In this tutorial, you'll learn about the cool new SMS token feature in Android O. You'll learn how to generate an app-specific token that will fire up a pending intent when the device first receives a message containing that token so as to verify the phone number.
Kindly note that as of this writing, the Android O APIs are still in their third developer preview, though they are final. (We still don't know what O stands for yet!)
What Is an SMS Token?
An SMS token or one-time password is a security mechanism used to authenticate or verify a user. The user enters their phone number, and a limited lifespan token is generated specifically for that user. The user then receives the token as an SMS to their phone. In the case of Android O as of this writing, this app-specific token does not expire, but instead becomes invalid when another is generated.
Why Use Android O's SMS Token?
One of the major reasons you might consider using Android O's SMS token mechanism is that it improves the user experience of the app. The user does not need to copy and paste the token from the SMS client to be verified. Instead, the Android device automatically detects the token sent to the user's device and then triggers the app component in the intent associated with your app (we'll get to that shortly).
Even better, this functionality doesn't require the READ_SMS permission or any other. This mechanism also improves the security of your app user, because no other app can read the message containing the token on the device.
In this tutorial, you'll learn how to use this new feature in Android O's SMS API. You'll learn how to generate an SMS token specifically for your app and send it to a device. We'll use the Android Studio emulator to simulate this process.
Prerequisites
To follow along with this tutorial, make sure you have downloaded the Android 8.0 (O) SDK platform on your computer and have an emulator already set up that targets this version.
1. Generate the App-Specific Token
To start off, I'll show you how to generate an app-specific token which is unique to your app on the user's device.
Create a New Android Studio Project
Fire up Android Studio and create a new project with an empty activity called MainActivity.
Modify the build.gradle File
Make the following changes to your app module's build.gradle file.
compileSdkVersion 'android-O' minSdkVersion 'o' targetSdkVersion 'o'
Modify the MainActivity Class
In the code snippet below, we get the SMSManager class and then call the method createAppSpecificSmsToken(). This does just what it says—it creates the app-specific SMS token. This method requires a PendingIntent which contains the Activity to be fired up when an SMS containing this token (a string 11 characters long) is received by the device.
import android.app.PendingIntent;
import android.content.Intent;
import android.os.Bundle;
import android.support.v7.app.AppCompatActivity;
import android.telephony.SmsManager;
import android.util.Log;
import android.widget.TextView;
public class MainActivity extends AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
TextView textView = (TextView) findViewById(R.id.tv_token);
SmsManager smsManager = SmsManager.getDefault();
String appSmsToken = smsManager.createAppSpecificSmsToken(createSmsTokenPendingIntent());
textView.setText(appSmsToken);
Log.i("MainActivity", "sms token " + appSmsToken);
}
private PendingIntent createSmsTokenPendingIntent() {
return PendingIntent.getActivity(this, 1234,
new Intent(this, SmsTokenResultVerificationActivity.class), 0);
}
}Be aware that, as stated earlier, the generated token is unique to your app on the user's device. If you create another SMS token, the second one will be a valid token while the first one will be ignored.
Lay Out the Screen
Here's a MainActivity layout file set up to display the SMS token that was generated:
<?xml version="1.0" encoding="utf-8"?><LinearLayout
xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
android:layout_width="match_parent"
android:layout_height="match_parent"
tools:context="com.chikeandroid.tutsplusandroidosmstoken.MainActivity"
android:orientation="vertical"
android:gravity="center_horizontal|center_vertical"><TextView
android:text="APP SMS TOKEN GENERATED"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:textColor="@android:color/black"/><TextView
android:id="@+id/tv_token"
android:layout_marginTop="12dp"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:textAppearance="?android:textAppearanceLarge"
android:textColor="@android:color/holo_red_dark"/></LinearLayout>Running the app at this point will show the SMS token generated.
2. Receive the SMS Token
Next, we'll create the activity to be fired up when our device receives a message containing the SMS token. Nothing specific to SMS tokens happens here.
import android.app.Activity;
import android.os.Bundle;
public class SmsTokenResultVerificationActivity extends Activity {
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_sms_token_result);
}
}Lay Out the Screen
Here we create the layout for the activity we created above that contains just one TextView.
<?xml version="1.0" encoding="utf-8"?><LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
android:orientation="vertical"
android:layout_width="match_parent"
android:layout_height="match_parent"
android:gravity="center_horizontal|center_vertical"><TextView
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="Token Result Activity"
android:textColor="@android:color/holo_purple"
android:textAppearance="?android:textAppearanceLarge" /></LinearLayout>Next, we'll test this functionality using the Android Studio emulator.
3. Test the SMS Token
Set Up the Emulator to Send SMS Messages
You can use your emulator to simulate receiving an SMS message, but you'll need to do a little setup. Open your emulator, click the last button on the right-side navigation bar to open the extended control dialog, and then select the phone control button.
From this interface, you can simulate your device receiving a phone call or SMS from another phone.
Send the Token
Make sure you have set up your emulator that targets Android 8.0 (O). Generate a token and enter a text message that contains it. Then click the Send Message button.
Finally, the activity we specified in the pending intent gets fired up immediately! Try sending the message again and see that this time, it will show up in the device SMS client instead, because it is no longer a valid token.
Using a Server
For a production app, the SMS token will typically be sent by a back-end server. So when using a server, the client (your app) should make a request to the server, including the app generated token and the phone number. Your server will then receive this request and send the unmodified token back as a text message to the user's phone. Your app will then receive this token and fire up the component registered in the pending intent. That component can then let the server know that the phone number verification or user authentication succeeded.
Conclusion
In this tutorial, you learned about the awesome SMS token feature introduced in Android O: what is it, its benefits, and how to use it in an Android app.
To learn more about Android SMS and phone APIs, including how to make calls from your app, check out my related tutorial here on Envato Tuts+.
And check out some of our other courses and tutorials on Android app development!
![]()
Android SDKAndroid O: How to Use Notification Channels![]()
AndroidHow to Solve Android’s 13 Most Common Error Messages![]()
Android SDKCreate an Intelligent App With Google Cloud Speech and Natural Language APIs
