Firebase phone auth OTP no longer being read automatically

[vijtheveg]

Android device: Any device
Android OS version: Any version (have tested this starting from OS21 all the way to the latest OS - bug repros everywhere)
Google Play Services version: com.google.gms:google-services:4.3.8
Firebase/Play Services SDK version: com.google.firebase:firebase-auth:21.0.1
FirebaseUI version: com.firebaseui:firebase-ui-auth:7.1.1

Steps to reproduce:
OTP was being read automatically in my app for many months now. It has suddenly stopped working in the last few weeks. There are no specific steps to reproduce - OTP is never read automatically anymore. My code (which has been working for many months now) has not changed at all - it is pretty much the same as the code in the Firebase Auth documentation / samples - nothing special here.

I have verified that the SMS template being used is correct and matches the OTP received. I have also enabled Android SafetyNet / app verification, to no avail.

I filed an issue in the Firebase Auth UI repo (firebase/FirebaseUI-Android#1948) and was directed to file an issue here instead.

[google-oss-bot]

I found a few problems with this issue:

• I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
• This issue does not seem to follow the issue template. Make sure you provide all the required information.

[aguatno]

Hi @vijtheveg Thank you for the provided details. I haven't been able to reproduce it on our end yet. A sample project where the issue can be reproduced will significantly help the investigation. Also, let us know if you noticed any patterns like issues occurred on some model devices etc.

[vijtheveg]

Thanks @aguatno, for your response. It takes considerable amount of time to create a working sample app using Firebase auth and given that my code has not changed at all in the past 6 months, and is virtually identical to the code in your documentation, something else is happening.

The only other change that I can think of is that my app name as specified in the Play Store changed from 'MeraBills' to 'MeraBills - Small Business Management & Accounting.'

Consequently, the receive SMS looks like: '697874 is your verification code for MeraBills - Small Business Management & Accounting.' - do you think the presence of the special characters in the app name (-, & and .) may be causing problems with the SMS parsing?

The only LogCat line that seems to appy to this problem is the one below:
2021-05-27 23:52:53.338 21157-21334/com.merabills.merchant_app_android W/System: Ignoring header X-Firebase-Locale because its value was null.

[vijtheveg]

FYI, I removed special characters from the app name - this problem continues to happen

[Iltwats]

Hi, @vijtheveg, @aguatno I have also faced this issue, but for me how this occurred is different. Before publishing my app in playstore in OTP messages there use to be the app's hash value which helped in automatically detecting the OTP messages and authenticating. But since I published it on the play store the hash value got replaced by the app's name and no longer I am able to verify OTP automatically.
I checked out a few documentation where they suggested I add that app's hash value at the end of the OTP message. But unfortunately, I cannot edit the template in firebase auth.
I am attaching the screenshot of OTP messages before and after publishing it to playstore.

This problem is the same with all the devices.
I have used the exact same code mentioned in this firebase doc and earlier it was working fine before publishing to play store.

[vijtheveg]

Thanks, Atul. What is the "app's hash value" - where can I find it?

[Iltwats]

@vijtheveg you can check this link but after generating we can't add it to our OTP messages.

[malcolmdeck]

Hey there, Malcolm from Firebase here. Right now, this is expected behavior - your application's name is long enough that is crowds out the application hash from the SMS. However, I think I might have a way of more appropriately assessing when to include/exclude application hashes that should leave you with fewer pain points. For the moment:

1. There are no workarounds, so just sit tight
2. I'll see whether or not we can do anything, but I can't make any promises as to whether or not I'll be able to remedy the issue. But we'll at least take a look :)

[vijtheveg]

Thank you, Malcolm! So, shortening the application name to around 10-15 characters from its current length will be a workaround, correct?

[vijtheveg]

It looks like shortening the name of the app does indeed fix the problem! The OTP is being read correctly, now that I shortened the app name.

@malcolmdeck if this issue cannot be remedied, can it at least be documented, so people are aware of the implications of the length of the app's name?

@Iltwats - it looks like you were right about the missing hash being the problem!

[Jcardif]

@vijtheveg which app name do I need to change, on firebase?

[Iltwats]

@Jcardif you have to change your app's name on playstore, not on firebase.

[dfg-1310]

Nice discussion! I am looking same issue.

[ennarto]

@malcolmdeck the 10-15 chars is for the English language.
For Greek, the space left is 3 characters ... which is, well, impossible to workaround.

I would imagine shortening the text from your side would help.
There is definitely a shorter text version you could use.

[shubhamdeol]

@Jcardif you have to change your app's name on playstore, not on firebase.

to what maximum length we can have our app name any idea?

[Iltwats]

@shubhamdeol I guess it's up to 50-60 characters, as currently in my App's OTP message, length is around 50.

[shubhamdeol]

@shubhamdeol I guess it's up to 50-60 characters, as currently in my App's OTP message, length is around 50.

my app has 49 characters to be exact, still auto verification is not working for us. Can you tell your exact length

[orierel]

Any workaround to make this work?
I'm building a React Native app using Firebase authentication and have the exact same issue for Android devices
My @react-native-firebase/auth version is 12.4.0

[shubhamdeol]

@orierel no workaround brother, Nothing worked for me. I had to rollback to previous react native and react native auth versions, the ones I was using before

[969rishi]

Officials of Firebase please rectify this issue my seniors thinks that I don't know how to implement Firebase Auth....lol.

Here is my build.gradle (Project Level)

` buildscript {
repositories {
google()
mavenCentral()
}
dependencies {
classpath 'com.android.tools.build:gradle:4.1.3'
classpath 'com.google.gms:google-services:4.3.10' //4.3.5
// NOTE: Do not place your application dependencies here; they belong
// in the individual module build.gradle files
classpath 'com.google.firebase:firebase-crashlytics-gradle:2.3.0'
classpath 'com.google.firebase:perf-plugin:1.3.3'
// classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:1.4.32"
// classpath "org.jetbrains.kotlin:kotlin-noarg:1.4.32"
// classpath 'com.novoda:bintray-release:0.9.2'
}
}

    allprojects {
            repositories {
            mavenCentral()
            google()
            //        mavenCentral()
            gradlePluginPortal()
            maven { url 'https://jitpack.io' }
}

}

    task clean(type: Delete) {
        delete rootProject.buildDir

}`

And Here is my build.gradle (App level)

` apply plugin: 'com.android.application'
apply plugin: 'com.google.gms.google-services'
apply plugin: 'com.google.firebase.crashlytics'
apply plugin: 'com.google.firebase.firebase-perf'

 android {
 compileSdkVersion 30
 buildToolsVersion "30.0.2"
 defaultConfig {
    applicationId "com.XYZ.XYZ"
    minSdkVersion 22
    targetSdkVersion 30
    versionCode 1
    versionName "1.1"
    testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
}
buildTypes {
    release {
        minifyEnabled false
        shrinkResources false
        proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
    }
}
lintOptions {
    checkReleaseBuilds false
}

compileOptions {
    sourceCompatibility JavaVersion.VERSION_1_8
    targetCompatibility JavaVersion.VERSION_1_8
}

}

dependencies {
//    implementation fileTree(dir: 'libs', include: ['*.jar'])
implementation 'androidx.appcompat:appcompat:1.3.1'
implementation 'androidx.legacy:legacy-support-v4:1.0.0'
implementation 'com.google.android.material:material:1.4.0'
implementation "com.google.android.material:material:1.5.0-alpha01"
implementation 'androidx.constraintlayout:constraintlayout:2.1.0'
testImplementation 'junit:junit:4.13.2'
androidTestImplementation 'androidx.test:runner:1.4.0'
androidTestImplementation 'androidx.test.espresso:espresso-core:3.4.0'

implementation "androidx.core:core-ktx:1.6.0"
implementation 'com.google.android.play:core:1.10.0'
implementation 'com.google.android.play:core-ktx:1.8.1'

implementation 'androidx.browser:browser:1.3.0'
implementation 'com.google.firebase:firebase-core:19.0.0'
implementation 'com.google.android.gms:play-services-auth:19.2.0'
implementation 'com.google.firebase:firebase-auth:21.0.1'
implementation 'com.github.bumptech.glide:glide:4.11.0'
annotationProcessor 'com.github.bumptech.glide:compiler:4.11.0'
implementation 'com.firebase:firebase-client-android:2.5.2'
implementation 'com.android.volley:volley:1.2.0'
implementation 'com.google.firebase:firebase-messaging:22.0.0'
implementation 'com.google.firebase:firebase-storage:20.0.0'
implementation 'com.firebaseui:firebase-ui-storage:3.2.1'
implementation 'com.github.psinetron:slycalendarview:0.0.9'
// Recommended: Add the Firebase SDK for Google Analytics.
implementation 'com.google.firebase:firebase-analytics:19.0.0'
implementation 'com.google.firebase:firebase-dynamic-links:20.1.1'
implementation 'de.hdodenhof:circleimageview:3.1.0' //circular image view
// Add the dependency for the Performance Monitoring library
implementation 'com.google.firebase:firebase-perf:20.0.2'

implementation 'com.google.firebase:firebase-firestore:23.0.3'// Firebase Firestore database
implementation 'com.firebaseui:firebase-ui-firestore:8.0.0'// FirebaseUI for Cloud Firestore

implementation 'androidx.paging:paging-runtime:3.0.1'// Paging Library

implementation 'com.google.code.gson:gson:2.8.6'

implementation 'com.google.android.libraries.places:places:2.4.0' //New google places api
implementation 'com.google.maps.android:android-maps-utils:0.3.4'
implementation 'com.google.android.gms:play-services-location:18.0.0'
implementation 'com.google.android.gms:play-services-places:17.0.0'

implementation 'com.github.pchmn:MaterialChipsInput:1.0.8'// material chip
implementation 'com.hootsuite.android:nachos:1.1.1'// material chips
implementation 'com.google.android:flexbox:2.0.1'

//EventBus enables central communication to decoupled classes with just a few lines of code
implementation 'org.greenrobot:eventbus:3.1.1'

implementation 'com.github.smarteist:autoimageslider:1.3.2'
//library to implement auto image slider

implementation 'com.github.marlonlom:timeago:4.0.3'
//Simple java library for displaying dates as relative time ago language.
implementation 'cn.jzvd:jiaozivideoplayer:7.5.0'

//check internet state
implementation 'com.github.ImaginativeShohag:Oops-No-Internet:v1.1.5'

implementation "androidx.swiperefreshlayout:swiperefreshlayout:1.1.0"

implementation 'com.karumi:dexter:6.2.1'//
implementation "com.leinardi.android:speed-dial:3.1.1"//floatingActionBtn
implementation 'com.github.chrisbanes:PhotoView:2.3.0'//Zoomable Imageview library
// Add the Firebase SDK for Crashlytics.
implementation 'com.google.firebase:firebase-crashlytics:18.2.1'
//GIFs, Stickers and emojis library
implementation 'com.gsconrad:richcontentedittext:1.0.0'

//image zoomable and dissimisable both in one library like whatsapp
implementation 'com.github.stfalcon:stfalcon-imageviewer:1.0.1'

//WorkRequest
implementation 'android.arch.work:work-runtime:1.0.1'
// implementation 'com.borjabravo:readmoretextview:2.1.0'//read more text

implementation "joda-time:joda-time:2.10.10"

implementation "com.razorpay:checkout:1.6.6"

implementation 'io.github.lucksiege:pictureselector:v2.7.3-rc06'

implementation 'com.google.firebase:firebase-appcheck-safetynet:16.0.0-beta02'//App Check with SafetyNet

}
repositories {
mavenCentral()
}
`

Please let me know if anything I am missing

[aadi9839]

Hi
I am also facing the same issue. Can't change the app name. Any walkaround??

[dhanrajVerma]

Facing exactly same issue and My Apps name is 30 character long in google play console.
Still sms code auto retrieval not working.

[Lakhankumawat]

Facing exactly same issue and My Apps name is 30 character long in google play console. Still sms code auto retrieval not working.

how long it's been since you changed your app's name ?

[dhanrajVerma]

Facing exactly same issue and My Apps name is 30 character long in google play console. Still sms code auto retrieval not working.

how long it's been since you changed your app's name ?

approx 3-4 months

[NitroG42]

Hey, I got the same issue, what you all wrote help me to understand what was wrong.
To give more info, when I keep the Firebase Language in english, I don't have any issue, but when I switch to app language (French), it seems there is a bad spot with an app name that is a bit too long (the hash is not present at the end of the message). If the app name is really too long, it is not sent in the SMS and it works.
Here are the message :
(my app name is 5 char long so I'll change for MyApp)

"123456 is your verification code for MyApp Preprod." -> English ; App Name "MyApp Preprod" ; working
"123456 est votre code de validation pour MyApp Preprod." -> French ; App Name "MyApp Preprod" ; not working
"123456 est votre code de validation. (Hash11characters)" -> French ; App Name "MyApp Preprod Debug" ; working

Hope it can help with the issue. Right now I will keep to english only ; I think the solution is to lower the limit of app name, depending of the rest of the message ?

Edit : I thought it was using "firebaseAuth.useAppLanguage()" ; but it seems that it comes from a change in the Firebase Console, in Authentication -> Templates -> Template language (in the bottom) that I switched to French and then I got the issue.

[shubhamdeol]

These all are workarounds. In previous versions auto verify used to work even with longer app names.

[MaheshwariMadhusudan]

@malcolmdeck
Any update on this issue. We are still facing this issue and it is a major issue blocking us from upgrading react-native version in our product.

[alekss-dinsbergs]

I have the same issue. When the template language is set to native - Latvian it does not show the code, but in English it works fine. App name is exacly 15 chars.

[davidmigloz]

Can Firebase use the public-facing name configured in the Firebase project instead of using the app's name from Google Play? So that at least we don't have to change the name in Google Play where it is common to have it as "{name}: short tag line" (e.g. "Duolingo: language lessons").

Or maybe just trim the app name to the maximum length that allows the SMS Retriever API hash to fit?

[subhadeepquantiantech]

which name to change from the code side or only the display name of google play console.

[AmitSonkhiya]

which name to change from the code side or only the display name of google play console.

@subhadeepquantiantech Display name at Google Play Console

[AmitSonkhiya]

Reporting the same issue.
Hash at the end is omitted partially due to the length of the app's name.

Developers are not allowed to change the SMS verification template.
Could Firebase team add an option to switch between texts?

%LOGIN_CODE% is your verification code for %APP_NAME%.
%LOGIN_CODE% is your OTP for %APP_NAME%.

[mohitra0]

I'm facing the same issue, i just don't understand how hash is related to app name? firebase can't handle few characters?
Any solution guys?

[prameshj]

I'm facing the same issue, i just don't understand how hash is related to app name? firebase can't handle few characters?

The issue is due to the size limit of the SMS message. If the app name is too long, then the hash gets omitted from the end. The SMS Retrieval API requires the app hash to read the SMS meant for that app - https://developers.google.com/identity/sms-retriever/overview

Modifying the template from "verification code" to "OTP" isn't trivial since the translated text in various languages need to be updated too and "OTP" might not have a suitable translation. Dropping the word "verification" from the template will save some characters. We can look into this, but unable to promise a timeline for this.

[RRaideRR]

I'm facing the same issue, i just don't understand how hash is related to app name? firebase can't handle few characters?

The issue is due to the size limit of the SMS message. If the app name is too long, then the hash gets omitted from the end. The SMS Retrieval API requires the app hash to read the SMS meant for that app - https://developers.google.com/identity/sms-retriever/overview

Modifying the template from "verification code" to "OTP" isn't trivial since the translated text in various languages need to be updated too and "OTP" might not have a suitable translation. Dropping the word "verification" from the template will save some characters. We can look into this, but unable to promise a timeline for this.

I mean dropping the word "verification" would be a good start. English is a language that a lot of people can understand. I would just always use the English SMS template then. That would already help a lot @prameshj

[prameshj]

I'm facing the same issue, i just don't understand how hash is related to app name? firebase can't handle few characters?

The issue is due to the size limit of the SMS message. If the app name is too long, then the hash gets omitted from the end. The SMS Retrieval API requires the app hash to read the SMS meant for that app - https://developers.google.com/identity/sms-retriever/overview
Modifying the template from "verification code" to "OTP" isn't trivial since the translated text in various languages need to be updated too and "OTP" might not have a suitable translation. Dropping the word "verification" from the template will save some characters. We can look into this, but unable to promise a timeline for this.

I mean dropping the word "verification" would be a good start. English is a language that a lot of people can understand. I would just always use the English SMS template then. That would already help a lot @prameshj

Thanks for the input! we are evaluating this change and I will post updates here.

[NitroG42]

I think it would be interesting to warn the user it could happen either on the Firebase Console, or in the documentation for the developer (having a too long app name, changing template language could prevent the OTP from being read automatically)

[Sameed1998]

How to shorten app name can anyone please guide me?

[quantiantechnologies]

Go to play store and reduce the size of your app name.

[rais660]

Hi, @vijtheveg, @aguatno I have also faced this issue, but for me how this occurred is different. Before publishing my app in playstore in OTP messages there use to be the app's hash value which helped in automatically detecting the OTP messages and authenticating. But since I published it on the play store the hash value got replaced by the app's name and no longer I am able to verify OTP automatically. I checked out a few documentation where they suggested I add that app's hash value at the end of the OTP message. But unfortunately, I cannot edit the template in firebase auth. I am attaching the screenshot of OTP messages before and after publishing it to playstore. This problem is the same with all the devices. I have used the exact same code mentioned in this firebase doc and earlier it was working fine before publishing to play store.

can I customize the firebase OTP digits from 6 to 4?

[argzdev]

Hi @rais660, AFAIK we don't have any way of customizing our OTP digit count, it's always 6 digits.

[osepoo]

If anyone is looking for a quick fix use this https://androidwave.com/auto-read-otp-android-user-consent-api/ just make sure you set your timeout request to this 'setTimeout(0L, TimeUnit.SECONDS)'

[aavinashj]

This issue has been alive for far too long. It is a very severe issue for us can you please prioritise this as it is forcing us to switch to another auth provider instead of firebase. As the name of our app matters to the play store users we cannot change that.

[vijtheveg]

Can the Firebase team at least reduce the length of the message being sent? The message in languages like Tamil and Malayalam is so long that automatic reading of the OTP never works, regardless of the app name.

[vhartikainen]

Asked from Firebase Support, they said that max length of English SMS is 64 characters. And this has to include the 11-digit hash code.

So basically, for the OTP SMS: "123456 is your verification code for :APPNAME: fHlfLWxxEoP"
"123456 is your verification code for " = 38 characters
:APPNAME: = 14 characters
" fHlfLWxxEoP" (assuming a whitespace in front) = 12 characters

14 characters left for the application name in my calculation. This is pretty annoying, but I guess "640kb characters will be enough for everyone" 🤷

I just wish one could edit the template a bit to make little room for app name. Or at least provide some sort of guidance in the documentation that there would be no guesswork.

[vijtheveg]

At least in English there is some wiggle room for apps with short names. In other languages like Tamil or Malayalam, the template text itself is so long that the code is guaranteed to be cut off, regardless of the length of the app name

[mikelluzuriaga]

Incredible....

[caeg0n]

unbelievable