Autofill not working in release apk.

[amitturakSDN]

Hello Team,

I am using this library for SMS autofill in my React Native app. Everything works perfectly in the debug APK, but when I generate a release APK, the SMS autofill does not work.

Here’s a snippet of my implementation:

useEffect(() => { RNAndroidOtpVerify.getHash() .then((hash) => { console.log("App hash:", hash); Alert.alert("App hash", JSON.stringify(hash)); }) .catch((error) => { Alert.alert("App hash error", JSON.stringify(error)); console.error("Failed to get app hash:", error); }); }, []);

What I’ve tried: Confirmed the getHash() works correctly in debug mode.

Added runtime permission request for RECEIVE_SMS and READ_SMS.

Verified that the app hash is being logged in debug, but not showing in release.

Ensured the SMS format is correct and includes the hash.

Checked ProGuard settings and even tried disabling minification.

Despite all of this, the OTP does not autofill in the release build.

Additional Info: Device: Android (multiple devices tested)

React Native version: 0.73.4

Library version: ^1.1.8

Build tools: Using ./gradlew assembleRelease

Any help or guidance on resolving this would be appreciated. Please let me know if you need more details or a sample project.

[hiteshawasthi11]

+1

[amitturakSDN]

Any updates on issue ?

[avinashpandey-sdn]

Same issue

[hiteshawasthi11]

I found the solution: One of the most common errors you might run into is that the hash of your Android application's package signature doesn't match the app hash that you send in your SMS message. If these two don't match, the Android application will not be able to read the incoming SMS from your inbox, and the verification process will never complete.

Generate a release build with this code and copy the release hash and use that. const hash = await getHash() Alert.alert("Hash", JSON.stringify(hash))

[amitturakSDN]

I have already used that code. Yes, the hash keys are different for the debug and release builds. The OTP autofill works fine in the debug build, but it is not working in the release build. Could you please confirm if any changes have been made recently?

useEffect(() => { RNAndroidOtpVerify.getHash() .then((hash) => { console.log("App hash:", hash); Alert.alert("App hash", JSON.stringify(hash)); }) .catch((error) => { Alert.alert("App hash error", JSON.stringify(error)); console.error("Failed to get app hash:", error); }); }, []);

[hiteshawasthi11]

@amitturakSDN Use the release hash with sms, it will work

[amitturakSDN]

Yes, I am already using the Release hash key, but it is not working. I have also added the following permissions:

Additionally, I have included the following lines in proguard-rules.pro:

-keep class com.reactnativeotpverify.** { ; } -keep class com.google.android.gms.auth.api.phone.* { ; } -keep class com.google.android.gms.common.* { *; }

but still not working.

Please let me know if you did any other changes

[beshoo]

@amitturakSDN any update i have the same problem!

[hazemelshaterr]

did you generate the release hashkey ?

[ghulam-adil]

I am also getting the same problem, is there any solution? I have used the release hash already but still same problem, please help I am stuck.

[renishmithani]

+1

[maneeswarmutyala]

If your app is on the Alpha, Beta, or Production track in the Play Store and uses Google Play App Signing:

Follow Google’s official guide here: SMS Retriever – Verify your app

# 1. Download deployment_cert.der from Play Console (App signing certificate)

# 2. Import certificate into a temporary keystore
keytool -importcert -file deployment_cert.der -keystore temporary.keystore -alias PlayDeploymentCert

# 3. Export cert and convert to hex string
keytool -exportcert -keystore temporary.keystore -alias PlayDeploymentCert | xxd -p | tr -d "[:space:]"

# 4. Generate final hash (replace PACKAGE.NAME and OUTPUT_FROM_STEP_3)
echo -n "PACKAGE.NAME OUTPUT_FROM_STEP_3" | sha256sum | awk '{print $1}' | xxd -r -p | base64 | cut -c1-11

Notes Ignore the % at the end of Step 3 output. Add one space between the package name and the Step 3 output.

Worked fine for me. Thanks

[ebrimasamba]

Try this alternative if you are on the new architecture or expo https://www.npmjs.com/package/@ebrimasamba/react-native-sms-retriever

[MarcosCunhaDev]

If your app is on the Alpha, Beta, or Production track in the Play Store and uses Google Play App Signing:

Follow Google’s official guide here: SMS Retriever – Verify your app

1. Download deployment_cert.der from Play Console (App signing certificate)

2. Import certificate into a temporary keystore

keytool -importcert -file deployment_cert.der -keystore temporary.keystore -alias PlayDeploymentCert

3. Export cert and convert to hex string

keytool -exportcert -keystore temporary.keystore -alias PlayDeploymentCert | xxd -p | tr -d "[:space:]"

4. Generate final hash (replace PACKAGE.NAME and OUTPUT_FROM_STEP_3)

echo -n "PACKAGE.NAME OUTPUT_FROM_STEP_3" | sha256sum | awk '{print $1}' | xxd -r -p | base64 | cut -c1-11 Notes Ignore the % at the end of Step 3 output. Add one space between the package name and the Step 3 output.

Worked fine for me. Thanks

This solution worked for me! I had to follow these exact steps to generate a hash for the release version. Something that wasn't clear for me it was that we have to generate different hashes to work with different versions of the app (considering the env and also if is the release/debug apk version).