1

I'm trying to implement google reCaptcha following this guide from google developers site. My code:

private fun onClick() {
    SafetyNet.getClient(this).verifyWithRecaptcha(CAPTCHA_KEY)
            .addOnSuccessListener(this) { response ->
                if (!response.tokenResult.isEmpty()) {
                    verify(response.tokenResult)
                }
            }
            .addOnFailureListener(this) { e ->
                if (e is ApiException) {
                    Log.d("asd", "Error message: " + CommonStatusCodes.getStatusCodeString(e.statusCode))
                } else {
                    Log.d("asd", "Unknown type of error: " + e.message)
                }
            }
}

On emulator its work fine. When i click on button, reCaptcha show dialogs with several images where user should pick all images with cars, gidrants etc.

But, on real device. After i click on button, i always receive onSuccess callback, and the dialog never shown.

Maybe somebody know what the problem i faced?

Phantômaxx
  • 37,901
  • 21
  • 84
  • 115
Darthoo
  • 301
  • 1
  • 2
  • 14

1 Answers1

4

Per the documentation:

If reCAPTCHA is confident that this is a real user on a real device it will return a token with no challenge. Otherwise it will provide a visual/audio challenge to attest the humanness of the user before returning a token.

"No challenge" means no reCAPTCHA. With reference to your real device, Google is apparently already satisified as to your humanness, and does not require further confirmation.

verifyWithRecaptcha() is operating as designed.

greeble31
  • 4,894
  • 2
  • 16
  • 30
  • Thank you very much for your help – Darthoo Oct 22 '18 at 15:01
  • @greeble31 can you tell how reCAPTCHA decides on the device it's real user – Ando Masahashi Mar 11 '19 at 09:47
  • @AndoMasahashi I could only guess. – greeble31 Mar 11 '19 at 14:36
  • Can you please share your thoughts – Ando Masahashi Mar 11 '19 at 14:48
  • @AndoMasahashi Perhaps Google uses the result of a series of human intelligence challenges to build up a profile, which is tracked based on IP address in conjunction with a pseudonymous identifier (cookie or mobile advertising ID). If their server believes the client is likely human, based on this profile, then there's no need for a reCAPTCHA; the client will be issued an authentication token directly. – greeble31 Mar 11 '19 at 18:50