMS is.
Thanks and Regards,
Rahul Soni
See Mr Rahul From your question what I understood is you are sending the sms to the mobile number through your app. That is not a good way to verify the mobile number. What you have to do is you have to send sms through the server. Whats app people will connect to their server and from server they will send sms to the entered mobile number. Thats why it will not appear in the sent box. And to set custom name to the sender number you have to use third party sms services.
I am making a messaging application and we need to verify the user mobile number by sending short code through SMS from users mobile(user will be charged for outgoing SMS ).
We are able to send sms and even able to verify but the message is going from user's name so how to change this user's name to custom name as it is done in whatsapp or other application.
DW-Whatsapp
AM-Telegram
Please advice.
I am using a free server of parse.com for my database
I need to verify phone number of user without spending any money, because I don't want to buy an sms gateway, or mobile no. verification by using miss call service.
Any idea?
How is sending verification codes to a user's email address going to verify their phone number? The only way to verify that a user owns the phone number that they're giving is to actually call or text it and have the user respond (usually by entering a one time passcode that's in the text message or spoken in the phone call).
Parse already supports e-mail verification, so if you want to do that then you can check it out here: http://blog.parse.com/2012/04/03/introducing-app-email-settings/
Some - but not all - mobile networks let you send SMS messages via e-mail address, but support for this is rather variable. For near-certain delivery and the best user experience you'll need to use a service that lets you send SMS messages through an API, such as Twilio.