Using Google reCAPTCHA in Android Application
In this tutorial, we will learn the working process of Google reCaptcha and integrate it in our Android application. Google’s reCaptcha protects our application from malicious traffic. It is implemented using SafetyNet API.
Working of Google reCaptcha
The Google reCAPTCHA is validated by calling the network calls between Android application, SafetyNet server and your server:
- An Android app makes a request with Site Key to SafetyNet server for reCAPTCHA validation.
- The SafetyNet server generates the response by captcha token to the Android app using Site key.
- Captcha token is sent to your server for validating using the Secret key.
- Your android server makes a request to SafetyNet for validating captcha token using the Secret key.
- SafetyNet verifies the token response and returns the result as a success or a fail.
- Your Android server notifies the Android app by validating token and returns the result as a success or a fail.
Generating the reCAPTCHA Site key and Secret key:
Before creating the API keys, read the API terms of services https://developers.google.com/terms/ carefully.
- Sign-up the Android reCAPTCHA site https://g.co/recaptcha/androidsignup .
- Provide the input details of label, package name and accept the reCAPTCHA terms and Service.
Label: It is a unique label for your key. You can use the name of your company or organization.
Package Name: It is the package name of your android application.
- The Site key, Secret key, client-side integration code, and server-side code are generated at next page.
Android example of integrating Google reCAPTCHA
Let’s create an example of integrating Google reCAPTCHA in our Android application.
build.gradle
Add the following SafetyNet and Volley dependencies in build.gradle file.
AndroidManifest.xml
Add the internet permission in AndroidManifest.xml file.
activity_main.xml
Add the following code in activity_main.xml file.
MainActivity.java
Add the following code in the MainActivity.java class file. In this class, we make the client side integration with SafetyNet server and get the response in JSON String.
Replace the value of SITE_KEY and SECRET_KEY with your actual Site Key and Secret Key. When clicking on the button, it calls the SafetyNet.getClient() method to get the Site Key, if returns success than call handleSiteVerify() for token verify.
The Volley library is used for the following purpose:
- The RequestQueue of Volley library maintains the server calls in a queue.
- StringRequest is used to get the response as JSON String from your server.
- The setRetryPolicy() method retry the server call if it fails within the time limit.
Output: