Firebase phone auth OTP no longer being read automatically

[vijtheveg]

Android device: Any device Android OS version: Any version (have tested this starting from OS21 all the way to the latest OS - bug repros everywhere) Google Play Services version: com.google.gms:google-services:4.3.8 Firebase/Play Services SDK version: com.google.firebase:firebase-auth:21.0.1 FirebaseUI version: com.firebaseui:firebase-ui-auth:7.1.1

Steps to reproduce: OTP was being read automatically in my app for many months now. It has suddenly stopped working in the last few weeks. There are no specific steps to reproduce - OTP is never read automatically anymore. My code (which has been working for many months now) has not changed at all - it is pretty much the same as the code in the Firebase Auth documentation / samples - nothing special here.

I have verified that the SMS template being used is correct and matches the OTP received. I have also enabled Android SafetyNet / app verification, to no avail.

I filed an issue in the Firebase Auth UI repo (https://github.com/firebase/FirebaseUI-Android/issues/1948) and was directed to file an issue here instead.

[prameshj]

I'm facing the same issue, i just don't understand how hash is related to app name? firebase can't handle few characters?

The issue is due to the size limit of the SMS message. If the app name is too long, then the hash gets omitted from the end. The SMS Retrieval API requires the app hash to read the SMS meant for that app - https://developers.google.com/identity/sms-retriever/overview

Modifying the template from "verification code" to "OTP" isn't trivial since the translated text in various languages need to be updated too and "OTP" might not have a suitable translation. Dropping the word "verification" from the template will save some characters. We can look into this, but unable to promise a timeline for this.

[RRaideRR]

I'm facing the same issue, i just don't understand how hash is related to app name? firebase can't handle few characters?

The issue is due to the size limit of the SMS message. If the app name is too long, then the hash gets omitted from the end. The SMS Retrieval API requires the app hash to read the SMS meant for that app - https://developers.google.com/identity/sms-retriever/overview

Modifying the template from "verification code" to "OTP" isn't trivial since the translated text in various languages need to be updated too and "OTP" might not have a suitable translation. Dropping the word "verification" from the template will save some characters. We can look into this, but unable to promise a timeline for this.

I mean dropping the word "verification" would be a good start. English is a language that a lot of people can understand. I would just always use the English SMS template then. That would already help a lot @prameshj

[prameshj]

I'm facing the same issue, i just don't understand how hash is related to app name? firebase can't handle few characters?

The issue is due to the size limit of the SMS message. If the app name is too long, then the hash gets omitted from the end. The SMS Retrieval API requires the app hash to read the SMS meant for that app - https://developers.google.com/identity/sms-retriever/overview Modifying the template from "verification code" to "OTP" isn't trivial since the translated text in various languages need to be updated too and "OTP" might not have a suitable translation. Dropping the word "verification" from the template will save some characters. We can look into this, but unable to promise a timeline for this.

I mean dropping the word "verification" would be a good start. English is a language that a lot of people can understand. I would just always use the English SMS template then. That would already help a lot @prameshj

Thanks for the input! we are evaluating this change and I will post updates here.

[NitroG42]

I think it would be interesting to warn the user it could happen either on the Firebase Console, or in the documentation for the developer (having a too long app name, changing template language could prevent the OTP from being read automatically)

[Sameed1998]

How to shorten app name can anyone please guide me?

[quantiantechnologies]

Go to play store and reduce the size of your app name.

[rais660]

Hi, @vijtheveg, @aguatno I have also faced this issue, but for me how this occurred is different. Before publishing my app in playstore in OTP messages there use to be the app's hash value which helped in automatically detecting the OTP messages and authenticating. But since I published it on the play store the hash value got replaced by the app's name and no longer I am able to verify OTP automatically. I checked out a few documentation where they suggested I add that app's hash value at the end of the OTP message. But unfortunately, I cannot edit the template in firebase auth. I am attaching the screenshot of OTP messages before and after publishing it to playstore. This problem is the same with all the devices. I have used the exact same code mentioned in this firebase doc and earlier it was working fine before publishing to play store.

can I customize the firebase OTP digits from 6 to 4?

[argzdev]

Hi @rais660, AFAIK we don't have any way of customizing our OTP digit count, it's always 6 digits.

[osepoo]

If anyone is looking for a quick fix use this https://androidwave.com/auto-read-otp-android-user-consent-api/ just make sure you set your timeout request to this 'setTimeout(0L, TimeUnit.SECONDS)'

[aavinashj]

This issue has been alive for far too long. It is a very severe issue for us can you please prioritise this as it is forcing us to switch to another auth provider instead of firebase. As the name of our app matters to the play store users we cannot change that.

[vijtheveg]

Can the Firebase team at least reduce the length of the message being sent? The message in languages like Tamil and Malayalam is so long that automatic reading of the OTP never works, regardless of the app name.

[vhartikainen]

Asked from Firebase Support, they said that max length of English SMS is 64 characters. And this has to include the 11-digit hash code.

So basically, for the OTP SMS: "123456 is your verification code for :APPNAME: fHlfLWxxEoP" "123456 is your verification code for " = 38 characters :APPNAME: = 14 characters " fHlfLWxxEoP" (assuming a whitespace in front) = 12 characters

14 characters left for the application name in my calculation. This is pretty annoying, but I guess "640kb characters will be enough for everyone" 🤷

I just wish one could edit the template a bit to make little room for app name. Or at least provide some sort of guidance in the documentation that there would be no guesswork.

[vijtheveg]

At least in English there is some wiggle room for apps with short names. In other languages like Tamil or Malayalam, the template text itself is so long that the code is guaranteed to be cut off, regardless of the length of the app name