How To Integrate Google's reCaptcha Validation In Android

Mushtaq M A
Feb 20, 2020

21.6k
0
5
- facebook
- twitter
- linkedIn
- Reddit
- WhatsApp
- Email
- Print
- Other Artcile

Introduction

In this article, we will learn what reCaptcha is for Android and how to integrate the same to Android apps.

This option is provided by Google. Google’s reCaptcha API protects your app from malicious traffic and it is integrated with your Android apps using SafetyNet API. The service is free to use and it will show a Captcha to be solved if the engine suspects user interaction to be a bot instead of a human.

How does it work?

The following points explain the simple flow of reCaptcha in Android with SafetyNet API.

We need to get the site key pair from SafetyNet by registering our app.
We will get Site Key and get user response token from SafetyNet server using SafetyNet API in Android.
Then, validate the token with the SafetyNet server using the curl commands and site key.

Registering your App with SafetyNet Server

Open the reCaptcha site from the following link.

https://www.google.com/recaptcha/admin#list

Go to Register New Site section and select Option reCAPTCHA Android. The following figure explains the same.

Figure 1

Then, add your Package Name in Package Names Section as shown in the above figure. We can add multiple apps and each can be separated by hitting Enter or new line.
Check or select the "Accept Terms" Checkbox and click the Register button. The following figure shows the same.

Figure 2

Then, you will get the site key and secret key from SafetyNet API Server and it as well as shows client and server-side integration code snippets. The following figures show the same.

Figure 3

Figure 4

I have divided this implementation into 4 steps, as shown in the following.

Step 1: Creating a New Project with Android Studio
Step 2: Setting up the library and AndroidManifest for the project.
Step 3: Implementation of the SafetyNet API.
Step 4: Captcha Response Token Validation.

Step 1 - Creating a New Project with Android Studio

Open Android Studio and select "Create New Project".
Name the project as you wish and select your activity template.
Click the “Finish” button to create a new project in Android Studio.

Step 2 - Setting up the library and AndroidManifest for the project

Add Google Play service library dependency in your app level build.gradle file. Here, I used the following dependency. You can change as per your Android SDK.
1. implementation 'com.google.android.gms:play-services-safetynet:15.0.1'
2. implementation 'com.android.volley:volley:1.1.0’
Then, click “Sync Now” to add the library.
Now, open your App Manifest file (AndroidManifest.xml) and add the following permission.
1. <uses-permission android:name="android.permission.INTERNET" />

SafetyNet library is used to create the Captcha Validation in Android.

Volley Library is an HTTP Networking Library used here for validating Captcha Response.

Step 3 - Implementation of SafetyNet API:

Add the following to get the Captcha Token from SafetyNet Server.
1. SafetyNet.getClient(this).verifyWithRecaptcha(SITE_KEY)
2. .addOnSuccessListener(this, new OnSuccessListener<SafetyNetApi.RecaptchaTokenResponse>() {
3. @Override
4. public void onSuccess(SafetyNetApi.RecaptchaTokenResponse response) {
5. if (!response.getTokenResult().isEmpty()) {
6. handleCaptchaResult(response.getTokenResult());
7. }
8. }
9. })
10. .addOnFailureListener(this, new OnFailureListener() {
11. @Override
12. public void onFailure(@NonNull Exception e) {
13. if (e instanceof ApiException) {
14. ApiException apiException = (ApiException) e;
15. Log.d(TAG, "Error message: " +
16. CommonStatusCodes.getStatusCodeString(apiException.getStatusCode()));
17. } else {
18. Log.d(TAG, "Unknown type of error: " + e.getMessage());
19. }
20. }
21. });

Replace “SITE_KEY” with your appropriate “Site Key” get from SafetyNet API while registering app.
The API will check the Server and it has a separate callback from success and failure.
At Success, we will get Captcha Response Token which will be used to validate the user interaction is made by a bot or real human.
We will discuss how to validate the token with SafetyNet API Server in the next step.

Step 4 - Captcha Response Token Validation

We have to verify the token getting from the server using the secret key.
It can achieve by using the following.

API Link - https://www.google.com/recaptcha/api/siteverify
Method - POST
Params – secret, response (We have to pass the “SECRET_KEY” and “TOKEN” respectively)

Volley Library is used to verify the same.
1. String url = "https://www.google.com/recaptcha/api/siteverify";
2. StringRequest request = new StringRequest(Request.Method.POST, url,
3. new Response.Listener<String>() {
4. @Override
5. public void onResponse(String response) {
6. try {
7. JSONObject jsonObject = new JSONObject(response);
8. if(jsonObject.getBoolean("success")){
9. tvVerify.setText("You're not a Robot");
10. }
11. } catch (Exception ex) {
12. Log.d(TAG, "Error message: " + ex.getMessage());
14. }
15. }
16. },
17. new Response.ErrorListener() {
18. @Override
19. public void onErrorResponse(VolleyError error) {
20. Log.d(TAG, "Error message: " + error.getMessage());
21. }
22. }) {
23. @Override
24. protected Map<String, String> getParams() {
25. Map<String, String> params = new HashMap<>();
26. params.put("secret", SITE_SECRET_KEY);
27. params.put("response", responseToken);
28. return params;
29. }
30. };
31. request.setRetryPolicy(new DefaultRetryPolicy(
32. 50000,
33. DefaultRetryPolicy.DEFAULT_MAX_RETRIES,
34. DefaultRetryPolicy.DEFAULT_BACKOFF_MULT));
35. queue.add(request);

Volley has

RequestQueue to maintain the server calls in queue.
RetryPolicy to retry the service call if it is fail with TimeOut and Retry Count. We can change those values.
StringRequest is used for getting Response as JSON String.
Method.POST denotes the call as the POST method.
Params are passed to the server using Map, HashMap.

The SafetyNet API provides the response respective to the parameters passed and the success is Boolean Datatype.

We can learn more about volley library in the future.

Full Code

You can find the full code implementation of the API.

public class MainActivity extends AppCompatActivity implements View.OnClickListener {
Button btnVerify;
TextView tvVerify;
String TAG = MainActivity.class.getSimpleName();
String SITE_KEY = " SITE_KEY";
String SITE_SECRET_KEY = " SITE_SECRET_KEY";
RequestQueue queue;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
btnVerify = findViewById(R.id.btn_verify);
tvVerify = findViewById(R.id.tv_verify);
btnVerify.setOnClickListener(this);
queue = Volley.newRequestQueue(getApplicationContext());
}
@Override
public void onClick(View view) {
SafetyNet.getClient(this).verifyWithRecaptcha(SITE_KEY)
.addOnSuccessListener(this, new OnSuccessListener<SafetyNetApi.RecaptchaTokenResponse>() {
@Override
public void onSuccess(SafetyNetApi.RecaptchaTokenResponse response) {
if (!response.getTokenResult().isEmpty()) {
handleCaptchaResult(response.getTokenResult());
}
}
})
.addOnFailureListener(this, new OnFailureListener() {
@Override
public void onFailure(@NonNull Exception e) {
if (e instanceof ApiException) {
ApiException apiException = (ApiException) e;
Log.d(TAG, "Error message: " +
CommonStatusCodes.getStatusCodeString(apiException.getStatusCode()));
} else {
Log.d(TAG, "Unknown type of error: " + e.getMessage());
}
}
});
}
void handleCaptchaResult(final String responseToken) {
String url = "https://www.google.com/recaptcha/api/siteverify";
StringRequest request = new StringRequest(Request.Method.POST, url,
new Response.Listener<String>() {
@Override
public void onResponse(String response) {
try {
JSONObject jsonObject = new JSONObject(response);
if(jsonObject.getBoolean("success")){
tvVerify.setText("You're not a Robot");
}
} catch (Exception ex) {
Log.d(TAG, "Error message: " + ex.getMessage());
}
}
},
new Response.ErrorListener() {
@Override
public void onErrorResponse(VolleyError error) {
Log.d(TAG, "Error message: " + error.getMessage());
}
}) {
@Override
protected Map<String, String> getParams() {
Map<String, String> params = new HashMap<>();
params.put("secret", SITE_SECRET_KEY);
params.put("response", responseToken);
return params;
}
};
request.setRetryPolicy(new DefaultRetryPolicy(
50000,
DefaultRetryPolicy.DEFAULT_MAX_RETRIES,
DefaultRetryPolicy.DEFAULT_BACKOFF_MULT));
queue.add(request);
}
}

Demo

You can find the demo on YouTube.

Download Code

You can download the full source code of the article from GitHub. If you like this article, do star the repo in GitHub.

Recommended Free Ebook

Printing in C# Made Easy

Download Now!