There is a cheap hack (free) that you can use but it can be faked by the user, assuming the user has control of the typed phone number.
So you should use it only if you're comfortable with power users with ill-intentions working around it in some cases.
The idea here is that the cost of the SMS send will move to the user rather than your servers. A single SMS is free in most countries today, or very cheap in some of them, so a disclaimer such as "Carrier charges may apply" should cover you.
You'll need to implement the SMS Retriever API flow according to the tutorial but when it says to send an SMS from your server, you should instead have the user send that SMS from their own device:
Intent intent = new Intent( Intent.ACTION_VIEW, Uri.parse( "sms:" + inputNumber));
intent.putExtra( "sms_body", otpContents);
startActivity(intent);
Or using SmsManager if your app has permission to send SMS.
The rest of the SMS Retriever flow should happen as in the tutorial, allowing your app to verify the user-input number was sent and received by the user.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
