Are google and huawei hash codes for SMS Retriever API calculated the same way?

Question

We've got an android app with sms login feature. When user gets an sms message in the format of, for example "Your auth code: 1234 KLa37su2s0g", then the code "1234" is automatically inserted in the code prompt field.

For android devices with google services we use google's SMS Retriever API. For huawei devices (which dont support google services) we use Huawei SMS Retriever API.

The main issue is that we get different hash codes (in the above example: "KLa37su2s0g") for google and huawei SMS Retriever APIs when trying to calculate those hash codes for release builds.

So the question is: do these sms hash codes should be the same or different for google and huawei?

Answer 1

There is no problem with the difference between the hash codes of the SMS messages provided by Google and Huawei.

The hash_value field in the SMS message is generated by the HMS Core SDK to uniquely identify the current application. Huawei hash codes are generated by the HMS Core SDK.

Answer 2

For Google SMS Hashcode: https://developers.google.com/identity/sms-retriever/verify#computing_your_apps_hash_string

1. Convert the certificate used to sign the app to lower-case hex string
2. Append that hex string to the app package name, separated by a single space
3. Compute the SHA-256 of the combined string and convert the result to a Base64 string
4. The first 11 characters of the Base64 string is the hash to use in the SMS

For HMS SMS Hash code: You get your hash value by implementing the following class:

public class hashcodeHMS extends ContextWrapper {
    public static final String TAG = hashcodeHMS.class.getSimpleName();
 
    public hashcodeHMS(Context context) {
        super(context);
    }
 
    public MessageDigest getMessageDigest() {
        MessageDigest messageDigest = null;
        try {
            messageDigest = MessageDigest.getInstance("SHA-256");
        } catch (NoSuchAlgorithmException e) {
            Log.e(TAG, "No Such Algorithm.", e);
        }
        return messageDigest;
    }
 
    public String getSignature(Context context, String packageName) {
        PackageManager packageManager = context.getPackageManager();
        Signature[] signatureArrs;
        try {
            signatureArrs = packageManager.getPackageInfo(packageName, PackageManager.GET_SIGNATURES).signatures;
        } catch (PackageManager.NameNotFoundException e) {
            Log.e(TAG, "Package name inexistent.");
            return "";
        }
        if (null == signatureArrs || 0 == signatureArrs.length) {
            Log.e(TAG, "signature is null.");
            return "";
        }
        Log.e("hashhms =>", signatureArrs[0].toCharsString());
        return signatureArrs[0].toCharsString();
    }
 
    public String getHashCode(String packageName, MessageDigest messageDigest, String signature) {
        String appInfo = packageName + " " + signature;
        messageDigest.update(appInfo.getBytes(StandardCharsets.UTF_8));
        byte[] hashSignature = messageDigest.digest();
        hashSignature = Arrays.copyOfRange(hashSignature, 0, 9);
        String base64Hash = Base64.encodeToString(hashSignature, Base64.NO_PADDING | Base64.NO_WRAP);
        base64Hash = base64Hash.substring(0, 11);
        return base64Hash;
    }
}