Skip to content

A plugin compliant with SMS Retriever Android API to receive text messages without requiring SMS permissions

Notifications You must be signed in to change notification settings

diegosiao/cordova-plugin-android-sms-retriever

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

cordova-plugin-android-sms-retriever

This plugin uses the Android SMS Retriever API to intercept text messages sent to the phone.

Why is that?

On January/2019 Google started warning developers about critical changes in SMS and CALL LOGS access policy. Android used to allow apps to read or intercept SMS indiscriminately since they had the permissions: SMS_READ and/or CALL_LOG. That is an obvious security issue since several financial operations rely on tokens or OTP (One Time Passwords) sent through SMS to their users. More info...

Regarding to SMS, Google presents as an alternative the SMS Retriever API used by this plugin.

Installation

cordova plugin add cordova-plugin-android-sms-retriever

API Reference

AndroidSmsRetriever

.getAppHash(successCallback, errorCallback)

Since computing the 11 characters portion of your app's hash required by SMS retriever API to be in the text message body can be a tedious workload, this plugin provides this function as an utility.

IMPORTANT: Since you get your app's hash, you should remove the call to this function. Also, remember this hash uses the certicate used to sign the APK so consider this information if you face issues to intercept SMS.

// Remove this code after getting your app's hash
// The hash might be different when building a release version
if (device.platform === 'Android') {

    cordova.plugins.AndroidSmsRetriever
        .getAppHash(
            
            function successCallback(hash) {
                alert(hash);
            },

            function errorCallback(e) {
                console.error(e);
            }

        );
}

If you are facing difficulties to generate your app's hash using this function refer to documentation provided by Google here.

.onSmsReceived(successCallback, errorCallback, notifyWhenStarted)

successCallback The function to be called when a SMS arrives.

errorCallback The error callback will be called if something goes wrong or if no SMS arrives within 5 minutes.

notifyWhenStarted An optional boolean that determines if the successCallback should also be called when the SMS retriever starts. The value returned in the message parameter of the successCallback will be the constant 'SMS_RETRIEVER_SETUP'.

Useful when you want to make sure the native SMSretriever listener is up and running before requesting your server to send the text message.

if (device.platform === 'Android') {

    cordova.plugins.AndroidSmsRetriever
        .onSmsReceived(
            
            function successCallback(message) {

                if(message === 'SMS_RETRIEVER_SETUP') {
                    // Here you request server to send the SMS
                    return;
                }

                alert(message);
            },

            function errorCallback(e) {
                console.error(e);
            },

            true //notifyWhenStarted
        );
}

IMPORTANT: The body of your SMS needs to comply the Android SMS Retriever API requirements described here. Basically you need to start with the "<#>" tag and finish with the 11 character code extracted from your app's hash, in the example below FA+9qCX9VSu.

SMS example
<#> Your ExampleApp code is: 123ABC78
FA+9qCX9VSu

About

A plugin compliant with SMS Retriever Android API to receive text messages without requiring SMS permissions

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages