6

I am trying to implement Sms Retriever for fetching an otp from user mobile without having any SMS permission.

Initially, I have generated a hash key with the keystore(.jks) by using keytool as described here

when I signed the apk with this keystore and received the SMS with this hashkey, it is working properly.

But After uploaded the app to google play store, the SMS receiver is not working .we have enabled google app signing to sign the app. I found that Google will remove the uploaded signature, a key for the apps using google app signing as described here. So, I was trying to add the google app signing certificate to the uploaded keystore with the alias name for creating new hashkey.But I am unable to add the app signing certificate to the keystore with alias name.

Any suggestions to generate the hashkey with app signing certificate for sms retriever?

Ajay Jayendran
  • 1,584
  • 4
  • 15
  • 37

4 Answers4

5

When Google's App Signing enable 11 char hash will be generated without alias

i.e SMS Retrieve API

The following command computes the hash string from your app's production keystore:

keytool -exportcert -alias MyAndroidKey -keystore MyProductionKeys.keystore | xxd -p | tr -d "[:space:]" | echo -n com.example.myapp `cat` | sha256sum | tr -d "[:space:]-" | xxd -r -p | base64 | cut -c1-11

in the above command hash is generating based on MyAndroidKey alias (-alias MyAndroidKey).

Try generating hash without alias for Google APK Sign Enabled

i.e 

keytool -exportcert -keystore MyProductionKeys.keystore | xxd -p | tr -d "[:space:]" | echo -n com.example.myapp `cat` | sha256sum | tr -d "[:space:]-" | xxd -r -p | base64 | cut -c1-11
Suresh
  • 1,199
  • 2
  • 12
  • 36
  • Hi, can you please help me regarding this? https://stackoverflow.com/questions/51365778/how-to-generate-11-char-hash-key-for-sms-retriever-with-google-app-signing – Farhan Farooqui Jul 16 '18 at 16:22
  • Getting 'xxd' is not recognized as an internal or external command, operable program or batch file. Please help on this. Thanks in advance – sandeepmaaram Oct 23 '18 at 11:43
  • @SandeepReddyM are fixing above issue? – rafeek Oct 29 '18 at 08:56
  • Thanks @Suresh, it working but it generating 28 digit hash. I need 11 digit hash for SMS Retrieval API – sandeepmaaram Oct 31 '18 at 07:20
  • @Suresh Please help me on this. If I generate 11 digit hash by using 'AppSignatureHelper' does it work after uploading to playstore.? Thanks in advance – sandeepmaaram Nov 27 '18 at 10:13
  • @Suresh I trying to generate it in windows machine, but it's not worked says xxd, tr, ... is not recognized at internal or external command. How to fix that issue ? – Ankit Kumar Singh Dec 03 '18 at 07:50
  • @AnkitKumarSingh i did with Mac, so i didnt face issue. Check this https://superuser.com/questions/497953/convert-hex-dump-of-file-to-binary-program-file-on-windows – Suresh Dec 04 '18 at 06:40
  • @AjayJayendran I'm passing keystore file path inMyProductionKeys.keystore. Do we've to pass keystore file path or certificate path in MyProductionKeys.keystore ? I've tried the same thing, it is not working when i download the apk from playstore. – Rajesh Jan 04 '19 at 13:59
  • @AjayJayendran I'm checking this in Internal Testing release in Play store. Is this the reason ? And this is not working in debug or release mode and downloading from playstore. Previously, I used to generate hashkey using AppSignatureHelper class, it used to work in debug and release mode but not when i download apk from playstore. – Rajesh Jan 04 '19 at 14:59
  • Yeah...I've fixed it....check this https://github.com/googlesamples/android-credentials/issues/30 – Rajesh Jan 18 '19 at 09:25
  • hi, after entering keystore password terminal retursn -bash: echo: write error: Broken pipe, any idea ? – Nininea Apr 21 '20 at 10:50
1

Since, Play App is also signing app so we have to generate a .jks file and we'll have to use this .jks file produced by the deployement_cert.der (Downloaded from Google play console), for getting the 11 char hash code. follow the steps:

The .jks file is required to generate the 11 char hash code,

To create .jks file

  1. Download .der file from google play console.

    https://i.stack.imgur.com/KUK6i.png

  2. To create .jks file from the downloaded certificate (deployment_cert.der ) use this command:

keytool -importcert -alias YOUR_ALIAS -file deployment_cert.der -keystore app_keystore.jks -storepass YOUR_KEYSTORE_PWD

It will generate a app_keystore.jks file.

3. Then use the generated keystore for generating the 11 char hashcode.

keytool -exportcert -alias YOUR_ALIAS -keystore app_keystore.jks | xxd -p | tr -d "[:space:]" | echo -n COM.EXAMPLE.MYAPP cat | sha256sum | tr -d " [:space:]-" | xxd -r -p | base64 | cut -c1-11

Arjun Saini
  • 21
  • 2
0

This issue created in GitHub, alongwith various comments for androidcredentials repo sounds promising to solve this problem.

Here is the link for the exact comment by a user. I haven't tried it myself but after trying all the solutions above and below this comment, and finding none of them worked for me, I think this one is the last option and as it utilises AppSignatureHelper class for generating hash, it creates a dynamic hash, different for debug, release, and PlayStore builds

The reason I haven't been able to try it till now is because of long time taken by the PlayStore version to come live.

Its been hours and update has not gone live till now. Try it on yourself once and tell me if it works or not. I will update the answer as soon as I try this solution on my end too.

Divya Gupta
  • 494
  • 8
  • 24
0

Finally I have found solution for SMS retriever api wont read OTP from SMS automatically in release build using below script.

download this file https://github.com/michalbrz/sms-retriever-hash-generator/blob/master/google_play_sign.rb

Change this code in script

--package NAME Your app package, e.g com.test.app

--google-play-key KEY_PATH Google Play public key (in DER format) used to sign release app

--keystore KEYSTORE_PATH Path to keystore (.jks file)

--keystore-password PASSWORD Password to the keystore - required only when option "--keystore" is specified

--key-alias KEY_ALIAS Alias of key in the keystore - required only when option "--keystore" is specified

Then run below command

ruby google_play_sign.rb --package com.your.app --google-play-key deployment_cert.der

kailash barochiya
  • 304
  • 2
  • 11