0

I am trying to add Phone Authentication of Firebase in my android application, it works fine with all the otp and stuff but there are two problems I am having.

The first problem: OTP verification webpage The following picture will clear the problem- otp webpage

Before getting an OTP, this webpage shows up which is not really user friendly. The user won't like this redirecting webpage scenario every time he is getting an OTP. How to disable or hide this webpage? I don't want it to go the browser first and then return back to the app, this may destroy the activity which is an issue for low-ram phones. I researched about it and I found some questions here too. But they are all old questions, the answers are different and those answers don't work now. For example, in this question how-to-disable-recaptcha-in-firebase-phone-auth-otp-android, they said that using Android Device Verification api will disable the verification webpage. But that api is decapitated now, also the Google Play Integrity API doesn't work as well. I added SHA-1 and SHA-256 in my project, the problem still there. I tried to find the App Check with the SafetyNet option but I can't find it in my project setting, seems like that has been decapitated too. I desperately need updated solution and I hope that I will find some here because I'm out of ideas at this point.

The second problem: Unusual Activity

My application is a chat app, people need to sign up and sign in all the time. I added the phone auth option to sign in to the app, but if I sign in using the same phone number (which is normal, user will have only one or two phone number) for two or three times I get this message- unusual activity

How to solve this unusual activity problem? I am using a real phone with a real phone number still it says unusual activity, if user can't sign in to his profile after two or three times or need to wait for some time to sign in then how is that user friendly? Help me solve this problem please.

These are the two problems I am having, I hope I will get some right answers. Thank you.

Newbie_programmer
  • 63
  • 9

1 Answers1

1

Thanks for asking! Looks like you are new to Firebase Authentication. I will clear your doubts about Firebase Phone Authentication.

Q. How to hide ReCaptcha Web Page during Firebase Phone Authentication?
A. This ReCaptcha page is the default security page in the Firebase Phone Authentication. Firebase provides "App Check", which helps your app from abuse by preventing unauthorised clients from accessing your backend resources (AppCheck docs). The App Check identifies your genuine app instance, (The one that is downloaded from official Google Play Store). To add the Firebase AppCheck in your Android app, follow the steps given on official Firebase Documentation. Once, you have added the AppCheck, this ReCaptcha WebPage will be gone automatically.

Q. Cannot login after many attempts?
A. This is the feature built in to the Firebase Phone Authentication to protect your resources. There can be something 3 to 4 authentications within 1 hour. If user exceeds this limit, the Firebase blocks all the requests from the client. The workaround for this is to use the testing phone numbers which do not have this protection. To add the testing phone number follow the documentation given here.

For any issue, follow the documentation for Firebase Phone Authentication which is given here.

Shagun Verma
  • 163
  • 1
  • 9
  • Do I need to pay 25 dollars for adding AppCheck to my app? Since it's connected to Google Console? It's actually a class project that I'm working on. – Newbie_programmer Jul 29 '23 at 11:04
  • Yes. But, If you don't want to pay $25 to Google Play Console, then you can try adding testing phone numbers like for Indian Users- +91 9999999999 and OTP as 123456. – Shagun Verma Jul 29 '23 at 11:40
  • If you are a student, then adding test phone number would be great choice. – Shagun Verma Jul 29 '23 at 11:41
  • You can also add AppCheck using your debug App fingerprints (SHA-1 & SHA-256). Go to AppCheck tab and select your app and click register. – Shagun Verma Jul 29 '23 at 11:42
  • Where is this AppCheck tab? I did add fingerprints tab but I couldn’t find AppCheck tab in my project setting in Firebase. – Newbie_programmer Jul 29 '23 at 11:50
  • Go the Build section on the left hand side. Find the AppCheck under the Build section. – Shagun Verma Jul 29 '23 at 11:54
  • On the AppCheck Page, Click on the Apps tab. – Shagun Verma Jul 29 '23 at 11:55
  • You will able to see your app there. – Shagun Verma Jul 29 '23 at 11:55
  • You will also need to add the firebase app check dependancy in your build.gradle file. implementation 'com.google.firebase:firebase-appcheck-playintegrity' – Shagun Verma Jul 29 '23 at 11:56
  • Add these three lines of code FirebaseApp.initializeApp(this); FirebaseAppCheck firebaseAppCheck = FirebaseAppCheck.getInstance(); firebaseAppCheck.installAppCheckProviderFactory(PlayIntegrityAppCheckProviderFactory.getInstance()); – Shagun Verma Jul 29 '23 at 11:57
  • Thank you. Do I need to add the Google Play Integrity API too since the safety net is showing decapitated in the App Check option. – Newbie_programmer Jul 29 '23 at 13:51
  • You're Welcome. Yes SafetyNet is deprecated. You can register your App in AppCheck Google Play Integrity API using your debug finger prints. Simply register by Google Play Integrity API. – Shagun Verma Jul 31 '23 at 09:06
  • You can use any one Play Integrity or Safety Net. I suggest you use the latest Play Integrity API. – Shagun Verma Jul 31 '23 at 09:08
  • I tired to add these three line - FirebaseApp.initializeApp(this); FirebaseAppCheck firebaseAppCheck = FirebaseAppCheck.getInstance(); firebaseAppCheck.installAppCheckProviderFactory(PlayIntegrityAppCheckProviderFactory.getInstance()); but the last line which is firebaseAppCheck.installAppCheckProviderFactory(PlayIntegrityAppCheckProviderFactory.getInstance()); shows error. – Newbie_programmer Jul 31 '23 at 11:59
  • Add the dependency for Play Integrity API in your app's module build.gradle file. – Shagun Verma Aug 01 '23 at 11:48
  • implementation platform('com.google.firebase:firebase-bom:32.2.0') implementation 'com.google.firebase:firebase-appcheck-playintegrity' – Shagun Verma Aug 01 '23 at 11:48
  • I did already, seems like PlayIntegrityAppCheckProviderFactory is some sorta of class that I need to create inside the code. – Newbie_programmer Aug 01 '23 at 12:22
  • Try adding import com.google.firebase.appcheck.playintegrity.PlayIntegrityAppCheckProviderFactory; – Shagun Verma Aug 02 '23 at 05:52
  • No, it isn't any extra class, it is actually the class inside the com.google.firebase.appcheck.playintegrity package. – Shagun Verma Aug 02 '23 at 05:53