OTP/SMS auto fetch issue using SMS Retriever API Android

Question

I'm trying to use Google's SMS Retriever API for Automatic SMS Verification, but there is an issue in it. previously , I was reading sender number using getOriginatingAddress() and if it's valid sender number then read OTP otherwise it should not read message. As , forwarded OTP is disturbing user's privacy.

I have the following scenario.

My app is auto-fetching forwarded OTP messages.

•  User A installs app on his mobile and enters User B mobile number.
•  User B receives OTP and forwards it to User A.
• App reads OTP on User A mobile and goes to home screen.

is there any way around to get sender number.?

Answer 1

There is no way for you to achieve sender verification by using SMS Retriever API.

There is a workaround to handle this scenario for this which would be at SMSC end. That would be that share the hashcode of your verification SMS with SMSC guys to not to forward or restrict SMS that contains that specific hashcode in SMS body. It's not a good approach but that's the only option with SMS Retriever API

Though there is another way which I will recommend

Google has released another API that deals with sender verification but it has different flow then SMS Retriever API and Its called SMS User Consent API This API has following criteria for a message to be delivered and auto fetch by device

A message triggers the broadcast only if it meets these criteria:

1. The message contains a 4-10 character alphanumeric string with at least one number.
2. The message was sent by a phone number that's not in the user's contacts.
3. If you specified the sender's phone number, the message was sent by that number.

Hope this will help you!