registerReceiver only for the running app?

jgkiano / react-native-android-sms-verification-api

A wrapper for the android sms verification api. Includes SMS Retriever and SMS User Consent

MIT License

12 stars 6 forks source link

registerReceiver only for the running app? #8

Closed pke closed 2 months ago

pke commented 2 months ago

Is it possible to register the receiver to only get it access to SMS intended for the app specified in the SMS (hash)?

jgkiano commented 2 months ago

not sure i understand, maybe explain with a use-case? but if you are using the app hash the you should be using the SMS Retriever API which won't require any "Allow to read message" permission so the os will route the SMS directly to the app so no other messages will be accessed.

consent api due to the nature of not having a hash there's a probability the SMS coming in isn't the otp that's why user is asked to give consent after verifying its the OTP message.

pke commented 2 months ago

I was referring to the RECEIVER_NOT_EXORTED flag instead of RECEIVER_EXPORTED as discussed here: https://stackoverflow.com/a/77276774/299209

But now sure how relevant it is?

jgkiano commented 2 months ago

From the docs, they show case the receiver being exported (although registered statically). I assume they would want us to use the RECEIVER_EXPORTED flag when registering dynamically.

pke commented 2 months ago

Understood. I have tested that when the SMS does not contain the hash, the app will not get access to it. So I'll close this as its working as designed. Thanks!