Android Question Sms retiver api

Semen Matusovskiy

Well-Known Member
Licensed User
To receive SMS without Android permission is a part of common problem - SMS-verification as it is.

Typical scheme - user types a phone number, the app sends it to own server. The server generates access code, and sends it back, using http-interface of SMS-provider.
Main problem - it's neccessary to pay to SMS-provider. In better case - 1-2 cents per message.

I tried to understand Google's API, but was not able to understand, how to send SMS without SMS-provider. Without this Google's API helps with permissions only
 
Upvote 0

DonManfred

Expert
Licensed User
Longtime User
how to send SMS without SMS-provider
i don´t think you can. Having a Serversolution is mandatory.
Google does not Provide methods to send SMS on Googlecosts.
 
Upvote 0

Semen Matusovskiy

Well-Known Member
Licensed User
@Don

i don´t think you can

That's why I am completely confused. If to forget about permissions, I am not able to find really useful effect of SMS Retriever API.
Meanwhile it's hard to beleive that Google made special API, because they did not have what to do.
 
Upvote 0

Marcos Alves

Well-Known Member
Licensed User
Longtime User
if you have a serversolution to send sms then you have Android which listen to the SMS and inform you. Without need of any permission.
Hello all,

I'm recovering this old thread because it looks that Google defined a deadline for adequate or remove apps in Google Play using SMS and Call Log permissions... and the deadline is January/Feb-2019... this means now!
READ SMS is a huge used resource to authenticate many apps, like whatsapp, line, skype and others,due many reasons:
  • Getting a valid and a real phone number of an user, you have a real contact point
  • You are able to garante that, if you are giving any bonus for the first installation, the user will not uninstall and install again only to gain this bonus
  • The user doesn't need do know any login or password. Oly to type his phone number and be validated using SMS
And many others... the traditional flow is:
- User starts the app and type his phone number
- A https method is called, normally using post, registering a token in a server associated to his number. The token is sent to the phone using SMS
- When receiving the SMS, the app captures the token using intent (automated method) and call other POST method with phone number and the token received
- The return of this second POST contains username and password OR a new token to be used in app sessions

Then, we need at least the SMS_READ method to automatize the second call after the SMS receiving. Notice that OUR SERVER sent the SMS, but the app needs to READ the SMS data . Other workaround in to allow the user to manually fill the code received... but there are many pitfalls with this approach: the main is the possibility of the user receives the SMS in other device and fills, activating many accounts with the same phone number...
The google knows the importance of this feature BUT doesn't want to be responsible by allowing the developers to access the entire SMS storage... then, the SMS Retrieve API allows the app indirectly access it's specific message... like a proxy.
To change the approach to allow the user fills the code manually is the fast workaround, besides the problems related to this method... If @Erel or @DonManfred could create a B4A lib to SMS Retrieve API I'm sure that many developers will pay by this...

Regards for all...
 
Upvote 0

DonManfred

Expert
Licensed User
Longtime User
Upvote 0
Top