The SMS Retriever API provides a fully automated user experience and should be
used when possible. It does, however, require you to place a custom hash code in
the message body, and this may be difficult to do if you're not the sender of
that message.
If you don't have control over the contents of the message—for example, if
your app works with a financial institution that might want to verify the user's
phone number before approving a payment transaction inside your app—then
you can use the SMS User Consent API, which does not require the custom hash
code. It does, however, require the user to approve your app's request to access
the message containing the verification code. In order to minimize the chances
of surfacing the wrong message to the user, SMS User Consent will check if the
message contains a 4-10 character alphanumeric code containing at least one
number. It will also filter out messages from senders in the user's Contacts
list.
The differences are summarized in the table below:
SMS Retriever
SMS User Consent
Message requirements
11-digit hash code that uniquely identifies your app
4-10 digit alphanumeric code containing at least one number
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-10-31 UTC."],[[["Google Play services offers two APIs, SMS Retriever and SMS User Consent, to simplify SMS-based verification in your app."],["SMS Retriever API automates verification but requires a custom hash code in the SMS message, ideal when you control message content."],["SMS User Consent API, best for scenarios where you don't control the SMS message (like with financial institutions), requires user approval to access the message but doesn't need a custom hash code."],["SMS User Consent API enhances security by filtering messages from known contacts and focusing on messages containing a 4-10 digit alphanumeric code with at least one number."]]],[]]