Firebase phone auth OTP no longer being read automatically

[vijtheveg]

Android device: Any device Android OS version: Any version (have tested this starting from OS21 all the way to the latest OS - bug repros everywhere) Google Play Services version: com.google.gms:google-services:4.3.8 Firebase/Play Services SDK version: com.google.firebase:firebase-auth:21.0.1 FirebaseUI version: com.firebaseui:firebase-ui-auth:7.1.1

Steps to reproduce: OTP was being read automatically in my app for many months now. It has suddenly stopped working in the last few weeks. There are no specific steps to reproduce - OTP is never read automatically anymore. My code (which has been working for many months now) has not changed at all - it is pretty much the same as the code in the Firebase Auth documentation / samples - nothing special here.

I have verified that the SMS template being used is correct and matches the OTP received. I have also enabled Android SafetyNet / app verification, to no avail.

I filed an issue in the Firebase Auth UI repo (https://github.com/firebase/FirebaseUI-Android/issues/1948) and was directed to file an issue here instead.

[google-oss-bot]

I found a few problems with this issue:

• I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
• This issue does not seem to follow the issue template. Make sure you provide all the required information.

[aguatno]

Hi @vijtheveg Thank you for the provided details. I haven't been able to reproduce it on our end yet. A sample project where the issue can be reproduced will significantly help the investigation. Also, let us know if you noticed any patterns like issues occurred on some model devices etc.

[vijtheveg]

Thanks @aguatno, for your response. It takes considerable amount of time to create a working sample app using Firebase auth and given that my code has not changed at all in the past 6 months, and is virtually identical to the code in your documentation, something else is happening.

The only other change that I can think of is that my app name as specified in the Play Store changed from 'MeraBills' to 'MeraBills - Small Business Management & Accounting.'

Consequently, the receive SMS looks like: '697874 is your verification code for MeraBills - Small Business Management & Accounting.' - do you think the presence of the special characters in the app name (-, & and .) may be causing problems with the SMS parsing?

The only LogCat line that seems to appy to this problem is the one below: 2021-05-27 23:52:53.338 21157-21334/com.merabills.merchant_app_android W/System: Ignoring header X-Firebase-Locale because its value was null.

[vijtheveg]

FYI, I removed special characters from the app name - this problem continues to happen

[Iltwats]

Hi, @vijtheveg, @aguatno I have also faced this issue, but for me how this occurred is different. Before publishing my app in playstore in OTP messages there use to be the app's hash value which helped in automatically detecting the OTP messages and authenticating. But since I published it on the play store the hash value got replaced by the app's name and no longer I am able to verify OTP automatically. I checked out a few documentation where they suggested I add that app's hash value at the end of the OTP message. But unfortunately, I cannot edit the template in firebase auth. I am attaching the screenshot of OTP messages before and after publishing it to playstore. This problem is the same with all the devices. I have used the exact same code mentioned in this firebase doc and earlier it was working fine before publishing to play store.

[vijtheveg]

Thanks, Atul. What is the "app's hash value" - where can I find it?

[Iltwats]

@vijtheveg you can check this link but after generating we can't add it to our OTP messages.

[malcolmdeck]

Hey there, Malcolm from Firebase here. Right now, this is expected behavior - your application's name is long enough that is crowds out the application hash from the SMS. However, I think I might have a way of more appropriately assessing when to include/exclude application hashes that should leave you with fewer pain points. For the moment: 1) There are no workarounds, so just sit tight 2) I'll see whether or not we can do anything, but I can't make any promises as to whether or not I'll be able to remedy the issue. But we'll at least take a look :)

[vijtheveg]

Thank you, Malcolm! So, shortening the application name to around 10-15 characters from its current length will be a workaround, correct?

[vijtheveg]

It looks like shortening the name of the app does indeed fix the problem! The OTP is being read correctly, now that I shortened the app name.

@malcolmdeck if this issue cannot be remedied, can it at least be documented, so people are aware of the implications of the length of the app's name?

@Iltwats - it looks like you were right about the missing hash being the problem!

[Jcardif]

@vijtheveg which app name do I need to change, on firebase?

[Iltwats]

@Jcardif you have to change your app's name on playstore, not on firebase.

[dfg-1310]

Nice discussion! I am looking same issue.

[ennarto]

@malcolmdeck the 10-15 chars is for the English language. For Greek, the space left is 3 characters ... which is, well, impossible to workaround.

I would imagine shortening the text from your side would help. There is definitely a shorter text version you could use.

[shubhamdeol]

@Jcardif you have to change your app's name on playstore, not on firebase.

to what maximum length we can have our app name any idea?

[Iltwats]

@shubhamdeol I guess it's up to 50-60 characters, as currently in my App's OTP message, length is around 50.

[shubhamdeol]

@shubhamdeol I guess it's up to 50-60 characters, as currently in my App's OTP message, length is around 50.

my app has 49 characters to be exact, still auto verification is not working for us. Can you tell your exact length

[OriErel]

Any workaround to make this work? I'm building a React Native app using Firebase authentication and have the exact same issue for Android devices My @react-native-firebase/auth version is 12.4.0

[shubhamdeol]

@OriErel no workaround brother, Nothing worked for me. I had to rollback to previous react native and react native auth versions, the ones I was using before

[969rishi]

Officials of Firebase please rectify this issue my seniors thinks that I don't know how to implement Firebase Auth....lol.

Here is my build.gradle (Project Level)

` buildscript { repositories { google() mavenCentral() } dependencies { classpath 'com.android.tools.build:gradle:4.1.3' classpath 'com.google.gms:google-services:4.3.10' //4.3.5 // NOTE: Do not place your application dependencies here; they belong // in the individual module build.gradle files classpath 'com.google.firebase:firebase-crashlytics-gradle:2.3.0' classpath 'com.google.firebase:perf-plugin:1.3.3' // classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:1.4.32" // classpath "org.jetbrains.kotlin:kotlin-noarg:1.4.32" // classpath 'com.novoda:bintray-release:0.9.2' } }

    allprojects {
            repositories {
            mavenCentral()
            google()
            //        mavenCentral()
            gradlePluginPortal()
            maven { url 'https://jitpack.io' }
}

}

    task clean(type: Delete) {
        delete rootProject.buildDir

}`

And Here is my build.gradle (App level)

` apply plugin: 'com.android.application' apply plugin: 'com.google.gms.google-services' apply plugin: 'com.google.firebase.crashlytics' apply plugin: 'com.google.firebase.firebase-perf'

 android {
 compileSdkVersion 30
 buildToolsVersion "30.0.2"
 defaultConfig {
    applicationId "com.XYZ.XYZ"
    minSdkVersion 22
    targetSdkVersion 30
    versionCode 1
    versionName "1.1"
    testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
}
buildTypes {
    release {
        minifyEnabled false
        shrinkResources false
        proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
    }
}
lintOptions {
    checkReleaseBuilds false
}

compileOptions {
    sourceCompatibility JavaVersion.VERSION_1_8
    targetCompatibility JavaVersion.VERSION_1_8
}

}

dependencies {
//    implementation fileTree(dir: 'libs', include: ['*.jar'])
implementation 'androidx.appcompat:appcompat:1.3.1'
implementation 'androidx.legacy:legacy-support-v4:1.0.0'
implementation 'com.google.android.material:material:1.4.0'
implementation "com.google.android.material:material:1.5.0-alpha01"
implementation 'androidx.constraintlayout:constraintlayout:2.1.0'
testImplementation 'junit:junit:4.13.2'
androidTestImplementation 'androidx.test:runner:1.4.0'
androidTestImplementation 'androidx.test.espresso:espresso-core:3.4.0'

implementation "androidx.core:core-ktx:1.6.0"
implementation 'com.google.android.play:core:1.10.0'
implementation 'com.google.android.play:core-ktx:1.8.1'

implementation 'androidx.browser:browser:1.3.0'
implementation 'com.google.firebase:firebase-core:19.0.0'
implementation 'com.google.android.gms:play-services-auth:19.2.0'
implementation 'com.google.firebase:firebase-auth:21.0.1'
implementation 'com.github.bumptech.glide:glide:4.11.0'
annotationProcessor 'com.github.bumptech.glide:compiler:4.11.0'
implementation 'com.firebase:firebase-client-android:2.5.2'
implementation 'com.android.volley:volley:1.2.0'
implementation 'com.google.firebase:firebase-messaging:22.0.0'
implementation 'com.google.firebase:firebase-storage:20.0.0'
implementation 'com.firebaseui:firebase-ui-storage:3.2.1'
implementation 'com.github.psinetron:slycalendarview:0.0.9'
// Recommended: Add the Firebase SDK for Google Analytics.
implementation 'com.google.firebase:firebase-analytics:19.0.0'
implementation 'com.google.firebase:firebase-dynamic-links:20.1.1'
implementation 'de.hdodenhof:circleimageview:3.1.0' //circular image view
// Add the dependency for the Performance Monitoring library
implementation 'com.google.firebase:firebase-perf:20.0.2'

implementation 'com.google.firebase:firebase-firestore:23.0.3'// Firebase Firestore database
implementation 'com.firebaseui:firebase-ui-firestore:8.0.0'// FirebaseUI for Cloud Firestore

implementation 'androidx.paging:paging-runtime:3.0.1'// Paging Library

implementation 'com.google.code.gson:gson:2.8.6'

implementation 'com.google.android.libraries.places:places:2.4.0' //New google places api
implementation 'com.google.maps.android:android-maps-utils:0.3.4'
implementation 'com.google.android.gms:play-services-location:18.0.0'
implementation 'com.google.android.gms:play-services-places:17.0.0'

implementation 'com.github.pchmn:MaterialChipsInput:1.0.8'// material chip
implementation 'com.hootsuite.android:nachos:1.1.1'// material chips
implementation 'com.google.android:flexbox:2.0.1'

//EventBus enables central communication to decoupled classes with just a few lines of code
implementation 'org.greenrobot:eventbus:3.1.1'

implementation 'com.github.smarteist:autoimageslider:1.3.2'
//library to implement auto image slider

implementation 'com.github.marlonlom:timeago:4.0.3'
//Simple java library for displaying dates as relative time ago language.
implementation 'cn.jzvd:jiaozivideoplayer:7.5.0'

//check internet state
implementation 'com.github.ImaginativeShohag:Oops-No-Internet:v1.1.5'

implementation "androidx.swiperefreshlayout:swiperefreshlayout:1.1.0"

implementation 'com.karumi:dexter:6.2.1'//
implementation "com.leinardi.android:speed-dial:3.1.1"//floatingActionBtn
implementation 'com.github.chrisbanes:PhotoView:2.3.0'//Zoomable Imageview library
// Add the Firebase SDK for Crashlytics.
implementation 'com.google.firebase:firebase-crashlytics:18.2.1'
//GIFs, Stickers and emojis library
implementation 'com.gsconrad:richcontentedittext:1.0.0'

//image zoomable and dissimisable both in one library like whatsapp
implementation 'com.github.stfalcon:stfalcon-imageviewer:1.0.1'

//WorkRequest implementation 'android.arch.work:work-runtime:1.0.1' // implementation 'com.borjabravo:readmoretextview:2.1.0'//read more text

implementation "joda-time:joda-time:2.10.10"

implementation "com.razorpay:checkout:1.6.6"

implementation 'io.github.lucksiege:pictureselector:v2.7.3-rc06'

implementation 'com.google.firebase:firebase-appcheck-safetynet:16.0.0-beta02'//App Check with SafetyNet

} repositories { mavenCentral() } `

Please let me know if anything I am missing

[aadi9839]

Hi I am also facing the same issue. Can't change the app name. Any walkaround??

[Glaubenio]

Hi Same issue here, and my app name has only 5 characters, what should i do?

[mikehardy]

Very interesting. This looks like multiple problems at once:

1- hash maybe missing entirely? https://developers.google.com/identity/sms-retriever/verify#computing_your_apps_hash_string 2- app name "too long"

Folks with short app names that still don't have it working should investigate item 1. You can likely fix yourselves.

Item 2 is currently intractable with current information.

There are some questions that could help affected users:

• it is described as starting "some weeks before" May 24 (date of issue) I suppose? What version stopped working? There is reported success with an older version, which version works?
• there are multiple requests for some spec on exactly how many characters are required. Of course there are language differences etc but if there is some secret hash that must be appended to the SMS and received by the app, making that requirement explicit and documented seems like it would be a big help...

[mpiparo]

facing same issue. after uploading to the Play Store I no longer see the 11 char hash at the end of the SMS and the auto-complete no longer works. Since my app is not yet verified in the Play Store I see both my package name which 32 chars, plus the "(unreviewed)" string being appended to the SMS. My assumption is that once verified the package name will be replaced with my app title/name, which happens to be short for me (only 5 chars) - but would still like to know what the total message length limit is.

Also, can someone confirm that in all cases, the 11 char hash is required for auto-complete? So if I don't see it in the SMS, there's no chance of auto-complete working?

[Harshal624]

Experiencing same issue after updating firebase auth from 18.1.0 to 21.0.1. App name is just 6 characters and 36 characters on google play store.

[shubhamdeol]

Very interesting. This looks like multiple problems at once:

1- hash maybe missing entirely? https://developers.google.com/identity/sms-retriever/verify#computing_your_apps_hash_string 2- app name "too long"

Folks with short app names that still don't have it working should investigate item 1. You can likely fix yourselves.

Item 2 is currently intractable with current information.

There are some questions that could help affected users:

• it is described as starting "some weeks before" May 24 (date of issue) I suppose? What version stopped working? There is reported success with an older version, which version works?
• there are multiple requests for some spec on exactly how many characters are required. Of course there are language differences etc but if there is some secret hash that must be appended to the SMS and received by the app, making that requirement explicit and documented seems like it would be a big help...

@mikehardy Tested Item 2, it does not work for me. Regarding Item 1, I think hash is not missing as auto correct used to work nicely for previous version of react native firebase auth

[vijtheveg]

Here's the latest twist on this problem. This seems to be failing for different langauges as well, as the text for some languages is longer than others. See below an example of hash missing in Tamil (second message) but succeeding in Kannada (first message).

I think the difference is that the length of the Tamil message is greater than that of the Kannada message (the app name is same in both) - so it looks like the overall length of the message exceeding some threshold, thereby causing this bug.

[mikehardy]

I believe that testing results, to be truly useful, need to be in the form of actual text attempted, not images, with exact character counts that worked and language encoding in use for same. For example 'text here that was your message', 43 chars of utf-16 language kannada. Or similar. No one is going to try to guess the numbers for you from an image to derive the rule... Additionally it would be good to attempt progressive shortening of your message until it works.

[vijtheveg]

@mikehardy, I'm not sure I understand. I am not sending these SMS messages - they are being sent by the Firebase auth server as part of the phone auth flow. I don't have any control over the content of the message either - this is decided by Firebase auth as well. I'm not sure how I can therefore "attempt progressive shortening of your message until it works"

Here are the SMS messages as text, in case that helps.

MeraBills ಗಾಗಿ ನಿಮ್ಮ ಪರಿಶೀಲನೆ ಕೋಡ್ 603708 ಆಗಿದೆ. 6f4mfX0ga0k

MeraBills பயன்பாட்டிற்கான உங்கள் சரிபார்ப்புக் குறியீடு 985041 ஆகும்.

[mikehardy]

Interesting! @vijtheveg I had forgotten the wrinkle / complication where we (as users of auth API calls) are not actually even in control of the messages, if I understand correctly. If we can't modify the templates for the OTP as they are internationalized then this attempt to reverse engineer a maximum text length so the OTP fits in will still be hit or miss. There's nothing to do then I suppose except wait for official support from @malcolmdeck et al

[adifyr]

@malcolmdeck It's been a month so just posting to ask what the status on this is. As was mentioned, a Play Store app name above 15 characters doesn't work.

Please consider this as a priority issue. We make apps for clients, often ones that already have a set brand name. So it is a severe disservice to them if they can't have their full name displayed properly on the Play Store & App Store.

If it can't be fixed outright, can you at least increase the character limit to around 50? The same as the Play Store name limit?

[Lakhankumawat]

Any updates guys ? I've been facing the same issue .

[shubhamdeol]

Has anyone found a way to make firebase auth OTP auto verification work? any workaround to this problem ? How is this possible that its open from so long time, I just tried doing everything from scratch still having same issue. This is acting as a blocker to our React Native version update in our product.

[Lakhankumawat]

Yea many people's are still facing this issue including me, also firebase team haven't given any updates yet regarding this 🥺

[rulila52]

Same issue. I think firebase team don't worried about this

[hkchakladar]

Any update?

[mikehardy]

Hmm - re-reading this one, actually, this is not in the control of users or within the capability of users to influence a single bit. Perhaps approaching google / the firebase team from some more official channel related to money changing hands, if there is one, would have a stronger effect since obviously there are no updates here.

[Lakhankumawat]

Yea many people's are still facing this issue including me, also firebase team haven't given any updates yet regarding this 🥺

One solution is try shortening the name of your app in developers console in google play to around 50 - 60 characters might work,

✔️Worked in my case after shortening name of app .

[dhanrajVerma]

Facing exactly same issue and My Apps name is 30 character long in google play console. Still sms code auto retrieval not working.

[Lakhankumawat]

Facing exactly same issue and My Apps name is 30 character long in google play console. Still sms code auto retrieval not working.

how long it's been since you changed your app's name ?

[dhanrajVerma]

Facing exactly same issue and My Apps name is 30 character long in google play console. Still sms code auto retrieval not working.

how long it's been since you changed your app's name ?

approx 3-4 months

[NitroG42]

Hey, I got the same issue, what you all wrote help me to understand what was wrong. To give more info, when I keep the Firebase Language in english, I don't have any issue, but when I switch to app language (French), it seems there is a bad spot with an app name that is a bit too long (the hash is not present at the end of the message). If the app name is really too long, it is not sent in the SMS and it works. Here are the message : (my app name is 5 char long so I'll change for MyApp)

"123456 is your verification code for MyApp Preprod." -> English ; App Name "MyApp Preprod" ; working "123456 est votre code de validation pour MyApp Preprod." -> French ; App Name "MyApp Preprod" ; not working "123456 est votre code de validation. (Hash11characters)" -> French ; App Name "MyApp Preprod Debug" ; working

Hope it can help with the issue. Right now I will keep to english only ; I think the solution is to lower the limit of app name, depending of the rest of the message ?

Edit : I thought it was using "firebaseAuth.useAppLanguage()" ; but it seems that it comes from a change in the Firebase Console, in Authentication -> Templates -> Template language (in the bottom) that I switched to French and then I got the issue.

[shubhamdeol]

These all are workarounds. In previous versions auto verify used to work even with longer app names.

[MaheshwariMadhusudan]

@malcolmdeck Any update on this issue. We are still facing this issue and it is a major issue blocking us from upgrading react-native version in our product.

[alekss-dinsbergs]

I have the same issue. When the template language is set to native - Latvian it does not show the code, but in English it works fine. App name is exacly 15 chars.

[davidmigloz]

Can Firebase use the public-facing name configured in the Firebase project instead of using the app's name from Google Play? So that at least we don't have to change the name in Google Play where it is common to have it as "{name}: short tag line" (e.g. "Duolingo: language lessons").

Or maybe just trim the app name to the maximum length that allows the SMS Retriever API hash to fit?

[subhadeepquantiantech]

which name to change from the code side or only the display name of google play console.

[AmitSonkhiya]

which name to change from the code side or only the display name of google play console.

@subhadeepquantiantech Display name at Google Play Console

[AmitSonkhiya]

Reporting the same issue. Hash at the end is omitted partially due to the length of the app's name.

Developers are not allowed to change the SMS verification template. Could Firebase team add an option to switch between texts?

%LOGIN_CODE% is your verification code for %APP_NAME%. %LOGIN_CODE% is your OTP for %APP_NAME%.

[mohitra0]

I'm facing the same issue, i just don't understand how hash is related to app name? firebase can't handle few characters? Any solution guys?