6

I am working on an internet trading application with its mobile and iPhone applications available. With the recent market trend, we are working on including two-factor authentication. For that, we will be sending a one-time password as a sms on user's registered mobile number.

Is there a way,that the OTP can get automatically populated into application from user's message box in iPhone? What algorithm should I use to make my app read user's message box?

Thanks in advance:)

Yasha
  • 161
  • 1
  • 4
  • 13
  • That question does not contain a valid and useful answer. – Yasha Jan 03 '14 at 10:59
  • valid and useful in terms of what ? it is not possible to read sms programmatically is confirmed. Other way you can look forward is suggested by @rckoenes – Janak Nirmal Jan 03 '14 at 11:06
  • Possible answers on the site suggests jail-breaking the ios first. Jail-breaking an iPhone is like a privilege escalation that my client may or may not do. i cant ask my client to mandatorily Jailbreak his phone in order for my App to work smoothly on it. – Yasha Jan 03 '14 at 11:19
  • So for that we have jailbreak tag here on SO, and also you can specify in your question that you are open to the possibilities on jailbreak as well. And I suggested `possible duplicate` not duplicate. – Janak Nirmal Jan 03 '14 at 11:22
  • All right yes, agreed, but i just wanted to tell you that i am looking for more feasible options then suggested in the possible duplicate. Also, I did not use the jailbreak tag, neither did I use the term, so I would like add upon, I am not open to playing with the end client's phone. I hope i am clear now. – Yasha Jan 03 '14 at 11:29
  • May I know how to send OTP from mobile to particular mobile number as SMS. – SURESH SANKE Sep 30 '15 at 18:38

3 Answers3

8

Straight Forward answer NO

It is not possible to read SMS programmatically as of now as applications in iOS are sandboxed, which means you can not read anything from user's phone outside of your application.

Janak Nirmal
  • 22,706
  • 18
  • 63
  • 99
8

You can not access to the users SMS inbox, this would be a real privacy issue.

What you can do is register your own app schema, with your app can be opened. The you can do something like myApp://register/<OTP>, you can then pick up this URL and take the OTP from the URL and use it. Just use the URL in your SMS and iOS will do the rest.

You can parse the app URL in - (BOOL)application:(UIApplication *)application openURL:(NSURL *)url sourceApplication:(NSString *)sourceApplication annotation:(id)annotation in your app delegate.

rckoenes
  • 69,092
  • 8
  • 134
  • 166
  • Thank you, but as i learned from another comment, inbox are sandboxed, will it create a trouble? – Yasha Jan 03 '14 at 10:57
  • And also, does this work in android phones? – Yasha Jan 03 '14 at 11:01
  • No this will not create any trouble and yes you can use the same app URL on android. – rckoenes Jan 03 '14 at 11:02
  • Thanks a lot, I'll test it and get back on the forum. – Yasha Jan 03 '14 at 11:03
  • 1
    Hi, there was this 1 confusion. I am already sending sms to the user for OTP, where should I place myApp://register/ in my code? And what changes will i have to make in iPhone/Android code in order to make it accept the OTP directly from the sms without user manually entering it. – Yasha Jan 03 '14 at 11:11
  • hi @Yasha i am developing an application where on registering in app it sends an otp.Can you please help me in doing this – Rani May 14 '14 at 09:09
3

You can Access SMS from your app. So better make user to enter his contact number and send SMS to his mobile

-(BOOL)application:(UIApplication *)application openURL:(NSURL *)url sourceApplication:(NSString *)sourceApplication annotation:(id)annotation
{
    if (!url) {
        UIApplication * yourapplication =[UIApplication sharedApplication];
        NSString *outputpath =@"appname://data/";
        NSURL *url =[NSURL URLWithString:outputpath];
        [yourapplication openURL:url];
        return NO;
    }

    NSUserDefaults *defaultString =[NSUserDefaults standardUserDefaults];
    NSString * commonString =[url absoluteString];
    if (commonString.length<=15) {
        //
    }
    else
    {
        [defaultString setObject:commonString forKey:@"urlString"];
    }
         //send info to the screen you need and can navigate
    return YES;
}
Meet Doshi
  • 4,241
  • 10
  • 40
  • 81
Charan Giri
  • 1,097
  • 1
  • 9
  • 15
  • LoadLog (free app) I developed that application where the total information will be sent through SMS only. No server is used for that application – Charan Giri Jan 03 '14 at 10:57
  • User is already receiving a sms on his mobile, but I want to ease out the process for him. The OTP should automatically get populated as the user receives it as a sms. – Yasha Jan 03 '14 at 11:01
  • @Yasha that is what i said OTP will be send to SMS only(the only and best possible way for mobiles) and you can access them. are you expecting something other than SMS? – Charan Giri Jan 03 '14 at 11:21
  • Yes, I am looking forward to a possiblity, where-in , if the user is using app on the same phone on which the sms arrives, app should be capable of automatically reading the OTP from that sms and put it directly on the app. This is to reduce the user's work of minimizing the app, reading the sms and then goin back to app to enter the OTP. – Yasha Jan 03 '14 at 11:36
  • This can be done. I used same in LoadLog app, but SMS will be sent by Admin. – Charan Giri Jan 03 '14 at 11:46
  • okay, then here I am the admin, I'll be sending the sms to user, now my App should be capable of reading that sms. HOW to do it is the question. – Yasha Jan 03 '14 at 11:50
  • i'll send code for it – Charan Giri Jan 03 '14 at 11:51
  • yea..ty ..looking forward to it :) – Yasha Jan 03 '14 at 12:02
  • In Plist you need to add CFBundleURLTypes CFBundleURLNameyourbundleidentifierCFBundleURLSchemesyourappname – Charan Giri Jan 03 '14 at 12:14
  • your SMS should be like "appname://data/OTP" ex: appname://data/1234 – Charan Giri Jan 03 '14 at 12:15
  • @CharanGiri Im also need same type of behaviour, Im sending a phone number to my web service, and they are sending the OTP msg like "Your requested OTP is 123 and valid till ......." So Now how can i read it from My app. Could u plz explain me with some steps.. – siva krishna Nov 26 '15 at 05:21
  • @sivakrishna just send the OTP message as appname://OTP-valid till time/ as SMS... once you receive the message just click on the SMS it will redirect to your application. Now important part is you need to validate/ write some piece of code to split the OTP and valid till timestamp. once you split it you are ready to use OTP. In the above code try to see what is there in "commonString" for you, from here your logic of splitting starts – Charan Giri Nov 27 '15 at 05:54
  • @CharanGiri Thanks for reply, But I hope it is not the correct way, Until and unless user clicked on SMS we are unable to get OTP. I think There should be another way like "whatsApp" did. Let me know if any procedure.. – siva krishna Nov 30 '15 at 04:31